last executing test programs:

5m26.568641804s ago: executing program 1 (id=2934):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

5m25.579687144s ago: executing program 1 (id=2942):
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x2}, {0x10000002, 0x0, 0x0, 0xc}], 0x10, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x64, &(0x7f0000000000), 0x10)
sendmsg$inet(r0, &(0x7f0000000140)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001940)='{', 0xffc0}], 0x1}, 0x80d1)
close(0x3)

5m25.457654754s ago: executing program 1 (id=2945):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000020000000000000000000095"], &(0x7f0000000340)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0xf, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0, 0x0, 0x800000000}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@cgroup=r1, 0x2b, 0x0, 0x0, &(0x7f00000005c0)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)

5m25.279153666s ago: executing program 1 (id=2949):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000d40)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="150000000800000008"], 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r4}, 0x10)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r5}, 0x8)
close(r6)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r3, 0x0, 0x0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r7)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x8, 0xf, &(0x7f0000000c80)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r8, 0x0, 0x0}, 0x10)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r2, &(0x7f0000001340)='~', 0x0}, 0x20)

5m25.117942067s ago: executing program 1 (id=2953):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x8, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000500000000000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
socket$packet(0x11, 0x3, 0x300)

5m24.811693257s ago: executing program 1 (id=2958):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0x5)
recvmmsg(r1, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffc4c, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0)
close(0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0xa, 0x1, 0x8010000000000084)
socket$kcm(0x10, 0x2, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x87}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)}], 0x1}}], 0x1, 0x0)

5m9.642161134s ago: executing program 32 (id=2958):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0x5)
recvmmsg(r1, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffc4c, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0)
close(0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0xa, 0x1, 0x8010000000000084)
socket$kcm(0x10, 0x2, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x87}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)}], 0x1}}], 0x1, 0x0)

8.780934389s ago: executing program 4 (id=5297):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x2, 0x3, 0x1, 0x0, 0x36}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0x4, @mcast2, 0x5}, 0x1c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB], 0x25c}}, 0x0)

6.666184413s ago: executing program 4 (id=5318):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x42, 0x40, 0xc2, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)="cb423a11b33192d673ba4c831a9adca48ca7eb0d2f073f36dfc3a94144bfd9d81639fd65ac4e557e12e7b0d2dfea051a7b440ade19d879e209596bf44477ecf6370e0133e541ef9f9e3631dde33dabf7842deb7a72c3ffe0f611062628683e3db2c685af", &(0x7f0000000640), 0x1003, r0}, 0x38)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)="af", 0x0, 0x2, r0}, 0x38)

6.643131155s ago: executing program 0 (id=5319):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000f00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x14, 0x3, 0x8, 0x101, 0x0, 0x0, {0x5}}, 0x14}}, 0x0)

6.462053848s ago: executing program 0 (id=5323):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'ip6gre0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
r3 = socket$key(0xf, 0x3, 0x2)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
sendmsg$inet(r4, 0x0, 0x0)
r5 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r3}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x20, &(0x7f0000000380)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}}, @initr0={0x18, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xb}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x40}, @tail_call]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000180)=0x25, 0x4)
bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000b40)=ANY=[@ANYBLOB="1d00000004000000020000000000000001020000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="01006e4ca70000000000000000000000000000000000000000000000cb059a39a0519747c4a5aff2dc37b99698554cd83023ba204e155a42a28fefe81173f56585cc735c99c2a1537f9b0535ce91185af26952917702eb45e8db1c088c6b92812ced02ceac706a6f3742c186db5d92736949b7f2edb03f44bcafb81085832f4b89022fea317acbe8bf06b666d638e94ccaac862ab43cdc17e8eccb8d8622e2f60320d2e3901ab0b8789424e9e776ba8c2174d19c98687cbab0bf2c760693a13e9d4e9162a3ef1cd021d1a95d2c40be2bd0b6b82f24dd703dbbfc078f0136442e9eafdec966e3f25944ba235379842bfb78b46183a5f60818baa797dcea6f597ec50127166c64cb8b2eb11aedcf9d9e494ddffbadf52efed59c4b9a45647fa5157288f3e716d8acc7be6b997adcf4786af7404f059267867b5309ad9681f0637cd5393563710e73b66f9ec69463e5186849ab5e686157df579db5356720bdc94b1e138e0b7d24547b95f9ae112eb60048b6"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={0x0, &(0x7f0000000a40)=""/208, 0x136, 0xd0, 0x0, 0xfc5b, 0x10000, @value=r5}, 0x28)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x37, 0x800000, 0x8, 0x9, 0x8000})
write$bt_hci(r7, &(0x7f0000000080)=ANY=[], 0x6)

6.390469657s ago: executing program 2 (id=5324):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, 0x0, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20)
setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmmsg(r2, &(0x7f0000001a00)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x80000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}], 0x1, 0x0)

6.378168804s ago: executing program 3 (id=5325):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14}, 0x14}}, 0x0)
getsockname$packet(r2, 0x0, &(0x7f0000000200))
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newlink={0x64, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e20}, @IFLA_GRE_ENCAP_TYPE={0x6}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x1}, @IFLA_GRE_FWMARK={0x8, 0x14, 0xf3a}, @IFLA_GRE_REMOTE={0x8, 0x7, @rand_addr=0x64010101}]}}}, @IFLA_MASTER={0x8}]}, 0x64}}, 0x0)

6.349722833s ago: executing program 4 (id=5326):
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000002740)={&(0x7f0000002400)={0x34, r1, 0x301, 0x0, 0x0, {0x17}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x34000804}, 0x0)

6.254719973s ago: executing program 2 (id=5327):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000200)={'syzkaller0\x00', @random="e5db029ea53c"})
r2 = socket(0x10, 0x803, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)

6.141450849s ago: executing program 3 (id=5329):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001ac0)={0xd0, 0x19, 0x2, 0x70bd28, 0x25dfdbff, {0x1e}, [@typed={0x8, 0x145, 0x0, 0x0, @ipv4=@private=0xa010101}, @typed={0x8, 0x56, 0x0, 0x0, @uid}, @typed={0x8, 0x105, 0x0, 0x0, @uid}, @nested={0x8, 0x6, 0x0, 0x1, [@nested={0x4, 0x38}]}, @generic="b4fc6ba26f933eecc89a7c56", @generic="6afd8108823460415de0bbb425e879cd1ae5b7dd2f3a7ce25e5d2a0ac343b560d00bc464a7507974aaa27f6bcaa6bc326107643cd7d7ef1ce36f87b443682b01f2842ca46322058aafd69295f0895f135ffc0f477a63b72e25f27917a0e44e0c28e3a5ceef747a1a010ead45b87e33e9bdf2da59272b7ab8cecf560b8526fc6804156e4ca5ae8156a8", @generic="5d23fe7b"]}, 0xd0}, 0x1, 0x0, 0x0, 0x4}, 0x1)
recvmsg$can_bcm(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000100)=""/43, 0x2b}], 0x1}, 0x0)
recvmsg$can_raw(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000ac0)=""/4096, 0x1000}], 0x1}, 0x40)

6.048875547s ago: executing program 0 (id=5331):
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x80000009})
close(0x3)

5.970482992s ago: executing program 3 (id=5332):
r0 = socket(0x10, 0x80003, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_WOWLAN(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x10681, 0x200}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x20044002)
r4 = socket(0x10, 0x803, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r6}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x100}]}, 0x34}}, 0x0)
r7 = socket(0x10, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000380)={'vcan0\x00'})
sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r8}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x781}]}, 0x34}}, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
sendmmsg$unix(r11, 0x0, 0x0, 0x4c054)
write(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='svc_xprt_accept\x00', 0xffffffffffffffff, 0x0, 0x100000001}, 0x18)

5.872935429s ago: executing program 0 (id=5334):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000000000007910480000000000610400000000000095002080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0xffffa3ba, 0x7, 0x10, 0x4023, r2, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x0, 0xf, @void, @value, @void, @value}, 0x50)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x6, 0x0, @void, @value}, 0x28)
unshare(0x40020000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000300)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='rcu_utilization\x00', r3, 0x0, 0x2}, 0x18)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000000c0), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, &(0x7f00000000c0)={r4, r4, 0x206, 0x0, 0x0, 0x2, 0x84, 0x8, 0x3, 0x801, 0x0, 0x8, 'syz1\x00'})
socket$kcm(0x2, 0x1, 0x84)
ioctl$sock_bt_hidp_HIDPCONNDEL(r5, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})
r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x14, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b9104006"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r8, r7, 0x26, 0x0, 0x0, @void, @value}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r8}, &(0x7f0000000240), &(0x7f00000002c0)=r0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18030000000000000000009f27d972008510000300000018000000000000000300000000000000650000000000000018000000000007000000000000006f6395000000000000008500000007000000950000000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$inet(r1, &(0x7f0000000500)={0x0, 0x4000000, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x20000281}], 0x1}, 0x0)

5.345476954s ago: executing program 6 (id=5338):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000380)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(0xffffffffffffffff, &(0x7f0000000100)="29000000140005b7ff000000040860eb0101b6ff021596db2d6d6974b5d728aa4b5d02c2", 0x24)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x3c, 0x2, 0x6, 0x101, 0x0, 0x0, {0x4, 0x0, 0xffff}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x3}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4044081}, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000140)={0x34, 0x0, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_MLSCATLST={0x8, 0xc, 0x0, 0x1, [{0x4, 0x7}]}]}, 0x34}}, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)={@map, r0, 0x2e, 0x20, 0x0, @void, @void, @void, @value}, 0x20)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.63043562s ago: executing program 5 (id=5343):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'ip6gre0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
r3 = socket$key(0xf, 0x3, 0x2)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
sendmsg$inet(r4, 0x0, 0x0)
r5 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r3}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x20, &(0x7f0000000380)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}}, @initr0={0x18, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xb}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x40}, @tail_call]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000180)=0x25, 0x4)
bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000b40)=ANY=[@ANYBLOB="1d00000004000000020000000000000001020000", @ANYRES32, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="01006e4ca70000000000000000000000000000000000000000000000cb059a39a0519747c4a5aff2dc37b99698554cd83023ba204e155a42a28fefe81173f56585cc735c99c2a1537f9b0535ce91185af26952917702eb45e8db1c088c6b92812ced02ceac706a6f3742c186db5d92736949b7f2edb03f44bcafb81085832f4b89022fea317acbe8bf06b666d638e94ccaac862ab43cdc17e8eccb8d8622e2f60320d2e3901ab0b8789424e9e776ba8c2174d19c98687cbab0bf2c760693a13e9d4e9162a3ef1cd021d1a95d2c40be2bd0b6b82f24dd703dbbfc078f0136442e9eafdec966e3f25944ba235379842bfb78b46183a5f60818baa797dcea6f597ec50127166c64cb8b2eb11aedcf9d9e494ddffbadf52efed59c4b9a45647fa5157288f3e716d8acc7be6b997adcf4786af7404f059267867b5309ad9681f0637cd5393563710e73b66f9ec69463e5186849ab5e686157df579db5356720bdc94b1e138e0b7d24547b95f9ae112eb60048b6"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={0x0, &(0x7f0000000a40)=""/208, 0x136, 0xd0, 0x0, 0xfc5b, 0x10000, @value=r5}, 0x28)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x37, 0x800000, 0x8, 0x9, 0x8000})
write$bt_hci(r7, &(0x7f0000000080)=ANY=[], 0x6)

2.035788208s ago: executing program 3 (id=5344):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0xc4, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd28, 0x8000000, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0x3, 0x2}, {0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x48c0}, 0x20001880)

1.947848962s ago: executing program 6 (id=5345):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x73, 0xfffff034}, {0x50, 0x0, 0x5, 0x2}, {0x6, 0x0, 0x2, 0xffffffff}]}, 0x10)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa88"], 0xfdef)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1.862544556s ago: executing program 2 (id=5346):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0x10000, 'syz0\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xfffffdb6, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
r1 = socket(0x29, 0x2, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x4844}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000140), 0x4)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0xffff, 'syz1\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f00000005c0)=0x3, 0x4)
r2 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={<r3=>0x0}, &(0x7f0000000200)=0xc)
sendmsg$nl_route(r1, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f0000000dc0)=@RTM_NEWNSID={0x54, 0x58, 0x200, 0x70bd27, 0x25dfdbfe, {}, [@NETNSA_FD={0x8, 0x3, r2}, @NETNSA_NSID={0x8, 0x1, 0x4}, @NETNSA_PID={0x8, 0x2, r3}, @NETNSA_NSID={0x8, 0x1, 0x3}, @NETNSA_NSID={0x8, 0x1, 0x4}, @NETNSA_NSID={0x8, 0x1, 0x2}, @NETNSA_PID={0x8}, @NETNSA_PID={0x8}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)

1.763067702s ago: executing program 5 (id=5347):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000640)=ANY=[@ANYBLOB="700000001400010000000000fbdbdf25e00000010000000000000000000000000000000000000000000000000000000100000000000700"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\f\x00\b'], 0x70}}, 0x4004040)

1.751868382s ago: executing program 6 (id=5348):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f0000000000), 0x10)
sendmsg$can_bcm(r1, 0x0, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f00000001c0)=0x3)
ioctl$PPPIOCGIDLE(r2, 0x8010743f, &(0x7f0000000100))
socket$can_j1939(0x1d, 0x2, 0x7)
r3 = socket$packet(0x11, 0x2, 0x300)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r4)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000140)={0x0, 0x1, 0x6, @multicast}, 0x10)
syz_emit_ethernet(0x12a7, &(0x7f0000001780)={@remote, @random="c824f404af16", @val={@void, {0x8100, 0x6, 0x1, 0x3}}, {@mpls_mc={0x8848, {[{0x6}, {0x6, 0x0, 0x1}, {0x9}, {}, {0x3}, {0x9a}], @ipv6=@gre_packet={0xb, 0x6, "f13b64", 0x1255, 0x2f, 0x1, @private2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {[@dstopts={0x0, 0x2, '\x00', [@hao={0xc9, 0x10, @private0}]}, @hopopts={0x2b, 0x1d, '\x00', [@jumbo={0xc2, 0x4, 0x206}, @padn, @generic={0x80, 0x12, "1688acd7902b5cd120fa0176af160b83e33a"}, @hao={0xc9, 0x10, @mcast2}, @calipso={0x7, 0x28, {0x1, 0x8, 0x8, 0xfff, [0x7, 0x7, 0xbf4, 0x9]}}, @generic={0x5, 0x8b, "09583e65f3c4b813d6b4c5378c85263f51fd63c6c415033a435b487ce61889c9294fd1357ab91d5a0ea8f0624a7f1b8a32a833ba404d9c986d634aa383375f69e27de0a4d49f7431dbc109300d524d23dd942af038801312c14e237809aff64ee0b4031bb35a1825aa98a918ca3b01e62b0c3afc02fe850ebe4b86a9af92648c6193a9308127930b453b14"}, @pad1]}], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0xf40, 0x3, [0x4], "ccc7d4ec2a8b664f58722383fbaed8026fdc92ad45b9b2dac34ee1173d11df2600e7f9b6f9e0ab563f31ca31c106c3e42f7f00aeab9ab583eef2ca48d602142b8317a48663232acfb747ecc39e37490f0777544848edc9f92d9dcfeb92bd3fca1f52fd4954be95c8e442814a620d25ca660a3cfb007e0a2cc0f7b6f3315b5db255e2870d33826441a1488458ca60979cda2d0ba37063111e72ec128fdeecf29f03f515e2c2c41d0d58cd13b14f3dee3a18a17ccd2dbbdf53860d24ea84d87ec152d95470af885eed9e142ad6e8c0113b75d467a47b7d0050f7493ad0e2727443441fc378787172a98a7eaba1523369638af3547083a21765cfdd5ae8cf45f0aea8d66593d5feb039160f5c92aefedf03053986819b6d9a5000df9e241149986dab370f377e345169925a36a10b478c160474a5a689883037a10dfbc8345e92c9608f5bde681d27089770dc3b595d8a85d7cc2e1d9f79acd7a747724994bf324b85b68d5fcc2b28c578c26d3eb69025ea07b56d8a56ef1b5cadadce540da8779a3e3bf899d4188813e83d8eec51e41cd5c68070fb9876d89de55eb862de9c343fa6336c7197341b25f527b2491b631331f00058dca6d7c75850b315909867c6b7636773b147e6d939612ffd873504f409f4fa0d0eb0fc24f75b025ecd5a20207a1ef3b50b781af1312cb9526ade35bf9721d949b3b0f885846bd8a224aa012ab7443ef66f23deba3c0f678773b20a46d6d9b5106296d483bff86196054241636b6599e3b603c201a5953cf3062fcc8984a48de928be6b1adedace5df52bfe5e701784bccdbef659e2a0d2e2e8f9232f456aacfeabf53d1485e3c7fde7432f8a564cabb859a806c9044acacb6df76dc1a1271864d2187f05eb145adaab4f96b725d2006c676a02465b8d78de905bd08da7193eeaa433899c7605b38664ee6510a0ed6b07d31fc24690e4d222569a27ab3cb7fa7bb45e612e49c3c41244065b2d3283ee4aac9b3ca0ac9ad2fd789ebd312dc1a06273305112993018222ee392b649eb7b084190153ec63fdf5b282ef1bdfaa82a96256e8a39641d3f483156d0d4c28c36bb0b78ce05dd527e8af161983b4259c10b232a0232404a34520b4b31cc99b02e25c0eaf5c221d322377ec6537cd840cc3d5e330313f8efcf0dd578a40fcea36805629a3115a45d866faf289561e8646bf44070d65c28c0fbbab22dead1d81bcf40d4a9a6762b943f5aabe622339090d22c54c64356cae3e8efdcb68fdb6cd9374fe3066ae998464afbe6f3dcadbc9a77a7f5ef9b39e769894013eeed99ed36751c52c15a9133e7e2eee0c278eae76c1c88a74dcb9aedd8571bb616cc7330f3455a48e08726a60c3102c9d52c4634e7f178a19cb6984d5968270a2015577068ba39368cb865fbd7bf05731300687dca5c77a0b769b22325f84239c46231632d159b2e5a8ab02e8bcf8864956a02c5c3e51362e340265691680f225928509faacc725309033c936f47bc870f3f3ac194bd3cd6bc0fec1d2431f0919fe6ce9bccf5d8b679253440b24239eb0a383b31a7ed1bb65b1fb6817dffaa1ab1524ca6265adb181e2a136c8f476e6dbd74c1ab8e2c32d6a92c656f8c2b459ded4a8d982973892f16c8e9eb07d6ef1fa940137ff9c35f0e4f2049c367a34026e4514dc541564566ec487dd9ba4c713a361e32049935201290d6df74fbe5ca320f4ccf3793257531ad17cfe4b8a3c51323d76e9a49581773c7e5733b00e6dd525f8d5118355358e3a3e31226c538f982dbaebc71ae535e6cc0282f6bae5e23f3d924a056e8d12f9663fdf997f6474fdc60709ee85da9cafa8f89d373f29d148fbfc39d85b30e92ae9f83ecc0298fe0ade08b56123f0d40a3a41c9d6dac92769f19c689253d9cfecdecfad62cfc7f5a1e835ce176c5621b4640b289517ffb7390bcdffbc86763f9948461fd080007f00cb3ec95a667327e051b506a5da1e153ba9e890d71d9b3ec1dcc6b4e3992c4a90bf06923cd6566d2bd322ac1d8ba14ac67c3b90eb7e7ff25f93f65c5a749d75268bb463ab1313696b53c48703ed574fe9f2408f64ed4da09c9b8070174b35591b15542dc6009c0793c7503e2b3cda8807ba3ff4447d1993b1eddb07eb985fccdd02e0c4aeb90dc49487eddca7baf054be770759bf2e7cba61fc7515c164e9d3fe56cc30c0d7271787d62fdead1ef11fe65a9d3a1922db8f1aa81b62fdfa4f466eabb05f784772caf2e6438d14629509a01c238fbbecc7844cd5b0a17752cb1058a9f82435381b43db6369e1efb243fb81f80b4bf0f8c609076d1f0e01521086008fabea5bfad7ac5dcd4abb78f710f2a4a34048c3f73da85870958e4daa55d6962fad84ba12f168aa92cb888726a825649f2be05efc33d1c4ce2676a731af400b69ffeeab6a503b58019f5e642a7f3f203bb08ec600b0c4fb5e04fb4008643e1bb13e5b3847a06b1b3f61e768e9ff8f27efce3db05d492ef8f045eefe989bcc729bcb77f3e0a31a78a3f2773e55cc522b1227cd18b42d5423590fcb785c7213f8106a279352807de36f6a6c557fc18d04e323cfa9f32e8a3269531e1a374b425223d176eeaea452bb990f4f130c68147c5780d1e2dd8d00f5311775e977e22d375b07fa9aa122be504f68b75c6d450a5deaf40d82c24b14ba0b330361442731c198f1f9d1db9565a1fffa564d3b2369720cb974358cd3f296460c16ce11f52bc0ad58a16cb4cb37d2aa4a7c6906c1cfd832883fe883e2ee376a302e485f2c5a0d9a5d435ca52df845cfe6cb9ea6f8e85bc969ac752199e983ae117fee64a98ffa5f050af549289126a054aad56e2d9fe804521578d3867237d1e445709524904e3e81fb0416ca64f22bac637aafe35248ae3cb6e663d302ae7ef05cebcbdae2edef85c2d03c2d98b7e7e013b8cf9c5c0648afdf04d0f31d1963df71b79ac8dca25910e9c045fab25182977e4af4bf530c821815f3f83256409690ead772c945275d2c2f9ae0922188e31dcf20e9cc90a43eb4c729175b84bac5552a2c464133612a2bb4d4b9d9d2fad9e9e01252640d9c5ed31b2cbd5ab00dcd52f8508c818215326c31cbb857d6e8d9c32079532b9547f43d049e3449080d934bb1df34272a69d056cd6803d7be41a15c2fe08c5aae4218d64e3c22be355564ddf81daf2cf96807a3b5974cdde7b6ce599a670f675e234a97c8f222e18111cc3ea2552b34b3cf85890c387a3c3115035a7b7c28ba892f7a2ed0f747e88f2328a2539529fffecc389ce81146af3b044ddd64875b0afb2eae7e5bc390f118e6bce3302c1d0db81d4493e826b53c0e5c7b4b386bb729f0bc6086d1471974f3b2a7719616e6b121fec7fa0c069702bafa430ddf4093d4f4674f1a44e3b834b58a98be862b930dc4b10e664819a9853ee41531ba99edc3462684e9d5a803341c3c5df804276da4b6216dd5b1b9c10016491d0c7604b8a0fdd996044f0f58b95d18004fbc986b8052f04feed7a5b0e29947764aa82f243e75055ddde98fb32881c984a4cd6407ce1c474412b819c18860354fbb1b333118aef6218be9427b4f643dc2e517ac5c2b280b7bfc048dbd5ac42b6c4897a916fb1ce657b571901b5873ab553192daa872c8238cbd8b8615303e5f19f430fa9e024bb835e50209ab2032d925bdbbd920eb055a23a96394fc3217c94b67b89e49bce5bc7f5a1cbbad3773d030c0cbdd9047783f3e6b9ae8017e672f6f0afc460a48f9d02b8ee07fd9a9b139fa9ff9ab1b86b2e3ed01fa710140fcad6abc6745b7ff041d60ed7b191cc69ea2b396e95562ba759f477eba1ba2c595aed3cc42f8d6b0a1383983c9a9fc1750acea07d3e8de0dd85b05b59f2fa18a423025df709664fc3491a50717ef01459d5eac9076ee60679f9f3112b2936996236ba374b72fd8156a7b1a5f3f657471962d98380ba7b4c32dd1526347a19a42284df0e35e7ac7f1732c38708a38c6c56857772e17cbd03154ed4d152d8567d9aa14f775222f2546c4e109caf9ae344a85a32d1211e027877a436beb8c5ee792e6f132b014cb308f0e4fe1fcab86867d53d3f7edbce3d30d7c7b457b8286f7ee4c873aac3ce4982976e25e1f52e2d080a19fc1b2902635f915327d0390271f14ae0f075f1754a616a5615238d59b622a37b980aad87453601c58b1490420552b1309fdfbf2907f6376d62618b5c39096783d2079e329ba08bf6932458a60bcb71193bab94877bdc26517654aa957645704dafeabfb139439bd4307fd20b1644029a280573a54b1a68e248906bab5d785c27153a79c24c48e46c850cc18f0758acaa32a0e3cc458a2acb3e59162a05ae75a289dbd8bca0b2ae1c31b00264b1b500cdea21f4d4bfa4546b2cb26a4e0adf9a33eb9c4e939fd419e08f3b1e4cb36948fd55e484552f8c67dabcf553df79e5bc0a9e64a6c70e6688a7a3bf67a68d14aa8b01c8f96d3deeff3d430b71baddf7b8991c8dd86e557504cf3afe99578131eefcb83f2ad3e3871b14b178f1d4b5741edd3bcc328483fab60d91ab5ddd1cd89f3731149492231392c8ba2cdf4b157d90b43cab9c982e7e792b531b0f0c741f7b5d7381cbfed72a3e8daf812b5640a7de11c33a464640e70a642296fcbbaa861047f9755f1b302a8471e2073064d7802f2ed4979ac9d1f2745d59333226d7b6d24a64d969072e565c6804c2a761517c637a4ab0df70ac220fda27984c1142a9d2780080e43e0b64fcc96ca22ef3790b8bea97f190dada399d477c57dca0e76c15546a370e4b14f57bca8683317594cccc2181d69f00a1616a7d00f16f6c839c699c19d44c534626984c2fac62f312e49a21fde345b671533dd30e95e4c738789808106eb0cac3c2c3146cea987c9b2a8b21ceda5d2d4b5b2b52d2693ddf4de3e431093d18e68d73dfb42d5b63c545f116deb60de3d1c2fadb462073544fc9fa46035f007ae51ac5ed9f0c48493d157f3978799d842e5e687e655ee8839d478b87ce87b5b091a7ab3d1f88b0efb2dd4d01a951a7fda45132ef0f85724a36b689b1ce0d93c0a2c00960d6bee5906b2f3f3aa451020c04a7b94df08c5d68b32cc3969e26df385a4dd274862fd12dc256b3f78162bf321e81a7382c483fad45377ba6b3f00a97dcf5431be6d8e8033a1844942b8fe4fa5a94f96201d7471339ce4077ffc164a2e58bcb2da9d7171b751bf93ff377f190ec06f542c9fd311014a912b28443f2b7045bc5bf698679e3eea7d2ac84a45e014f9edca253508a364be6e428e006532f8dbab335e7472549b7c409ee8296af04264c161b82749402f1d9ef7d18a7b07b21c0c2381e52912e324681936290376ecf5b1f95289da59fcb6e037cf2b8a47067b57a7c30dd4fbc38126568c29ab93a338b5db9cecbe58e0c8b7d8533bee63920b8e3fbaa3b65bd5fb3463dee7aaa2cef213934b3f2cef1058bab9dad261d01e42fe547fc71b8b3a95a0bd55ad96c2678425837971d2b8dd74867faf0f6c1da624906191b3379a385c6"}, {0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x800, [0x2, 0x8, 0x0], "0b0685c523164baa4b604cae4aa5e4f555fa35e1da5c0f89fecd248078bf480cde6b254a104c98f4652c9539159f8d7db0590e7735b70e0b2d94722f"}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x86dd, [0x6], "a2e8fb23227c21d5266ee67f11166fd4ffa67bb243892e07ee19715c05c5e8ed540cb0c2d55adfe525c39d320fefe8b7fbb50c3e0fa81c7d71e9bbcf0b8fb1c60d598ade9c1cce084df42dadc693211df9e7cf093f8fae5f7c3fea312887f8546db4f2c2b134661cc09825003a57632e02d290a10e3572848c4982081f1eda2a9efba38b6ff7c81475e3d3f4130a792d2104daecddc2ed867b2c1f84c47bba03ecbbc278be53b17cad4d"}, {0x8, 0x88be, 0x3, {{0x9, 0x1, 0x4, 0x3, 0x1, 0x1, 0x3, 0x4}, 0x1, {0x9}}}, {0x8, 0x22eb, 0x2, {{0x6, 0x2, 0x1, 0x3, 0x0, 0x1, 0x1}, 0x2, {0x8, 0xffff, 0x3, 0x5, 0x1, 0x1, 0x2, 0x1, 0x1}}}, {0x8, 0x6558, 0x0, "6d283b4630bbbe70277fd96380bd616e1ee0ade8d6bcb45e49078d149abb24c790d0f2cc92b0a02ea1cc07b02722b912d010254f27d1400d1c5d0341f4f8d5f7b6f154a83775549a65b207b46edb92912d1cd88f560a9a4c49ae08d8fd732e4c84f18b77d4e2a619784424ab4a5df710a528b61164f53ec3797150ab170c44e7be70eace2fb13aac02e2bad2375eeae954a3f281b05da7e7df6e395234c80ece2461495c43dcc3cfdf47fc720b6dba59b6334d9685bef3195c4cdf1e6b79f7589f5afb069efecefb33e031ecacaff8674e"}}}}}}}}, &(0x7f0000000180)={0x1, 0x1, [0x9bc, 0x16a, 0xe3d, 0x547]})

1.745220289s ago: executing program 2 (id=5349):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xda32})
close(r0)
preadv(r1, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0x7c}], 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

1.720482215s ago: executing program 3 (id=5350):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="8109feffffff0000000003000000080001"], 0x38}, 0x1, 0x0, 0x0, 0x2008810}, 0x0)

1.587840582s ago: executing program 3 (id=5351):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0xc8901, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
getresuid(0x0, 0x0, 0x0)
openat$tcp_mem(0xffffffffffffff9c, 0x0, 0x1, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r5 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r5, 0x400455c8, 0x0)
ioctl$TIOCSTI(r0, 0x5412, 0x0)

1.527930494s ago: executing program 5 (id=5352):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0x10000, 'syz0\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xfffffdb6, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket(0x29, 0x2, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x4844}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000008c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x540, 0x180, 0x180, 0x288, 0x98, 0x0, 0x408, 0x408, 0x408, 0x408, 0x408, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x61}}}, {{@uncond, 0x0, 0xe8, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{}, {0xc}}]}, @TTL={0x28}}, {{@ip={@remote, @local, 0xffffff00, 0xffffff00, 'veth1_vlan\x00', 'veth1_virt_wifi\x00', {0xff}, {}, 0x8, 0x0, 0x5c}, 0x0, 0xe0, 0x108, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x6]}}}, @common=@addrtype={{}, {0x100, 0x900}}]}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x4, 0x9}}}, {{@ip={@multicast1, @private, 0x0, 0x0, 'pim6reg0\x00', 'erspan0\x00'}, 0x0, 0xe8, 0x110}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'lo\x00', 'nr0\x00', {}, {}, 0x0, 0x0, 0x1}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00', 0x0, 0x1}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298b2d52f8acf654)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000140), 0x4)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ac4010000060a0b040000000000000000020000004c000480340001800b000100746172676574000024000280090001004d41524b000000000c00030002b51112d439c5920800024000000002140001800b0001006c6f6f6b75700000040002800900010073797a30000000000900020073797a3200000000f70007404884b24b02a8a7758a688958ed60ecfd057e10926ba77e5596b13e43cd4488e4aa68af5f7236ec205b6e4cac2a0d86c336bf07dbe861f4f57bcef92dcf818d532d4475b5daa4dadc1690f228e860bba5a0b5d9bde86862e8f7fc08f0debd4974c6fae7d737a0007ec948ac4d8714ebff6b25648fb910e0d6d07f023cf5fa4051627b9c5b69e265538f9ba683bf172a5ff815afa543c12e550a1bcc9287080c7c12cc89d216c56febb0b06134672ea6b0077c846396169475f271319988f49ec94f2996e5d0e1cb151fb223e556f10fb681d068e055eb34e5f8fc7a524ffe5f4632a6c74ad0fe0b1542497d76a5a4416c47805e001c0005800800014008000008080002"], 0x1ec}}, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0xffff, 'syz1\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000440)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x8, 'syz1\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7, 0x4, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]})
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a20000000000a01080000000000000000030000000900010073797a310000000014000000020a010400000000000000080000000034000000140a03000000000000000000030000000800e19b2ef000090000000000000031000000000900020073797a3000000000140000001100010000000000000000000000000a338c03f24f0f9cff363289f93c8eb93ab6170ca8f621224e96b662da9f8a9fe4629d7357009fa4a8c91ba61a53d5e834c448931d18ff3d5ddf207f47e91be8deaada6aa92f36a2b18ea4056453580fdb6f253d69deaa7ae7358e9d3af444"], 0x90}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="1e006f9721acbd0848ab8b27000000f32700000505f600040b00000020400000ceb51321b283eceded2694787ce15243e5210056ca4454e727ca8c2da9e6a773902036442e85dc21b1793d3ad5f11de42e1cd3e6a2603a06ebf1b0255bf9d2469adf", @ANYRES32=r3, @ANYBLOB="1000"/20, @ANYRES32=r0, @ANYRES32, @ANYBLOB="0100000000000000020000000300"/28], 0x50)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={<r5=>0x0}, &(0x7f0000000200)=0xc)
sendmsg$nl_route(r1, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f0000000dc0)=@RTM_NEWNSID={0x54, 0x58, 0x200, 0x70bd27, 0x25dfdbfe, {}, [@NETNSA_FD={0x8}, @NETNSA_NSID={0x8, 0x1, 0x4}, @NETNSA_PID={0x8, 0x2, r5}, @NETNSA_NSID={0x8, 0x1, 0x3}, @NETNSA_NSID={0x8, 0x1, 0x4}, @NETNSA_NSID={0x8, 0x1, 0x2}, @NETNSA_PID={0x8}, @NETNSA_PID={0x8}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)
setsockopt$SO_BINDTODEVICE_wg(r3, 0x1, 0x19, &(0x7f0000000080)='wg2\x00', 0x4)

1.286632347s ago: executing program 2 (id=5353):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x8002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad9585000000010000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4)
sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)

1.22965781s ago: executing program 5 (id=5354):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x1)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000c40), 0x12)

1.220945169s ago: executing program 6 (id=5355):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r2, @ANYBLOB="0000000a010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000880)=@newlink={0x50, 0x10, 0x439, 0x70bd2c, 0xffffffea, {0x0, 0x0, 0xe403, r3, 0x3, 0x610c3}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @sit={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e23}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @remote}, @IFLA_IPTUN_TOS={0x5, 0x5, 0x16}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0x10001}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040)

476.421289ms ago: executing program 0 (id=5356):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYBLOB="050000000000000000004400000008000300", @ANYRES32=r1, @ANYBLOB="3c00238006000a"], 0x58}, 0x1, 0x0, 0x0, 0x8004}, 0x0)

458.589254ms ago: executing program 4 (id=5357):
socket(0x10, 0x80003, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_WOWLAN(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x10681, 0x200}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x20044002)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x100}]}, 0x34}}, 0x0)
r6 = socket(0x10, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000380)={'vcan0\x00'})
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r7}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x781}]}, 0x34}}, 0x0)

457.922642ms ago: executing program 2 (id=5358):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
eventfd2(0x3, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, 0x0, 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file0\x00', 0x8c0, &(0x7f0000000280)=ANY=[@ANYBLOB='acl,heartbeat=none,resv_level=0000000000\x00000000002,coherency=full,data=writeback,localalloc=00000000000000000001,acl,noacl,localalloc=00000000000000000000,\x00'], 0x1, 0x4459, &(0x7f000000cd00)="$eJzs3c9vI1cdAPDvTFKaLM2StD0UCQlLVAIBipKegFQiyWY3Tbph0UIrxMXrJO5uwIlXiYM49BBulTghcUAcKpC45VTlwLX8CVw4lnMlOHBBQqowsj1OPBObNbtxwu5+Poe8+P12vjPPz4fJSzONBzsHpZ2DUmWvVN967+CN0s/qtcPdaqSXpO/4L1ze+Axn6OtkbPjQXfW19zy7c+PWD959I+JP23/5tNlsNqNlPPqa7/n9n/94f6s37UoLbVr99u/tovw4Il49N6+WsYj40R8jkohYyvKWs3QyIqaiU/bu+7+8V7qg2Xz0SfXN8mcbH5wsvL5+/OHJ4PeeRPy29sVv3t/921fGFv769QsaHgAAAAAAAAAAAAAAAACAp9zq3TvvfH9uPj5OYvw4Of+87mqWDno+tnlhvhwxPfr3CwAAAAAAAAAAAAAAAAAAAP+Pzp7/LyUv93n+fyVLFwe0b3539HNkdNa+d2fl5tx8dv57cq78W1nW35fGYqbPue/F89+XCu37n/9+fpzH1Z3f0guddDqSdLZnHtORprOzEb/PDn5/LbmW1uoHjW+8Vz/c276waTy18vHvnN6fi052oP+w8V8u9D/68/9fOXc1tV7fu7hL7JmWj//YwHp/+EUyVPxvFNr9t/g3m83mE7+BeOXJu3iO5eM/3s6b7K2w2FkAWvH/1fij479S6H9U9//1iCglrbmWcitAaw/Tyh+0XyEvH//Oh2hu6cz+kIPu/38V4n+z0P9Vrf9HxQ8i+srH/3PtvIlcjbP7fybtxv3F09Li/X+r0P9VxL81/yOf/0PJxz+L63iuSvsvOez6v1rof1TxfyfN5nk9yV0Bx0knf9D/qyMvH/+Jc+Vn3//SofZ/bxXaX9b3v+643e9/3eX/a0nn+x/95eM/ObDesPf/WqHdqNf/xfb+L3LXlKV/ePn4X2vn5ffOnX/KOWz81wv9jyr+7V3JRDf+ZxH/94ud/N/Z/w0lH//PdzLT3hpH7Z/t/V/y6P3/24X+r2L/15r/UTraUZ8V+fi/NLBeK/5/HuLz/3ah3ejjHzFnwX9s+fhPDazXvv8nHh3/jUK7Ucf/q6PsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOApsJyl05Gks7nXaTo7G3Eje/1aXEs2K9vlzVp966cHEStZfileTu7X6puVWnlnr75dLVdqtfpWxM2s/NWYSA5q9UZ5t/Lw1mlfk8mDamW/sVmtNCJiNcv/Ukx1+9rcaexWHkbEW6dlX0jr+w8fVPbK2zv735mbm5uLtdM5zCTVnzeqe43O6J3SiPXTttNJz+TaxW+fzuWl5Cf1w/29Sq2df7unTa2+Van1tNnIyn4dM0lj/3Bvq9Kolmv1+93xrtJilq6s3f3h3dvz58rvJZ10uSdv7HKmBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/4OOFb/8mIsY7r9KIWMx+mbrer/5Hn1TfLH+28cHJwuvrxx+efBoRyeXOGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgPO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdilY5QGoiAMwPOehdp5DKtlt7NdUUQLVwRPoMfwHNZ6CXsv4R0sLNKmCIHkLYTNLqRImvB9zcD87M7AGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI7L3XP38lQ3ESnOFqcRP2+/f5v5Q6mf1+Pfn4x2P773vigHcf/Y3dzWTXn3tJVfldZ/m1fpfPb+GiO19zW4k+E9rfVzzif3mrq3qf36uReRchURbckvU85Vtdu/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCU7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZR9G0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CsAAP//lEYhzA==")
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

378.380407ms ago: executing program 5 (id=5359):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'ip6gre0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
r3 = socket$key(0xf, 0x3, 0x2)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
sendmsg$inet(r4, 0x0, 0x0)
r5 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r3}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x20, &(0x7f0000000380)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}}, @initr0={0x18, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x1}, @map_val={0x18, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xb}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x40}, @tail_call]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000180)=0x25, 0x4)
bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000b40)=ANY=[@ANYBLOB="1d00000004000000020000000000000001020000", @ANYRES32, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="01006e4ca70000000000000000000000000000000000000000000000cb059a39a0519747c4a5aff2dc37b99698554cd83023ba204e155a42a28fefe81173f56585cc735c99c2a1537f9b0535ce91185af26952917702eb45e8db1c088c6b92812ced02ceac706a6f3742c186db5d92736949b7f2edb03f44bcafb81085832f4b89022fea317acbe8bf06b666d638e94ccaac862ab43cdc17e8eccb8d8622e2f60320d2e3901ab0b8789424e9e776ba8c2174d19c98687cbab0bf2c760693a13e9d4e9162a3ef1cd021d1a95d2c40be2bd0b6b82f24dd703dbbfc078f0136442e9eafdec966e3f25944ba235379842bfb78b46183a5f60818baa797dcea6f597ec50127166c64cb8b2eb11aedcf9d9e494ddffbadf52efed59c4b9a45647fa5157288f3e716d8acc7be6b997adcf4786af7404f059267867b5309ad9681f0637cd5393563710e73b66f9ec69463e5186849ab5e686157df579db5356720bdc94b1e138e0b7d24547b95f9ae112eb60048b6"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={0x0, &(0x7f0000000a40)=""/208, 0x136, 0xd0, 0x0, 0xfc5b, 0x10000, @value=r5}, 0x28)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x37, 0x800000, 0x8, 0x9, 0x8000})
write$bt_hci(r7, &(0x7f0000000080)=ANY=[], 0x6)

377.938491ms ago: executing program 6 (id=5360):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x73, 0xfffff034}, {0x50, 0x0, 0x5, 0x2}, {0x6, 0x0, 0x2, 0xffffffff}]}, 0x10)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa88"], 0xfdef)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

248.194333ms ago: executing program 4 (id=5361):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0x10000, 'syz0\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xfffffdb6, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
r1 = socket(0x29, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000008c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x540, 0x180, 0x180, 0x288, 0x98, 0x0, 0x408, 0x408, 0x408, 0x408, 0x408, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x61}}}, {{@uncond, 0x0, 0xe8, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{}, {0xc}}]}, @TTL={0x28}}, {{@ip={@remote, @local, 0xffffff00, 0xffffff00, 'veth1_vlan\x00', 'veth1_virt_wifi\x00', {0xff}, {}, 0x8, 0x0, 0x5c}, 0x0, 0xe0, 0x108, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x6]}}}, @common=@addrtype={{}, {0x100, 0x900}}]}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x4, 0x9}}}, {{@ip={@multicast1, @private, 0x0, 0x0, 'pim6reg0\x00', 'erspan0\x00'}, 0x0, 0xe8, 0x110}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'lo\x00', 'nr0\x00', {}, {}, 0x0, 0x0, 0x1}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00', 0x0, 0x1}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298b2d52f8acf654)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000140), 0x4)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0xffff, 'syz1\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f00000005c0)=0x3, 0x4)
r2 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={<r3=>0x0}, &(0x7f0000000200)=0xc)
sendmsg$nl_route(r1, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f0000000dc0)=@RTM_NEWNSID={0x54, 0x58, 0x200, 0x70bd27, 0x25dfdbfe, {}, [@NETNSA_FD={0x8, 0x3, r2}, @NETNSA_NSID={0x8, 0x1, 0x4}, @NETNSA_PID={0x8, 0x2, r3}, @NETNSA_NSID={0x8, 0x1, 0x3}, @NETNSA_NSID={0x8, 0x1, 0x4}, @NETNSA_NSID={0x8, 0x1, 0x2}, @NETNSA_PID={0x8}, @NETNSA_PID={0x8}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)

212.079516ms ago: executing program 0 (id=5362):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0xc4, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd28, 0x8000000, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0x3, 0x2}, {0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x48c0}, 0x20001880)

27.714779ms ago: executing program 6 (id=5363):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="8109feffffff0000000003000000080001"], 0x38}, 0x1, 0x0, 0x0, 0x2008810}, 0x0)

26.963426ms ago: executing program 5 (id=5364):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000640)=ANY=[@ANYBLOB="700000001400010000000000fbdbdf25e00000010000000000000000000000000000000000000000000000000000000100000000000700"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\f\x00\b'], 0x70}}, 0x4004040)

0s ago: executing program 4 (id=5365):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x2, 0x0, @local, 0x2}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r1=>0x0}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f00000000c0)=@assoc_value={r1, 0xa0e}, 0x8)

kernel console output (not intermixed with test programs):

 0
[  811.978654][T15872] 8021q: adding VLAN 0 to HW filter on device bond0
[  812.006593][T15872] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  812.055148][T15881] block nbd0: server does not support multiple connections per device.
[  812.106520][T15881] block nbd0: shutting down sockets
[  813.584512][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  814.088170][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  814.169081][T15907] netlink: 'syz.6.3322': attribute type 4 has an invalid length.
[  814.194376][T15907] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3322'.
[  814.337678][T10600] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  814.377325][T10600] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  816.082461][T15940] bridge_slave_0: left allmulticast mode
[  817.134044][T15940] bridge_slave_0: left promiscuous mode
[  817.198618][T15935] netlink: 'syz.6.3330': attribute type 10 has an invalid length.
[  817.211131][T15940] bridge0: port 1(bridge_slave_0) entered disabled state
[  817.311533][T15940] bridge_slave_1: left allmulticast mode
[  817.332108][T15954] netlink: 'syz.2.3337': attribute type 4 has an invalid length.
[  817.363827][T15954] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3337'.
[  817.364532][T15940] bridge_slave_1: left promiscuous mode
[  817.469019][T15940] bridge0: port 2(bridge_slave_1) entered disabled state
[  817.601662][T15940] bond0: (slave bond_slave_0): Releasing backup interface
[  817.704744][T15940] bond0: (slave bond_slave_1): Releasing backup interface
[  817.916161][T15940] team0: Port device team_slave_0 removed
[  817.994940][T15940] team0: Port device team_slave_1 removed
[  818.015148][ T5134] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  818.025709][T15940] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  818.049640][ T5134] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  818.066072][T15940] batman_adv: batadv0: Removing interface: batadv_slave_0
[  818.068492][ T5134] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  818.089254][ T5134] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  818.100558][ T5134] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  818.124821][T15940] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  818.152397][T15940] batman_adv: batadv0: Removing interface: batadv_slave_1
[  818.479115][T15935] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  818.507677][ T5823] bridge0: port 3(syz_tun) entered disabled state
[  818.619163][ T5823] syz_tun (unregistering): left allmulticast mode
[  818.644901][ T5823] syz_tun (unregistering): left promiscuous mode
[  818.689952][ T5823] bridge0: port 3(syz_tun) entered disabled state
[  819.510635][T15995] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3348'.
[  819.646312][   T30] audit: type=1326 audit(2000000283.739:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.5.3350" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f275998e969 code=0x0
[  820.070426][   T53] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  820.184377][ T5847] Bluetooth: hci0: command tx timeout
[  820.574933][   T53] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  820.791477][T16008] delete_channel: no stack
[  820.833744][   T53] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  822.274461][ T5847] Bluetooth: hci0: command tx timeout
[  822.442109][   T53] netdevsim netdevsim3 netdevsim0 (unregistering): left promiscuous mode
[  822.458032][   T53] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  822.745265][T16042] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3366'.
[  822.908580][T16043] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3366'.
[  823.137136][T16043] bond0: (slave bond_slave_1): Releasing backup interface
[  823.466457][T15962] chnl_net:caif_netlink_parms(): no params data found
[  823.621804][T16055] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3369'.
[  823.765531][   T53] bridge_slave_1: left promiscuous mode
[  823.780291][   T30] audit: type=1326 audit(2000000287.879:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16056 comm="syz.2.3371" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa2bed8e969 code=0x0
[  823.804934][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  823.856800][   T53] bridge_slave_0: left allmulticast mode
[  823.872756][   T53] bridge_slave_0: left promiscuous mode
[  823.884691][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  823.910837][T16067] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3372'.
[  823.940680][T16067] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3372'.
[  824.104874][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807862f800: rx timeout, send abort
[  824.314380][ T5847] Bluetooth: hci0: command tx timeout
[  824.324826][ T5931] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  824.605018][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807862c400: rx timeout, send abort
[  824.615046][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807862f800: abort rx timeout. Force session deactivation
[  825.064417][ T5931] usb 1-1: Using ep0 maxpacket: 32
[  825.091694][ T5931] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  825.113314][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807862c400: abort rx timeout. Force session deactivation
[  825.139259][ T5931] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  825.181613][ T5931] usb 1-1: Product: syz
[  825.214882][ T5931] usb 1-1: Manufacturer: syz
[  825.220161][ T5931] usb 1-1: SerialNumber: syz
[  825.266044][ T5931] usb 1-1: config 0 descriptor??
[  825.292499][T16081] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3376'.
[  825.299605][ T5931] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  825.481914][   T53] ip6gretap0 (unregistering): left promiscuous mode
[  826.424527][ T5847] Bluetooth: hci0: command tx timeout
[  826.692435][ T5931] gspca_ov534_9: reg_w failed -110
[  826.956963][   T53] bridge0 (unregistering): left promiscuous mode
[  827.114772][ T5931] gspca_ov534_9: Unknown sensor 0000
[  827.114881][ T5931] ov534_9 1-1:0.0: probe with driver ov534_9 failed with error -22
[  827.336526][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  827.352581][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  827.383318][   T53] bond0 (unregistering): (slave macvlan2): Releasing backup interface
[  827.406471][   T53] batadv0: left promiscuous mode
[  827.418350][   T53] bond0 (unregistering): Released all slaves
[  827.440989][T16059] bridge0: port 3(syz_tun) entered blocking state
[  827.447786][T16059] bridge0: port 3(syz_tun) entered disabled state
[  827.460715][T16059] syz_tun: entered allmulticast mode
[  827.477916][T16059] syz_tun: entered promiscuous mode
[  827.496402][T16059] bridge0: port 3(syz_tun) entered blocking state
[  827.503036][T16059] bridge0: port 3(syz_tun) entered forwarding state
[  827.668739][    T9] usb 1-1: USB disconnect, device number 46
[  828.368950][T16115] netlink: 'syz.0.3387': attribute type 10 has an invalid length.
[  828.418911][T15962] bridge0: port 1(bridge_slave_0) entered blocking state
[  828.427554][T15962] bridge0: port 1(bridge_slave_0) entered disabled state
[  828.483760][T15962] bridge_slave_0: entered allmulticast mode
[  828.539456][T15962] bridge_slave_0: entered promiscuous mode
[  828.576168][T16115] team0: Device ipvlan1 failed to register rx_handler
[  828.800674][T16109] delete_channel: no stack
[  828.870138][   T53] macvlan1: left promiscuous mode
[  828.967995][   T53] hsr_slave_0: left promiscuous mode
[  829.024611][   T53] hsr_slave_1: left promiscuous mode
[  829.032034][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  829.143641][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  829.203340][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  829.236270][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  829.374389][   T53] veth1_macvtap: left promiscuous mode
[  829.388951][   T53] veth0_macvtap: left promiscuous mode
[  829.419510][   T53] veth1_vlan: left promiscuous mode
[  829.683694][   T53] veth0_vlan: left promiscuous mode
[  830.023296][T16137] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3395'.
[  830.339834][T16147] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3397'.
[  830.413589][T16147] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3397'.
[  830.570478][ T5892] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  830.754332][ T5892] usb 3-1: Using ep0 maxpacket: 32
[  830.772870][ T5892] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  830.990012][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  831.034379][ T5892] usb 3-1: Product: syz
[  831.059008][ T5892] usb 3-1: Manufacturer: syz
[  831.075317][ T5892] usb 3-1: SerialNumber: syz
[  831.082987][ T5892] usb 3-1: config 0 descriptor??
[  831.113600][ T5892] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  831.120293][T16155] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3398'.
[  831.677454][   T53] team0 (unregistering): Port device team_slave_1 removed
[  831.742678][   T53] team0 (unregistering): Port device team_slave_0 removed
[  831.831480][ T5892] gspca_ov534_9: reg_w failed -110
[  832.250921][T15962] bridge0: port 2(bridge_slave_1) entered blocking state
[  832.258405][T15962] bridge0: port 2(bridge_slave_1) entered disabled state
[  832.265832][ T5892] gspca_ov534_9: Unknown sensor 0000
[  832.265911][ T5892] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22
[  832.285746][T15962] bridge_slave_1: entered allmulticast mode
[  832.293415][T15962] bridge_slave_1: entered promiscuous mode
[  832.376768][ T5892] usb 3-1: USB disconnect, device number 61
[  832.515776][T15962] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  832.703992][T15962] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  832.754384][ T5833] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  832.876022][T15962] team0: Port device team_slave_0 added
[  832.915498][T15962] team0: Port device team_slave_1 added
[  832.961078][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  832.999229][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  833.020779][ T5833] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  833.087330][ T5833] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  833.134087][ T5833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  833.150370][T15962] batman_adv: batadv0: Adding interface: batadv_slave_0
[  833.168958][ T5833] usb 5-1: config 0 descriptor??
[  833.180778][T15962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  833.206780][    C0] vkms_vblank_simulate: vblank timer overrun
[  833.226114][T15962] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  833.285443][T15962] batman_adv: batadv0: Adding interface: batadv_slave_1
[  833.292624][T15962] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  833.318665][    C0] vkms_vblank_simulate: vblank timer overrun
[  833.329834][T15962] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  833.341154][T16180] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  833.622531][ T5833] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving
[  833.661522][ T5833] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  834.238606][ T5833] usb 5-1: USB disconnect, device number 65
[  834.298236][T16186] delete_channel: no stack
[  834.557940][T16199] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3412'.
[  834.628318][T15962] hsr_slave_0: entered promiscuous mode
[  834.707761][T15962] hsr_slave_1: entered promiscuous mode
[  834.895445][T15962] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  834.903281][T15962] Cannot create hsr debugfs directory
[  835.735261][   T53] IPVS: stop unused estimator thread 0...
[  836.297825][T16213] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3418'.
[  836.515834][T16216] bridge0: port 1(syz_tun) entered blocking state
[  836.555514][T16216] bridge0: port 1(syz_tun) entered disabled state
[  836.576057][T16216] syz_tun: entered allmulticast mode
[  836.607747][T16216] syz_tun: entered promiscuous mode
[  836.613974][T16216] bridge0: port 1(syz_tun) entered blocking state
[  836.620682][T16216] bridge0: port 1(syz_tun) entered forwarding state
[  836.774494][T16226] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  836.774562][T16223] IPVS: stopping master sync thread 16226 ...
[  836.914581][T16228] netlink: 'syz.6.3423': attribute type 10 has an invalid length.
[  836.963811][T16228] team0: Device ipvlan1 failed to register rx_handler
[  836.974579][  T916] usb 6-1: new high-speed USB device number 59 using dummy_hcd
[  837.145743][  T916] usb 6-1: Using ep0 maxpacket: 32
[  837.182049][  T916] usb 6-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  837.219013][  T916] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  837.259479][  T916] usb 6-1: Product: syz
[  837.995716][  T916] usb 6-1: Manufacturer: syz
[  838.000457][  T916] usb 6-1: SerialNumber: syz
[  838.015238][  T916] usb 6-1: config 0 descriptor??
[  838.027631][  T916] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  838.144534][ T5833] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  838.308504][T15962] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  838.320968][T15962] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  838.330566][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  838.347346][T15962] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  838.356108][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  838.379344][T15962] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  838.389987][ T5833] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  838.514166][  T916] gspca_ov534_9: reg_w failed -71
[  838.537642][ T5833] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  838.566745][ T5833] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  838.934449][  T916] gspca_ov534_9: Unknown sensor 0000
[  838.935385][  T916] ov534_9 6-1:0.0: probe with driver ov534_9 failed with error -22
[  839.346843][ T5833] usb 1-1: config 0 descriptor??
[  839.379214][T16250] delete_channel: no stack
[  839.404738][  T916] usb 6-1: USB disconnect, device number 59
[  839.512614][T16260] IPVS: stopping master sync thread 16262 ...
[  839.512858][T16262] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  839.762103][ T5833] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving
[  839.780104][T15962] 8021q: adding VLAN 0 to HW filter on device bond0
[  839.791335][ T5833] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  839.903926][T15962] 8021q: adding VLAN 0 to HW filter on device team0
[  839.982656][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  839.989924][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  840.049612][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  840.057057][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  840.083007][ T5833] usb 1-1: USB disconnect, device number 47
[  840.665965][T15962] 8021q: adding VLAN 0 to HW filter on device batadv0
[  840.770030][T15962] veth0_vlan: entered promiscuous mode
[  840.840916][T15962] veth1_vlan: entered promiscuous mode
[  840.938457][T15962] veth0_macvtap: entered promiscuous mode
[  840.952706][T15962] veth1_macvtap: entered promiscuous mode
[  840.981908][T15962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  841.027602][T15962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  841.063702][T15962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  841.262179][T15962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  841.275732][T15962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  841.287335][T15962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  841.302039][T15962] batman_adv: batadv0: Interface activated: batadv_slave_0
[  842.318000][T15962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  843.112956][T15962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.134341][T15962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  843.145385][T15962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.155611][T15962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  843.167312][T15962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  843.180020][T15962] batman_adv: batadv0: Interface activated: batadv_slave_1
[  843.207187][T15962] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  843.334570][T15962] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  843.384728][T15962] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  843.424308][T15962] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  844.761323][T16300] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3447'.
[  844.782001][T16302] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3448'.
[  844.812685][T16305] bridge0: port 1(syz_tun) entered blocking state
[  844.848451][T16305] bridge0: port 1(syz_tun) entered disabled state
[  844.856099][T16305] syz_tun: entered allmulticast mode
[  844.872596][T16305] syz_tun: entered promiscuous mode
[  844.881515][T16305] bridge0: port 1(syz_tun) entered blocking state
[  844.888132][T16305] bridge0: port 1(syz_tun) entered forwarding state
[  844.908360][T16309] IPVS: stopping master sync thread 16310 ...
[  844.912570][T16310] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  844.954524][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  844.991211][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  845.159549][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  845.205299][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  845.269486][ T5833] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  845.464348][ T5833] usb 7-1: Using ep0 maxpacket: 32
[  845.486294][ T5833] usb 7-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  845.521446][ T5833] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  845.544326][ T5833] usb 7-1: Product: syz
[  845.548643][ T5833] usb 7-1: Manufacturer: syz
[  845.553403][ T5833] usb 7-1: SerialNumber: syz
[  845.576977][ T5833] usb 7-1: config 0 descriptor??
[  845.594531][T16325] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3453'.
[  845.660568][ T5833] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  845.789552][T16325] tun0: tun_chr_ioctl cmd 1074025677
[  845.806906][T16325] tun0: linktype set to 773
[  845.843271][T16333] netlink: 'syz.0.3453': attribute type 7 has an invalid length.
[  845.871452][T16333] : entered promiscuous mode
[  845.876453][ T5891] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  845.972142][T16335] netlink: 'syz.2.3457': attribute type 10 has an invalid length.
[  845.989834][ T5833] gspca_ov534_9: reg_w failed -71
[  845.990671][T16335] team0: Device ipvlan1 failed to register rx_handler
[  846.084067][ T5891] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  846.129486][ T5891] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  846.233495][ T5891] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  846.251896][ T5891] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  846.263876][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  846.283945][ T5891] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  846.294176][ T5891] usb 4-1: invalid MIDI out EP 0
[  846.358768][ T5891] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  846.434414][ T5833] gspca_ov534_9: Unknown sensor 0000
[  846.434521][ T5833] ov534_9 7-1:0.0: probe with driver ov534_9 failed with error -22
[  846.448961][T16343] IPVS: stopping master sync thread 16344 ...
[  846.493999][ T5891] usb 4-1: USB disconnect, device number 54
[  846.513834][T16327] delete_channel: no stack
[  846.560984][ T5833] usb 7-1: USB disconnect, device number 2
[  846.653981][T16346] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3462'.
[  847.542475][T16347] delete_channel: no stack
[  847.595388][ T5847] Bluetooth: hci0: command tx timeout
[  848.140392][T16380] IPVS: stopping master sync thread 16381 ...
[  848.152592][T16381] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  848.298140][T16385] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3477'.
[  848.358115][T16387] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3479'.
[  848.666117][ T6014] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  848.834443][ T6014] usb 3-1: Using ep0 maxpacket: 32
[  848.846450][ T6014] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  848.864270][ T6014] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  848.944049][ T6014] usb 3-1: Product: syz
[  848.966262][ T6014] usb 3-1: Manufacturer: syz
[  848.998106][ T6014] usb 3-1: SerialNumber: syz
[  849.050232][ T6014] usb 3-1: config 0 descriptor??
[  849.095947][ T6014] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  849.501280][ T6014] gspca_ov534_9: reg_w failed -71
[  849.580191][T16405] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  849.598790][T16405] IPv6: addrconf: prefix option has invalid lifetime
[  849.944321][ T6014] gspca_ov534_9: Unknown sensor 0000
[  849.944424][ T6014] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22
[  849.999384][ T6014] usb 3-1: USB disconnect, device number 62
[  850.128268][T16416] netlink: 'syz.0.3491': attribute type 1 has an invalid length.
[  850.141826][T16416] netlink: 'syz.0.3491': attribute type 4 has an invalid length.
[  850.188363][ T5826] bridge0: port 1(syz_tun) entered disabled state
[  850.216997][T16416] netlink: 212 bytes leftover after parsing attributes in process `syz.0.3491'.
[  850.236135][ T5134] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  850.251491][ T5134] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  850.260782][ T5134] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  850.288466][ T5134] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  850.296405][ T5134] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  850.331404][ T5826] syz_tun (unregistering): left allmulticast mode
[  850.369587][ T5826] syz_tun (unregistering): left promiscuous mode
[  850.396616][ T5826] bridge0: port 1(syz_tun) entered disabled state
[  850.461065][T16421] IPVS: stopping master sync thread 16432 ...
[  850.468358][T16423] vlan0: entered promiscuous mode
[  850.770979][T10608] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  851.136258][T10608] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  851.583378][T16439] delete_channel: no stack
[  851.611980][T10608] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  851.714814][T16454] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3504'.
[  851.754699][T16454] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3504'.
[  851.798365][T10608] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  852.394835][ T5847] Bluetooth: hci2: command tx timeout
[  853.199248][T16483] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3514'.
[  853.244465][T16483] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3514'.
[  853.296737][T16487] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3516'.
[  853.322706][T16488] loop2: detected capacity change from 0 to 512
[  853.389186][T16488] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  853.409303][T16493] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3516'.
[  853.414444][T16488] ext4 filesystem being mounted at /560/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  853.916722][T10608] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  853.930187][T10608] bond0 (unregistering): Released all slaves
[  854.043348][T10608] bond1 (unregistering): Released all slaves
[  854.238569][T16419] chnl_net:caif_netlink_parms(): no params data found
[  854.323214][ T5824] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  854.477214][ T5847] Bluetooth: hci2: command tx timeout
[  855.224692][T16531] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  855.224759][T16530] IPVS: stopping master sync thread 16531 ...
[  855.246631][T16419] bridge0: port 1(bridge_slave_0) entered blocking state
[  855.268867][T16419] bridge0: port 1(bridge_slave_0) entered disabled state
[  855.284884][T16419] bridge_slave_0: entered allmulticast mode
[  855.303692][T16419] bridge_slave_0: entered promiscuous mode
[  855.501313][T16514] delete_channel: no stack
[  855.581529][T16535] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3531'.
[  855.611817][T10608] hsr_slave_0: left promiscuous mode
[  855.630737][T10608] hsr_slave_1: left promiscuous mode
[  855.694854][T10608] veth1_macvtap: left promiscuous mode
[  855.716648][T10608] veth0_macvtap: left promiscuous mode
[  855.747966][T10608] veth1_vlan: left promiscuous mode
[  855.793538][T10608] veth0_vlan: left promiscuous mode
[  856.104456][ T6014] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  856.277505][ T6014] usb 4-1: Using ep0 maxpacket: 32
[  856.313556][ T6014] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  856.345310][ T6014] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  856.353385][ T6014] usb 4-1: Product: syz
[  856.377862][ T6014] usb 4-1: Manufacturer: syz
[  856.382597][ T6014] usb 4-1: SerialNumber: syz
[  856.419612][ T6014] usb 4-1: config 0 descriptor??
[  856.446330][ T6014] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  856.554379][ T5847] Bluetooth: hci2: command tx timeout
[  856.597578][T16549] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3534'.
[  856.624359][T16549] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3534'.
[  857.135083][ T6014] gspca_ov534_9: reg_w failed -110
[  857.570757][ T6014] gspca_ov534_9: Unknown sensor 0000
[  857.570848][ T6014] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22
[  857.872140][T16419] bridge0: port 2(bridge_slave_1) entered blocking state
[  857.879887][T16419] bridge0: port 2(bridge_slave_1) entered disabled state
[  857.888746][T16419] bridge_slave_1: entered allmulticast mode
[  857.897101][T16419] bridge_slave_1: entered promiscuous mode
[  857.908304][T16533] vlan0: entered promiscuous mode
[  857.967834][ T5900] usb 4-1: USB disconnect, device number 55
[  858.121936][T16419] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  858.246466][T16419] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  858.636995][ T5847] Bluetooth: hci2: command tx timeout
[  858.645813][T16419] team0: Port device team_slave_0 added
[  858.709934][T16573] IPVS: stopping master sync thread 16576 ...
[  858.712405][T16576] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  858.817650][T16419] team0: Port device team_slave_1 added
[  859.059696][T16419] batman_adv: batadv0: Adding interface: batadv_slave_0
[  859.082183][T16419] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  859.138939][T16419] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  859.188097][T10608] IPVS: stop unused estimator thread 0...
[  859.189468][T16586] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  859.279059][T16419] batman_adv: batadv0: Adding interface: batadv_slave_1
[  859.299197][T16419] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  859.358618][T16419] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  859.819489][T16419] hsr_slave_0: entered promiscuous mode
[  859.908795][T16419] hsr_slave_1: entered promiscuous mode
[  859.948088][T16419] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  859.959331][T16419] Cannot create hsr debugfs directory
[  859.973617][T16583] delete_channel: no stack
[  860.566327][T16604] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3552'.
[  860.664434][T16604] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3552'.
[  861.591186][T16614] netlink: 'syz.4.3556': attribute type 4 has an invalid length.
[  861.751911][T16617] IPVS: stopping master sync thread 16623 ...
[  861.753266][T16623] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  861.922679][T16626] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3561'.
[  861.944511][T16626] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3561'.
[  861.953463][T16626] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3561'.
[  861.987094][T16630] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3561'.
[  862.014612][T16630] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3561'.
[  862.031774][T16628] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3562'.
[  862.130881][T16419] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  862.203605][T16419] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  862.304050][T16419] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  862.356819][T16419] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  862.853277][T16419] 8021q: adding VLAN 0 to HW filter on device bond0
[  862.891333][T16660] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3571'.
[  863.218957][T16419] 8021q: adding VLAN 0 to HW filter on device team0
[  863.281734][T10610] bridge0: port 1(bridge_slave_0) entered blocking state
[  863.289034][T10610] bridge0: port 1(bridge_slave_0) entered forwarding state
[  863.328894][T10610] bridge0: port 2(bridge_slave_1) entered blocking state
[  863.336176][T10610] bridge0: port 2(bridge_slave_1) entered forwarding state
[  863.355863][T16666] netlink: 'syz.3.3573': attribute type 4 has an invalid length.
[  863.396629][T16667] IPVS: stopping master sync thread 15096 ...
[  863.536813][T16419] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  863.659464][T16677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3578'.
[  863.687446][T16677] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3578'.
[  863.778434][   T30] audit: type=1326 audit(2000000327.889:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16678 comm="syz.2.3579" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa2bed8e969 code=0x0
[  865.159501][T16705] netlink: 'syz.6.3589': attribute type 4 has an invalid length.
[  865.180901][T16706] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  865.196378][T16703] IPVS: stopping master sync thread 16706 ...
[  865.616178][T16717] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  865.681138][T16419] 8021q: adding VLAN 0 to HW filter on device batadv0
[  865.698263][T16720] __nla_validate_parse: 3 callbacks suppressed
[  865.698286][T16720] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3593'.
[  865.764846][T16720] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3593'.
[  865.809624][T16720] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3593'.
[  865.884440][T16723] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3593'.
[  865.964104][T16723] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3593'.
[  867.030135][   T30] audit: type=1326 audit(2000000331.139:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16735 comm="syz.2.3596" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa2bed8e969 code=0x0
[  868.091501][T16758] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  868.107568][T16755] IPVS: stopping master sync thread 16758 ...
[  868.199890][T16419] veth0_vlan: entered promiscuous mode
[  868.265108][T16419] veth1_vlan: entered promiscuous mode
[  869.451376][T16419] veth0_macvtap: entered promiscuous mode
[  869.646179][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  870.419935][T16788] netlink: 'syz.4.3615': attribute type 1 has an invalid length.
[  870.443035][   T30] audit: type=1326 audit(2000000334.539:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16785 comm="syz.6.3613" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc2c1b8e969 code=0x0
[  870.513779][T16788] netlink: 236 bytes leftover after parsing attributes in process `syz.4.3615'.
[  871.361874][T16419] veth1_macvtap: entered promiscuous mode
[  871.392575][T16795] IPVS: stopping master sync thread 16799 ...
[  871.404662][T16799] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  871.488769][T16419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  871.539546][T16419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.574365][T16419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  871.604542][T16419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.625932][T16419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  871.865572][T16419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.876258][T16419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  871.887859][T16419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.900378][T16419] batman_adv: batadv0: Interface activated: batadv_slave_0
[  872.635042][T16419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  872.876869][T16419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  872.888197][T16419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  872.903744][T16419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  872.931904][T16419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  872.968241][T16419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  873.140057][T16419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  873.311462][T16419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  873.523699][T16419] batman_adv: batadv0: Interface activated: batadv_slave_1
[  873.832480][T16419] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  873.857921][T16419] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  873.870021][T16419] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  873.882729][T16419] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  874.317691][T16839] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3629'.
[  874.344474][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  874.362573][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  874.383642][T16839] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3629'.
[  874.699802][T10600] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  874.728791][T10600] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  874.844784][T16844] IPVS: stopping master sync thread 16845 ...
[  874.851171][T16845] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  875.641820][T16872] netlink: 'syz.0.3637': attribute type 10 has an invalid length.
[  876.766903][T16869] syz_tun: left allmulticast mode
[  876.772541][T16869] syz_tun: left promiscuous mode
[  876.792385][T16869] bridge0: port 3(syz_tun) entered disabled state
[  876.853278][T16869] bridge_slave_0: left allmulticast mode
[  876.881569][T16869] bridge_slave_0: left promiscuous mode
[  876.907322][T16869] bridge0: port 1(bridge_slave_0) entered disabled state
[  876.923146][T16869] bridge_slave_1: left allmulticast mode
[  876.942272][T16869] bridge_slave_1: left promiscuous mode
[  876.962798][T16869] bridge0: port 2(bridge_slave_1) entered disabled state
[  876.988166][T16869] bond0: (slave bond_slave_0): Releasing backup interface
[  877.058035][T16869] team0: Port device team_slave_0 removed
[  877.091542][T16869] team0: Port device team_slave_1 removed
[  877.130728][T16869] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  877.153520][T16869] batman_adv: batadv0: Removing interface: batadv_slave_0
[  877.173375][T16869] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  877.184768][T16869] batman_adv: batadv0: Removing interface: batadv_slave_1
[  877.269294][T16872] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  877.293338][T16904] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  877.293661][T16891] IPVS: stopping master sync thread 16904 ...
[  877.558951][T16906] Bluetooth: MGMT ver 1.23
[  877.804878][T16918] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3657'.
[  878.209942][T16933] netlink: 'syz.6.3664': attribute type 4 has an invalid length.
[  878.252057][T16933] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3664'.
[  878.541389][T16940] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  879.217712][T16946] netlink: 'syz.3.3666': attribute type 10 has an invalid length.
[  879.261747][T16950] bridge_slave_0: left allmulticast mode
[  879.303803][T16950] bridge_slave_0: left promiscuous mode
[  879.329078][T16950] bridge0: port 1(bridge_slave_0) entered disabled state
[  879.428923][T16950] bridge_slave_1: left allmulticast mode
[  879.472982][T16950] bridge_slave_1: left promiscuous mode
[  879.503639][T16950] bridge0: port 2(bridge_slave_1) entered disabled state
[  879.542439][T16963] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3673'.
[  879.570957][T16950] bond0: (slave bond_slave_0): Releasing backup interface
[  879.645075][T16950] bond0: (slave bond_slave_1): Releasing backup interface
[  879.730605][T16950] team0: Port device team_slave_0 removed
[  879.777180][T16950] team0: Port device team_slave_1 removed
[  879.798489][T16950] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  879.826450][T16950] batman_adv: batadv0: Removing interface: batadv_slave_0
[  879.856819][T16950] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  879.866611][T16950] batman_adv: batadv0: Removing interface: batadv_slave_1
[  879.900525][T16981] loop5: detected capacity change from 0 to 1024
[  879.912719][T16981] EXT4-fs: Ignoring removed orlov option
[  879.953347][T16981] EXT4-fs: Ignoring removed nomblk_io_submit option
[  879.970609][T16946] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  880.006606][T16981] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  881.156407][T16419] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  882.421754][T17026] syz_tun: left allmulticast mode
[  882.432806][T17026] syz_tun: left promiscuous mode
[  882.457962][T17026] bridge0: port 1(syz_tun) entered disabled state
[  882.482850][T17029] netlink: 'syz.6.3694': attribute type 10 has an invalid length.
[  882.712271][T17026] bond0: (slave wlan1): Releasing backup interface
[  882.858130][T17029] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  883.083529][T17046] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  884.414553][ T5833] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  884.549252][T17064] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3709'.
[  884.624178][ T5833] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  884.658618][T17064] tun0: tun_chr_ioctl cmd 1074025677
[  884.701648][T17064] tun0: linktype set to 773
[  884.706417][ T5833] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  884.706460][ T5833] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  884.706514][ T5833] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  884.706544][ T5833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  884.757716][ T5833] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  884.772824][ T5833] usb 5-1: invalid MIDI out EP 0
[  884.896198][T17064] netlink: 'syz.6.3709': attribute type 7 has an invalid length.
[  884.938602][ T5824] bridge0: port 3(syz_tun) entered disabled state
[  884.944487][T17072] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3710'.
[  884.998135][ T5134] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  885.010859][ T5134] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  885.020196][ T5134] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  885.031452][ T5134] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  885.033264][ T5833] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22
[  885.054165][ T5134] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  885.071827][T17049] delete_channel: no stack
[  885.083014][T17072] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3710'.
[  885.187731][ T5833] usb 5-1: USB disconnect, device number 66
[  885.453937][ T5824] syz_tun (unregistering): left allmulticast mode
[  885.483861][ T5824] syz_tun (unregistering): left promiscuous mode
[  885.505647][ T5824] bridge0: port 3(syz_tun) entered disabled state
[  885.640837][T17064] : entered promiscuous mode
[  886.584489][ T5134] Bluetooth: hci2: command tx timeout
[  887.194559][ T5134] Bluetooth: hci1: command tx timeout
[  887.350408][ T1160] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  887.968463][ T1160] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  888.204069][ T1160] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  888.421787][ T1160] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  888.613289][T17118] netlink: 'syz.3.3726': attribute type 4 has an invalid length.
[  889.275156][ T5134] Bluetooth: hci1: command tx timeout
[  889.678957][T17131] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3727'.
[  889.773203][T17131] tun0: tun_chr_ioctl cmd 1074025677
[  889.781561][T17131] tun0: linktype set to 773
[  889.798328][ T1160] bridge_slave_1: left promiscuous mode
[  889.810478][T17131] netlink: 'syz.6.3727': attribute type 7 has an invalid length.
[  889.834700][ T1160] bridge0: port 2(bridge_slave_1) entered disabled state
[  889.875575][ T1160] bridge_slave_0: left allmulticast mode
[  889.882025][ T1160] bridge_slave_0: left promiscuous mode
[  889.910971][ T1160] bridge0: port 1(bridge_slave_0) entered disabled state
[  891.358387][ T5134] Bluetooth: hci1: command tx timeout
[  891.380577][T17161] netlink: 'syz.4.3741': attribute type 4 has an invalid length.
[  891.589135][ T1160] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  891.601680][ T1160] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  891.612656][ T1160] bond0 (unregistering): Released all slaves
[  891.771299][ T1160] þ: left promiscuous mode
[  892.039556][T17181] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[  892.049169][ T1160] tipc: Left network mode
[  892.105720][ T1160] IPVS: stopping master sync thread 16940 ...
[  892.447880][T17071] chnl_net:caif_netlink_parms(): no params data found
[  893.445044][ T5134] Bluetooth: hci1: command tx timeout
[  893.733463][T17210] netlink: 'syz.4.3761': attribute type 4 has an invalid length.
[  893.759930][T17210] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3761'.
[  893.944659][T17218] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3764'.
[  893.955322][ T1160] hsr_slave_0: left promiscuous mode
[  893.973245][ T1160] hsr_slave_1: left promiscuous mode
[  893.991629][ T1160] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  894.008832][ T1160] batman_adv: batadv0: Removing interface: batadv_slave_0
[  894.044818][ T1160] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  894.061863][ T1160] batman_adv: batadv0: Removing interface: batadv_slave_1
[  894.135261][ T1160] batadv0: left allmulticast mode
[  894.140568][ T1160] batadv0: left promiscuous mode
[  894.153215][ T1160] veth1_macvtap: left promiscuous mode
[  894.159431][ T1160] veth0_macvtap: left promiscuous mode
[  894.165195][ T1160] veth1_vlan: left promiscuous mode
[  894.471912][ T1160] pim6reg (unregistering): left allmulticast mode
[  895.063271][ T1160] team0 (unregistering): Port device team_slave_1 removed
[  895.122357][ T1160] team0 (unregistering): Port device team_slave_0 removed
[  895.515729][ T5134] Bluetooth: hci1: command tx timeout
[  895.967476][T17258] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3776'.
[  896.054472][T17258] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3776'.
[  896.316805][T17071] bridge0: port 1(bridge_slave_0) entered blocking state
[  896.324023][T17071] bridge0: port 1(bridge_slave_0) entered disabled state
[  896.373596][T17071] bridge_slave_0: entered allmulticast mode
[  896.402191][T17071] bridge_slave_0: entered promiscuous mode
[  896.543578][T17071] bridge0: port 2(bridge_slave_1) entered blocking state
[  896.568127][T17071] bridge0: port 2(bridge_slave_1) entered disabled state
[  896.589605][T17071] bridge_slave_1: entered allmulticast mode
[  896.618401][T17071] bridge_slave_1: entered promiscuous mode
[  896.914610][T17159] usb 6-1: new high-speed USB device number 60 using dummy_hcd
[  897.223941][T17159] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  897.293540][T17159] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  897.332600][T17071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  897.469827][T17159] usb 6-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  897.607340][T17071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  897.617194][T17159] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  897.628097][T17159] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  897.745832][T17159] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  897.778605][T17159] usb 6-1: invalid MIDI out EP 0
[  897.878698][T17159] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -22
[  897.941834][ T1160] IPVS: stop unused estimator thread 0...
[  897.957135][T17071] team0: Port device team_slave_0 added
[  897.977065][T17159] usb 6-1: USB disconnect, device number 60
[  897.998924][T17277] delete_channel: no stack
[  898.093502][T17071] team0: Port device team_slave_1 added
[  898.216559][T17297] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3791'.
[  898.312257][T17302] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3788'.
[  898.368057][T17304] netlink: 'syz.6.3792': attribute type 10 has an invalid length.
[  898.445240][T17300] bond0: (slave wlan1): Releasing backup interface
[  899.052547][T17071] batman_adv: batadv0: Adding interface: batadv_slave_0
[  899.063938][T17071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  899.094291][T17071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  899.108902][T17071] batman_adv: batadv0: Adding interface: batadv_slave_1
[  899.116337][T17071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  899.143777][T17071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  899.219248][T17304] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  899.225463][T17309] loop0: detected capacity change from 0 to 1024
[  899.236012][T17309] EXT4-fs: Ignoring removed orlov option
[  899.241952][T17309] EXT4-fs: Ignoring removed nomblk_io_submit option
[  899.430419][T17314] netlink: 'syz.4.3795': attribute type 10 has an invalid length.
[  899.443655][T17309] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  899.519393][T17314] team0: Device ipvlan1 failed to register rx_handler
[  900.457809][T17071] hsr_slave_0: entered promiscuous mode
[  900.465241][T17071] hsr_slave_1: entered promiscuous mode
[  900.565639][T17071] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  900.573916][T17071] Cannot create hsr debugfs directory
[  900.604898][T15612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  900.622248][T17322] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3796'.
[  900.814901][T17330] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3796'.
[  900.863509][T17333] netlink: 'syz.6.3800': attribute type 1 has an invalid length.
[  900.872519][T17333] netlink: 236 bytes leftover after parsing attributes in process `syz.6.3800'.
[  901.292579][T17341] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3803'.
[  902.327489][T17364] netlink: 'syz.6.3813': attribute type 1 has an invalid length.
[  902.336621][T17364] netlink: 236 bytes leftover after parsing attributes in process `syz.6.3813'.
[  902.410649][T17367] netlink: 'syz.3.3810': attribute type 10 has an invalid length.
[  902.489169][T17367] team0: Device ipvlan1 failed to register rx_handler
[  903.140428][T17071] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  903.898413][T17071] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  903.930468][T17397] netlink: 'syz.5.3825': attribute type 1 has an invalid length.
[  903.946538][T17071] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  903.984419][T17397] netlink: 236 bytes leftover after parsing attributes in process `syz.5.3825'.
[  904.010008][T17071] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  904.203172][T17408] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3828'.
[  904.232395][T17410] netlink: 'syz.5.3830': attribute type 10 has an invalid length.
[  904.298705][T17408] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3828'.
[  904.309234][T17410] team0: Device ipvlan1 failed to register rx_handler
[  904.630998][T17071] 8021q: adding VLAN 0 to HW filter on device bond0
[  904.707586][T17071] 8021q: adding VLAN 0 to HW filter on device team0
[  904.939353][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  904.946603][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  905.886689][T10608] bridge0: port 2(bridge_slave_1) entered blocking state
[  905.893947][T10608] bridge0: port 2(bridge_slave_1) entered forwarding state
[  905.902250][T17435] netlink: 'syz.5.3841': attribute type 1 has an invalid length.
[  905.924367][T17435] netlink: 236 bytes leftover after parsing attributes in process `syz.5.3841'.
[  906.186366][T17447] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3844'.
[  906.258566][T17447] netlink: 'syz.6.3844': attribute type 7 has an invalid length.
[  906.538341][T17462] netlink: 'syz.3.3846': attribute type 10 has an invalid length.
[  906.557727][T17462] team0: Device ipvlan1 failed to register rx_handler
[  907.807119][T17071] 8021q: adding VLAN 0 to HW filter on device batadv0
[  908.086400][T17071] veth0_vlan: entered promiscuous mode
[  908.168047][T17071] veth1_vlan: entered promiscuous mode
[  908.218406][T17480] netlink: 'syz.6.3859': attribute type 1 has an invalid length.
[  908.247361][T17480] netlink: 236 bytes leftover after parsing attributes in process `syz.6.3859'.
[  908.349388][T17071] veth0_macvtap: entered promiscuous mode
[  908.384113][T17071] veth1_macvtap: entered promiscuous mode
[  908.438092][T17488] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3858'.
[  908.890044][T17488] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3858'.
[  909.250735][T17071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  909.261871][T17071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.271962][T17071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  909.283031][T17071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.305691][T17071] batman_adv: batadv0: Interface activated: batadv_slave_0
[  909.384679][T17071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.395640][T17071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.405912][T17071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.417411][T17071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.429558][T17071] batman_adv: batadv0: Interface activated: batadv_slave_1
[  909.445072][T17071] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  909.454140][T17071] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  909.484388][T17071] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  909.506542][T17071] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  910.715928][T17512] trusted_key: syz.6.3872 sent an empty control message without MSG_MORE.
[  910.791918][T17516] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3870'.
[  910.923647][T10608] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  910.935432][T17516] netlink: 'syz.3.3870': attribute type 7 has an invalid length.
[  910.943814][T10608] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  910.997707][T17516] : entered promiscuous mode
[  911.076454][T16098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  911.112334][T16098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  911.206223][T17525] bond0: (slave wlan1): Releasing backup interface
[  911.281269][T17535] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3873'.
[  911.295637][T17535] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3873'.
[  913.536021][ T5847] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  913.546252][ T5847] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  913.569116][ T5847] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  913.590261][ T5847] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  913.628929][T17571] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3888'.
[  914.293908][ T5847] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  914.604108][T17586] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3894'.
[  914.814196][   T63] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  915.714740][T16772] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  915.788453][   T63] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  915.850232][T17605] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3901'.
[  915.889492][T16772] usb 1-1: Using ep0 maxpacket: 32
[  915.908417][T16772] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  915.924587][T16772] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  915.942972][T16772] usb 1-1: Product: syz
[  915.953112][T16772] usb 1-1: Manufacturer: syz
[  915.958156][T16772] usb 1-1: SerialNumber: syz
[  915.974479][T16772] usb 1-1: config 0 descriptor??
[  915.990805][T16772] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  916.029369][T17614] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3903'.
[  916.114381][T17614] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3903'.
[  916.260567][   T63] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  916.416108][ T5134] Bluetooth: hci6: command tx timeout
[  916.445914][T16772] gspca_ov534_9: reg_w failed -71
[  916.590710][T17626] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3904'.
[  917.093578][T16772] gspca_ov534_9: Unknown sensor 0000
[  917.093688][T16772] ov534_9 1-1:0.0: probe with driver ov534_9 failed with error -22
[  917.194782][T16772] usb 1-1: USB disconnect, device number 48
[  917.307805][   T63] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  917.783347][ T5847] Bluetooth: hci3: command 0x0406 tx timeout
[  918.551961][ T5134] Bluetooth: hci6: command tx timeout
[  918.786792][T17569] chnl_net:caif_netlink_parms(): no params data found
[  919.410223][T17569] bridge0: port 1(bridge_slave_0) entered blocking state
[  919.442943][T17569] bridge0: port 1(bridge_slave_0) entered disabled state
[  919.479134][T17569] bridge_slave_0: entered allmulticast mode
[  919.515832][T17569] bridge_slave_0: entered promiscuous mode
[  919.533557][T17569] bridge0: port 2(bridge_slave_1) entered blocking state
[  919.608915][T17569] bridge0: port 2(bridge_slave_1) entered disabled state
[  919.662146][T17569] bridge_slave_1: entered allmulticast mode
[  919.707636][T17569] bridge_slave_1: entered promiscuous mode
[  920.661149][ T5134] Bluetooth: hci6: command tx timeout
[  920.723209][T17691] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3920'.
[  921.283121][T17696] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3931'.
[  921.466304][   T30] audit: type=1326 audit(2000000385.529:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17693 comm="syz.5.3930" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f764818e969 code=0x0
[  921.658164][T17696] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3931'.
[  921.851197][T17569] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  921.890435][T17569] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  922.024130][T17569] team0: Port device team_slave_0 added
[  922.754322][ T5134] Bluetooth: hci6: command tx timeout
[  922.865224][T17734] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  923.277237][T17732] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3943'.
[  923.328787][T17734] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  923.789063][   T63] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  923.808279][   T63] bond0 (unregistering): Released all slaves
[  923.831629][T17569] team0: Port device team_slave_1 added
[  924.815177][T17569] batman_adv: batadv0: Adding interface: batadv_slave_0
[  924.822937][T17569] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  924.884330][T17569] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  924.960709][T17569] batman_adv: batadv0: Adding interface: batadv_slave_1
[  924.978436][T17569] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  925.027048][T17569] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  925.270030][T17767] loop2: detected capacity change from 0 to 1024
[  925.298600][T17767] EXT4-fs: Ignoring removed orlov option
[  925.314188][T17767] EXT4-fs: Ignoring removed nomblk_io_submit option
[  925.350036][T17767] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  925.612326][T17569] hsr_slave_0: entered promiscuous mode
[  925.621994][T17569] hsr_slave_1: entered promiscuous mode
[  925.628981][T17569] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  925.636931][T17569] Cannot create hsr debugfs directory
[  925.732269][T17778] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3957'.
[  926.438530][T17071] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  926.454089][   T63] hsr_slave_0: left promiscuous mode
[  926.463587][   T63] hsr_slave_1: left promiscuous mode
[  926.531976][   T63] veth1_macvtap: left promiscuous mode
[  926.544078][   T63] veth0_macvtap: left promiscuous mode
[  926.552726][   T63] veth1_vlan: left promiscuous mode
[  926.666170][T17794] netlink: 'syz.0.3964': attribute type 1 has an invalid length.
[  926.687149][T17794] netlink: 236 bytes leftover after parsing attributes in process `syz.0.3964'.
[  927.181341][T17810] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3970'.
[  927.275896][T17812] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3971'.
[  927.304386][T17812] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3971'.
[  928.008444][ T5847] Bluetooth: hci4: command 0x0406 tx timeout
[  928.845505][T17829] netlink: 'syz.6.3977': attribute type 1 has an invalid length.
[  928.888869][T17829] netlink: 212 bytes leftover after parsing attributes in process `syz.6.3977'.
[  929.305615][T17844] netlink: 'syz.2.3979': attribute type 4 has an invalid length.
[  929.326689][T17842] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3984'.
[  929.341400][T17844] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3979'.
[  929.387085][   T63] IPVS: stop unused estimator thread 0...
[  929.693372][T17858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3990'.
[  929.748239][T17858] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3990'.
[  929.811550][ T5900] IPVS: starting estimator thread 0...
[  929.814907][T17862] netlink: 'syz.5.3993': attribute type 1 has an invalid length.
[  929.917327][T17865] IPVS: using max 24 ests per chain, 57600 per kthread
[  931.054765][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  931.083023][T17569] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  931.113959][T17882] netlink: 'syz.3.3999': attribute type 4 has an invalid length.
[  931.116557][T17884] __nla_validate_parse: 2 callbacks suppressed
[  931.116575][T17884] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3998'.
[  931.165260][T17882] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3999'.
[  931.206243][T17569] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  931.262546][T17569] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  931.558747][T17569] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  931.604491][T17898] netlink: 'syz.2.4006': attribute type 1 has an invalid length.
[  931.637008][T17898] netlink: 212 bytes leftover after parsing attributes in process `syz.2.4006'.
[  931.650927][T17151] IPVS: starting estimator thread 0...
[  931.663868][T17900] netlink: 44 bytes leftover after parsing attributes in process `syz.5.4008'.
[  931.745238][T17903] IPVS: using max 30 ests per chain, 72000 per kthread
[  931.889470][T17908] loop2: detected capacity change from 0 to 1024
[  931.912974][T17908] EXT4-fs: Ignoring removed orlov option
[  931.926478][T17569] 8021q: adding VLAN 0 to HW filter on device bond0
[  931.934923][T17908] EXT4-fs: Ignoring removed nomblk_io_submit option
[  931.973226][T17908] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  932.006659][T17569] 8021q: adding VLAN 0 to HW filter on device team0
[  932.044927][T17627] bridge0: port 1(bridge_slave_0) entered blocking state
[  932.052151][T17627] bridge0: port 1(bridge_slave_0) entered forwarding state
[  932.148043][T17919] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4014'.
[  932.311669][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  932.318931][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  932.894523][T17071] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  933.032330][ T5893] IPVS: starting estimator thread 0...
[  933.044943][T17934] netlink: 44 bytes leftover after parsing attributes in process `syz.6.4021'.
[  933.120978][T17938] netlink: 'syz.5.4022': attribute type 1 has an invalid length.
[  933.153511][T17938] netlink: 212 bytes leftover after parsing attributes in process `syz.5.4022'.
[  933.162963][T17935] IPVS: using max 25 ests per chain, 60000 per kthread
[  933.493016][T17569] 8021q: adding VLAN 0 to HW filter on device batadv0
[  933.774022][T17966] loop5: detected capacity change from 0 to 1024
[  933.835170][T17966] EXT4-fs: Ignoring removed orlov option
[  933.840965][T17966] EXT4-fs: Ignoring removed nomblk_io_submit option
[  933.938566][T17966] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  934.468358][T17984] netlink: 44 bytes leftover after parsing attributes in process `syz.6.4036'.
[  934.704139][T17989] netlink: 'syz.0.4038': attribute type 1 has an invalid length.
[  934.755538][T17989] netlink: 212 bytes leftover after parsing attributes in process `syz.0.4038'.
[  934.839892][T16419] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  935.018754][T17569] veth0_vlan: entered promiscuous mode
[  935.058224][T17569] veth1_vlan: entered promiscuous mode
[  935.133375][T17569] veth0_macvtap: entered promiscuous mode
[  935.173872][T17569] veth1_macvtap: entered promiscuous mode
[  935.268561][T17569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  935.307848][T17569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  935.348510][T17569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  935.405463][T17569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  935.425784][T17569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  935.464304][T17569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  935.503408][T17569] batman_adv: batadv0: Interface activated: batadv_slave_0
[  935.540783][T17569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  935.561106][T18017] loop3: detected capacity change from 0 to 1024
[  935.565472][T17569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  935.580354][T18017] EXT4-fs: Ignoring removed orlov option
[  935.583671][T17569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  935.598873][T18017] EXT4-fs: Ignoring removed nomblk_io_submit option
[  935.606119][T18014] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4050'.
[  935.632779][T17569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  935.649029][T17569] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  935.652743][T18017] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  935.691528][T17569] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  935.729580][T18029] netlink: 'syz.6.4055': attribute type 1 has an invalid length.
[  935.939176][T17569] batman_adv: batadv0: Interface activated: batadv_slave_1
[  936.050630][T17569] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  936.118224][T17569] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  936.183972][T17569] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  936.223435][T17569] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  936.513795][T15962] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  937.764401][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  937.772457][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  937.790294][ T6014] IPVS: starting estimator thread 0...
[  937.818091][T18063] __nla_validate_parse: 1 callbacks suppressed
[  937.818112][T18063] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4069'.
[  937.865603][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  937.886166][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  937.904453][T18065] IPVS: using max 25 ests per chain, 60000 per kthread
[  938.273044][T18086] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4077'.
[  938.390334][T18091] bridge_slave_0: left allmulticast mode
[  938.423639][T18091] bridge_slave_0: left promiscuous mode
[  938.435681][T18091] bridge0: port 1(bridge_slave_0) entered disabled state
[  938.436056][T18097] netlink: 'syz.5.4076': attribute type 10 has an invalid length.
[  938.481439][T18091] bridge_slave_1: left allmulticast mode
[  938.543190][T18091] bridge_slave_1: left promiscuous mode
[  938.560302][T18091] bridge0: port 2(bridge_slave_1) entered disabled state
[  938.590190][T18091] bond0: (slave bond_slave_0): Releasing backup interface
[  938.613730][T18091] bond0: (slave bond_slave_1): Releasing backup interface
[  938.701294][T18091] team0: Port device team_slave_0 removed
[  938.749013][T18091] team0: Port device team_slave_1 removed
[  938.756356][T18091] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  938.763924][T18091] batman_adv: batadv0: Removing interface: batadv_slave_0
[  938.776431][T18091] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  938.816723][T18091] batman_adv: batadv0: Removing interface: batadv_slave_1
[  939.641940][T18097] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  939.687210][T18114] netlink: 44 bytes leftover after parsing attributes in process `syz.6.4083'.
[  940.150224][T18135] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4090'.
[  940.188554][T18135] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4090'.
[  940.587246][T18154] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4101'.
[  940.596487][ T5931] IPVS: starting estimator thread 0...
[  940.694890][T18157] IPVS: using max 25 ests per chain, 60000 per kthread
[  941.853701][T18206] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4117'.
[  941.869471][T18207] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4122'.
[  942.366448][T18235] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4129'.
[  942.396395][T18235] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4129'.
[  943.373330][T18256] __nla_validate_parse: 1 callbacks suppressed
[  943.373352][T18256] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4141'.
[  943.777327][T18283] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4154'.
[  944.073349][T18297] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4159'.
[  944.129477][T18297] bridge0: port 2(bridge_slave_1) entered disabled state
[  944.139572][T18297] bridge0: port 1(bridge_slave_0) entered disabled state
[  944.381853][T18307] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4164'.
[  945.988498][   T30] audit: type=1326 audit(2000000410.079:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18342 comm="syz.5.4180" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f764818e969 code=0x0
[  946.083411][T18349] netlink: 'syz.2.4178': attribute type 10 has an invalid length.
[  946.220169][T18345] bridge_slave_0: left allmulticast mode
[  946.335859][T18345] bridge_slave_0: left promiscuous mode
[  946.459747][T18345] bridge0: port 1(bridge_slave_0) entered disabled state
[  946.947086][T18345] bridge_slave_1: left allmulticast mode
[  946.973869][T18345] bridge_slave_1: left promiscuous mode
[  947.007301][T18345] bridge0: port 2(bridge_slave_1) entered disabled state
[  947.067933][T18345] bond0: (slave bond_slave_0): Releasing backup interface
[  947.129760][T18345] bond0: (slave bond_slave_1): Releasing backup interface
[  947.194765][T18345] team0: Port device team_slave_0 removed
[  947.221930][T18345] team0: Port device team_slave_1 removed
[  947.237390][T18345] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  947.254488][T18345] batman_adv: batadv0: Removing interface: batadv_slave_0
[  947.265726][T18345] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  947.284504][T18345] batman_adv: batadv0: Removing interface: batadv_slave_1
[  947.501054][T18349] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  947.541815][T18351] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4182'.
[  948.485310][T18386] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4195'.
[  948.817806][T16772] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  948.902336][T18406] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4202'.
[  949.004677][T16772] usb 5-1: Using ep0 maxpacket: 32
[  949.019476][T16772] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  949.029230][T16772] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  949.061919][T16772] usb 5-1: Product: syz
[  949.062447][T18413] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4205'.
[  949.080845][T16772] usb 5-1: Manufacturer: syz
[  949.090994][T16772] usb 5-1: SerialNumber: syz
[  949.110158][T18415] loop0: detected capacity change from 0 to 1024
[  949.126767][T16772] usb 5-1: config 0 descriptor??
[  949.142282][T16772] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  949.151720][T18415] EXT4-fs: Ignoring removed orlov option
[  949.167443][T18415] EXT4-fs: Ignoring removed nomblk_io_submit option
[  949.303405][T18415] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  949.598453][T16772] gspca_ov534_9: reg_w failed -71
[  949.608599][T18434] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4212'.
[  949.678757][T18434] netlink: 'syz.5.4212': attribute type 7 has an invalid length.
[  949.693181][T18434] : entered promiscuous mode
[  949.714345][ T5900] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  949.845372][T18411] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  949.897787][ T5900] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  949.937997][ T5900] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  949.959679][ T5900] usb 7-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  949.996550][ T5900] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  950.024513][T16772] gspca_ov534_9: Unknown sensor 0000
[  950.024615][T16772] ov534_9 5-1:0.0: probe with driver ov534_9 failed with error -22
[  950.048651][ T5900] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  950.070597][T16772] usb 5-1: USB disconnect, device number 67
[  950.095196][ T5900] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  950.113264][ T5900] usb 7-1: invalid MIDI out EP 0
[  950.262331][ T5900] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -22
[  950.332519][T18427] delete_channel: no stack
[  950.350367][ T5900] usb 7-1: USB disconnect, device number 3
[  950.531964][T15612] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  950.742247][T18450] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4220'.
[  950.930870][T18454] netlink: 'syz.4.4221': attribute type 4 has an invalid length.
[  951.076393][T18457] erspan0: entered promiscuous mode
[  951.109437][T18457] batman_adv: batadv0: Adding interface: macvlan2
[  951.124815][T18457] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1450) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  951.150221][    C1] vkms_vblank_simulate: vblank timer overrun
[  951.256519][T18457] batman_adv: batadv0: Interface activated: macvlan2
[  951.325652][T18459] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4222'.
[  951.326779][T18466] netlink: 7 bytes leftover after parsing attributes in process `syz.3.4226'.
[  951.434419][ T5134] Bluetooth: hci6: command tx timeout
[  951.552591][T18472] loop3: detected capacity change from 0 to 1024
[  951.571542][T18472] EXT4-fs: Ignoring removed orlov option
[  951.587922][T18472] EXT4-fs: Ignoring removed nomblk_io_submit option
[  951.618518][T18473] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4229'.
[  951.638185][T18473] netlink: 'syz.4.4229': attribute type 7 has an invalid length.
[  951.676652][T18473] : entered promiscuous mode
[  951.749650][T18472] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  951.948999][ T5847] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  952.184879][T18491] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4235'.
[  952.740218][T15962] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  952.897065][T18506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4243'.
[  953.404838][T18529] loop5: detected capacity change from 0 to 1024
[  953.424698][T18529] EXT4-fs: Ignoring removed orlov option
[  953.430642][T18529] EXT4-fs: Ignoring removed nomblk_io_submit option
[  953.449804][T18529] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  953.535750][T18534] __nla_validate_parse: 1 callbacks suppressed
[  953.535773][T18534] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4253'.
[  953.666570][T18534] netlink: 'syz.2.4253': attribute type 7 has an invalid length.
[  953.716907][T18534] : entered promiscuous mode
[  953.889732][T18544] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4259'.
[  953.961003][T18547] TCP: tcp_parse_options: Illegal window scaling value 128 > 14 received
[  954.868264][T16419] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  955.035212][T18557] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4263'.
[  955.390430][T18579] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4273'.
[  955.510774][T18582] loop5: detected capacity change from 0 to 1024
[  955.552969][T18588] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4277'.
[  955.553363][T18582] EXT4-fs: Ignoring removed orlov option
[  955.565683][T18588] netlink: 'syz.4.4277': attribute type 7 has an invalid length.
[  955.603697][T18582] EXT4-fs: Ignoring removed nomblk_io_submit option
[  955.674741][T18582] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  956.750214][T16419] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  956.885375][T18624] overlayfs: missing 'lowerdir'
[  957.111193][T18623] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4288'.
[  957.481658][T18623] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4288'.
[  959.070471][T18658] netlink: 'syz.4.4303': attribute type 10 has an invalid length.
[  959.131579][T18655] syzkaller0: entered promiscuous mode
[  959.147689][T18655] syzkaller0: entered allmulticast mode
[  959.203824][T18658] team0: Device ipvlan1 failed to register rx_handler
[  959.670926][T18678] overlayfs: missing 'lowerdir'
[  960.581050][T18693] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4316'.
[  961.277233][T18703] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4320'.
[  961.765553][ T6014] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  962.018284][ T6014] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  962.030072][ T6014] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  962.074559][ T6014] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  962.320336][ T6014] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  962.350580][ T6014] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  962.390816][ T6014] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  962.402940][ T6014] usb 5-1: invalid MIDI out EP 0
[  962.512830][ T6014] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22
[  962.610765][T17151] usb 5-1: USB disconnect, device number 68
[  962.659082][T18709] delete_channel: no stack
[  965.056658][T18753] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4341'.
[  965.146333][T18753] batadv0: entered promiscuous mode
[  965.171206][T18753] macsec1: entered promiscuous mode
[  965.189101][T18756] tipc: Started in network mode
[  965.200259][T18756] tipc: Node identity 4, cluster identity 4711
[  965.244024][T18756] tipc: Node number set to 4
[  965.285373][T18763] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4345'.
[  965.357097][T18764] loop4: detected capacity change from 0 to 1024
[  965.358300][T18763] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4345'.
[  965.376943][T18764] EXT4-fs: Ignoring removed orlov option
[  965.393912][T18764] EXT4-fs: Ignoring removed nomblk_io_submit option
[  965.457215][T18769] vlan0: entered promiscuous mode
[  965.466354][T18764] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  966.629163][T17569] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  966.662122][T18793] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4355'.
[  966.752642][T16772] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  966.955097][T16772] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  966.974031][T18800] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4357'.
[  967.067202][T16772] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  967.194573][T16772] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  967.286991][T16772] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  967.314605][ T5900] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  967.741659][T16772] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  967.770335][T16772] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  967.798350][T16772] usb 4-1: invalid MIDI out EP 0
[  968.621240][T18786] delete_channel: no stack
[  968.665755][ T5900] usb 3-1: Using ep0 maxpacket: 32
[  968.696542][ T5900] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  968.733754][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  968.760850][ T5900] usb 3-1: Product: syz
[  968.800870][ T5900] usb 3-1: Manufacturer: syz
[  968.966350][T16772] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  968.986373][T18818] vlan0: entered promiscuous mode
[  969.013614][ T5900] usb 3-1: SerialNumber: syz
[  969.062237][T16772] usb 4-1: USB disconnect, device number 56
[  969.069317][ T5900] usb 3-1: config 0 descriptor??
[  969.069489][T18820] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4364'.
[  969.101437][ T5900] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  969.526794][ T5900] gspca_ov534_9: reg_w failed -71
[  969.994371][ T5900] gspca_ov534_9: Unknown sensor 0000
[  969.994488][ T5900] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22
[  970.012243][T18820] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  970.045272][ T5900] usb 3-1: USB disconnect, device number 63
[  970.054815][T18820] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  970.080615][T18820] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  970.103369][T18820] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  970.469347][T18844] netlink: 'syz.6.4375': attribute type 10 has an invalid length.
[  970.478459][T18842] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  970.518102][T18844] team0: Device ipvlan1 failed to register rx_handler
[  970.590667][T18846] IPVS: set_ctl: invalid protocol: 92 224.0.0.2:20002
[  970.682347][T18849] netlink: 'syz.3.4376': attribute type 7 has an invalid length.
[  970.755392][T18852] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  971.314074][T18885] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4390'.
[  971.526042][T17159] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  971.714656][T17159] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  971.801394][T18900] netlink: 'syz.6.4397': attribute type 10 has an invalid length.
[  971.827199][T17159] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  971.914081][T18902] netlink: 'syz.4.4395': attribute type 7 has an invalid length.
[  971.941403][T17159] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  972.012190][T18896] bond0: (slave wlan1): Releasing backup interface
[  972.029627][T17159] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  972.054631][T17159] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  972.120847][T18900] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  972.252994][T17159] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  972.271630][T17159] usb 3-1: invalid MIDI out EP 0
[  972.490461][T18877] delete_channel: no stack
[  972.573248][T17159] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  972.609197][T17159] usb 3-1: USB disconnect, device number 64
[  972.771314][T18920] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4405'.
[  972.926477][ T5847] block nbd0: Receive control failed (result -104)
[  973.357437][T18937] netlink: 'syz.0.4412': attribute type 7 has an invalid length.
[  973.609214][T18943] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  973.616619][T18943] IPv6: NLM_F_CREATE should be set when creating new route
[  974.155227][T18959] netlink: 'syz.4.4423': attribute type 8 has an invalid length.
[  974.393058][T18967] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4421'.
[  974.559951][T18967] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4421'.
[  974.658503][T18974] netlink: 'syz.5.4429': attribute type 7 has an invalid length.
[  975.104880][T18992] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4436'.
[  975.682131][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807b425c00: rx timeout, send abort
[  975.877775][T19025] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4447'.
[  975.964662][T19025] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4447'.
[  976.182254][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807b426000: rx timeout, send abort
[  976.191170][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807b425c00: abort rx timeout. Force session deactivation
[  976.371547][T19043] loop2: detected capacity change from 0 to 1024
[  976.397762][T19043] EXT4-fs: Ignoring removed orlov option
[  976.403755][T19043] EXT4-fs: Ignoring removed nomblk_io_submit option
[  976.449200][T19043] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  976.690649][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807b426000: abort rx timeout. Force session deactivation
[  977.476414][T17071] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  977.945779][T19073] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  978.098032][T19078] vlan0: entered promiscuous mode
[  979.263247][T19108] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4478'.
[  979.292569][T19108] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4478'.
[  980.672787][T19131] tipc: Started in network mode
[  980.704447][T19131] tipc: Node identity b, cluster identity 7
[  980.766929][T19131] tipc: Node number set to 11
[  980.802342][T19131] tipc: Cannot configure node identity twice
[  981.661766][T19167] netlink: 48 bytes leftover after parsing attributes in process `syz.6.4508'.
[  982.607874][T19179] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4515'.
[  982.670607][T19183] netlink: 'syz.3.4512': attribute type 10 has an invalid length.
[  983.042948][T19205] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4520'.
[  983.101979][T19205] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4520'.
[  983.235089][T19215] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  984.717521][T19244] netlink: 208 bytes leftover after parsing attributes in process `syz.2.4538'.
[  986.223993][T19282] netlink: 208 bytes leftover after parsing attributes in process `syz.3.4556'.
[  986.330806][T19287] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  987.655727][T19314] netlink: 'syz.0.4567': attribute type 10 has an invalid length.
[  987.827667][T19314] 8021q: adding VLAN 0 to HW filter on device bond0
[  987.848861][T19314] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  991.195582][T19361] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4583'.
[  991.354646][ T5900] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  992.091790][ T5900] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  992.107864][ T5900] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  992.119441][ T5900] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  992.132709][ T5900] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  992.158665][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  992.480564][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  992.982852][ T5900] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  992.992213][ T5900] usb 5-1: invalid MIDI out EP 0
[  993.035372][ T5900] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22
[  993.235650][ T5900] usb 5-1: USB disconnect, device number 69
[  993.252547][T19370] delete_channel: no stack
[  999.152990][T19492] netlink: 'syz.2.4621': attribute type 303 has an invalid length.
[  999.268396][T19474] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4621'.
[  999.674298][T19474] syz.2.4621 (19474) used greatest stack depth: 18072 bytes left
[ 1000.002784][T19527] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4643'.
[ 1000.096336][T19529] netlink: 'syz.2.4641': attribute type 1 has an invalid length.
[ 1000.147251][T19529] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4641'.
[ 1001.677214][T19571] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4657'.
[ 1003.146490][T19605] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4670'.
[ 1003.768308][T19631] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4679'.
[ 1004.036564][T19637] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4680'.
[ 1004.442735][T19639] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4681'.
[ 1004.903713][T19657] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4688'.
[ 1005.348871][T19669] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4690'.
[ 1006.163634][T19677] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4695'.
[ 1006.588484][T19680] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4696'.
[ 1006.688208][T19681] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4696'.
[ 1006.846396][T19683] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4697'.
[ 1006.914425][T19686] tipc: Started in network mode
[ 1006.924809][T19686] tipc: Node identity 4, cluster identity 4711
[ 1006.960011][T19686] tipc: Node number set to 4
[ 1007.176282][T16772] usb 6-1: new high-speed USB device number 61 using dummy_hcd
[ 1007.539126][T16772] usb 6-1: Using ep0 maxpacket: 32
[ 1007.550162][T16772] usb 6-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[ 1007.560540][T16772] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1007.574530][T16772] usb 6-1: Product: syz
[ 1007.578788][T16772] usb 6-1: Manufacturer: syz
[ 1007.583410][T16772] usb 6-1: SerialNumber: syz
[ 1007.592386][T16772] usb 6-1: config 0 descriptor??
[ 1007.603102][T16772] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[ 1007.693636][T19711] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4707'.
[ 1008.236259][T16772] gspca_ov534_9: reg_w failed -71
[ 1008.365686][T19713] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4710'.
[ 1008.410413][T19713] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4710'.
[ 1008.894958][T16772] gspca_ov534_9: Unknown sensor 0000
[ 1008.895601][T16772] ov534_9 6-1:0.0: probe with driver ov534_9 failed with error -22
[ 1009.324389][T16772] usb 6-1: USB disconnect, device number 61
[ 1009.609533][T19738] netlink: 'syz.4.4719': attribute type 39 has an invalid length.
[ 1009.916458][ T5847] Bluetooth: hci2: command 0x0406 tx timeout
[ 1010.339191][T19760] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4725'.
[ 1011.099716][T19763] netlink: 'syz.2.4727': attribute type 1 has an invalid length.
[ 1011.132714][T19769] netlink: 256 bytes leftover after parsing attributes in process `syz.6.4730'.
[ 1011.152006][T19773] netlink: 476 bytes leftover after parsing attributes in process `syz.2.4727'.
[ 1011.171154][T19770] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4729'.
[ 1011.233852][T19773] bond_slave_0: entered promiscuous mode
[ 1011.236395][T19776] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4732'.
[ 1011.240218][T19773] netlink: 64 bytes leftover after parsing attributes in process `syz.2.4727'.
[ 1011.264405][T19773] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[ 1011.266681][T19777] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4729'.
[ 1011.363597][T19774] bond1: (slave gretap1): making interface the new active one
[ 1011.379007][T19774] bond1: (slave gretap1): Enslaving as an active interface with an up link
[ 1011.388449][T19778] syzkaller1: entered promiscuous mode
[ 1011.394123][T19778] syzkaller1: entered allmulticast mode
[ 1012.445445][ T5931] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[ 1012.607980][ T5931] usb 1-1: Using ep0 maxpacket: 32
[ 1012.664677][T19807] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4741'.
[ 1012.665494][ T5931] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[ 1012.699728][ T5931] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1012.726730][ T5931] usb 1-1: Product: syz
[ 1012.731106][ T5931] usb 1-1: Manufacturer: syz
[ 1012.744691][ T5931] usb 1-1: SerialNumber: syz
[ 1012.764142][ T5931] usb 1-1: config 0 descriptor??
[ 1012.788050][ T5931] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[ 1012.806969][T19807] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4741'.
[ 1012.962360][   T30] audit: type=1326 audit(2000000477.059:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19812 comm="syz.2.4744" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4cff38e969 code=0x0
[ 1013.451836][ T5931] gspca_ov534_9: reg_w failed -71
[ 1014.323558][ T5931] gspca_ov534_9: Unknown sensor 0000
[ 1014.323664][ T5931] ov534_9 1-1:0.0: probe with driver ov534_9 failed with error -22
[ 1014.340679][ T5931] usb 1-1: USB disconnect, device number 49
[ 1015.044651][T19841] netlink: 104 bytes leftover after parsing attributes in process `syz.4.4753'.
[ 1015.365420][T19854] netlink: 'syz.6.4759': attribute type 39 has an invalid length.
[ 1015.523093][   T30] audit: type=1326 audit(2000000479.619:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19856 comm="syz.4.4763" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ad8d8e969 code=0x0
[ 1016.167352][T19862] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4764'.
[ 1016.636624][T17159] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[ 1016.826780][T17159] usb 3-1: Using ep0 maxpacket: 32
[ 1016.887918][T17159] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[ 1016.916999][T17159] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1016.938979][T17159] usb 3-1: Product: syz
[ 1016.946081][T17159] usb 3-1: Manufacturer: syz
[ 1017.708157][T17159] usb 3-1: SerialNumber: syz
[ 1017.720675][T17159] usb 3-1: config 0 descriptor??
[ 1017.729998][T17159] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[ 1017.830096][T19901] gretap0: entered promiscuous mode
[ 1017.860491][T19901] batman_adv: batadv0: Adding interface: macvlan2
[ 1017.874436][T19901] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1017.943278][T19901] batman_adv: batadv0: Interface activated: macvlan2
[ 1018.019123][T19906] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1018.080701][T19912] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4782'.
[ 1018.105641][T19912] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4782'.
[ 1018.137866][T17159] gspca_ov534_9: reg_w failed -71
[ 1018.534808][T17159] gspca_ov534_9: Unknown sensor 0000
[ 1018.534921][T17159] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22
[ 1018.610900][T17159] usb 3-1: USB disconnect, device number 65
[ 1018.651549][T19930] loop5: detected capacity change from 0 to 1024
[ 1018.659630][T19930] EXT4-fs: Ignoring removed orlov option
[ 1018.667237][T19930] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1018.714150][T19930] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1021.171672][T19978] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1021.183629][T19984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4812'.
[ 1021.242541][T19984] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4812'.
[ 1021.262927][T19982] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4811'.
[ 1021.315749][T19982] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4811'.
[ 1021.390454][T19984] netlink: 3 bytes leftover after parsing attributes in process `syz.2.4812'.
[ 1022.010431][T16419] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1022.250712][T20013] netlink: zone id is out of range
[ 1022.256523][T20013] netlink: zone id is out of range
[ 1022.261956][T20013] netlink: zone id is out of range
[ 1022.288304][T20013] netlink: zone id is out of range
[ 1022.312157][T20013] netlink: zone id is out of range
[ 1022.317582][T20013] netlink: zone id is out of range
[ 1022.325613][T20013] netlink: zone id is out of range
[ 1022.330858][T20013] netlink: zone id is out of range
[ 1022.353821][T20013] netlink: zone id is out of range
[ 1022.368151][T20019] pim6reg1: entered promiscuous mode
[ 1022.390206][T20013] netlink: zone id is out of range
[ 1022.407856][T20019] pim6reg1: entered allmulticast mode
[ 1022.465437][T20027] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1022.520005][T20028] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4831'.
[ 1022.549553][T20028] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4831'.
[ 1022.741898][T20034] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4834'.
[ 1022.963646][T20044] loop3: detected capacity change from 0 to 1024
[ 1022.998400][T20044] EXT4-fs: Ignoring removed orlov option
[ 1023.016164][T20044] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1023.070265][T20044] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1023.083194][T20048] gretap0: entered promiscuous mode
[ 1023.119869][T20048] gretap0: left promiscuous mode
[ 1024.125860][T15962] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1024.254655][T10600] bridge_slave_1: left promiscuous mode
[ 1024.260626][T10600] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1024.342724][T20072] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4850'.
[ 1024.345601][T10600] bridge_slave_0: left allmulticast mode
[ 1024.384573][T10600] bridge_slave_0: left promiscuous mode
[ 1024.390567][T10600] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1025.873529][T20097] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1025.927630][T20098] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4858'.
[ 1026.166123][T10600] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1026.181943][T10600] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1026.193016][T10600] bond0 (unregistering): Released all slaves
[ 1026.397417][T10600] þ: left promiscuous mode
[ 1026.681528][T10600] IPVS: stopping backup sync thread 11145 ...
[ 1027.678998][T20124] netlink: 'syz.0.4868': attribute type 1 has an invalid length.
[ 1027.823312][T20128] xt_hashlimit: max too large, truncated to 1048576
[ 1027.929427][T20133] __nla_validate_parse: 1 callbacks suppressed
[ 1027.929453][T20133] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4872'.
[ 1028.387306][T10600] hsr_slave_0: left promiscuous mode
[ 1028.403432][T10600] hsr_slave_1: left promiscuous mode
[ 1028.428855][T10600] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1028.451783][T10600] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1028.482571][T20159] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1028.526502][T10600] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1028.550680][T10600] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1028.688624][T10600] veth1_macvtap: left promiscuous mode
[ 1028.889308][T10600] veth0_macvtap: left promiscuous mode
[ 1028.910703][T10600] veth1_vlan: left promiscuous mode
[ 1028.923130][T10600] veth0_vlan: left promiscuous mode
[ 1029.594343][    C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1029.754334][T16772] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[ 1029.928056][T16772] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1029.978839][T16772] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1030.019068][T16772] usb 7-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1030.032498][T16772] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1030.044344][T16772] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1030.084137][T16772] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[ 1030.124234][T16772] usb 7-1: invalid MIDI out EP 0
[ 1030.263484][T16772] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 1030.308492][T20164] delete_channel: no stack
[ 1030.333599][T16772] usb 7-1: USB disconnect, device number 4
[ 1031.415030][T10600] team0 (unregistering): Port device team_slave_1 removed
[ 1031.535071][T10600] team0 (unregistering): Port device team_slave_0 removed
[ 1031.860748][T20188] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4890'.
[ 1033.161777][T20220] net_ratelimit: 183 callbacks suppressed
[ 1033.161801][T20220] openvswitch: netlink: Flow key attr not present in new flow.
[ 1033.289097][T20229] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4909'.
[ 1033.340316][T20227] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1033.369628][T20220] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4902'.
[ 1033.393350][T20231] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4908'.
[ 1033.478589][T20231] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4908'.
[ 1033.516974][T20220] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[ 1033.531221][T20234] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4908'.
[ 1033.559848][T20234] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4908'.
[ 1034.171897][T20233] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4910'.
[ 1034.184107][T10600] IPVS: stop unused estimator thread 0...
[ 1034.903693][   T30] audit: type=1326 audit(2000000498.979:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20255 comm="syz.2.4919" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4cff38e969 code=0x0
[ 1035.538019][ T5847] Bluetooth: hci1: command 0x0406 tx timeout
[ 1035.702954][T20266] netlink: 60 bytes leftover after parsing attributes in process `syz.6.4923'.
[ 1036.824863][T20274] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4927'.
[ 1036.889407][T20276] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4925'.
[ 1037.584010][   T30] audit: type=1326 audit(2000000501.689:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20301 comm="syz.5.4939" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f764818e969 code=0x0
[ 1038.451772][T20314] __nla_validate_parse: 1 callbacks suppressed
[ 1038.451794][T20314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4942'.
[ 1038.621862][T20321] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4947'.
[ 1038.753355][T20328] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4949'.
[ 1038.774323][T20329] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4951'.
[ 1038.806380][T20331] netlink: 'syz.0.4952': attribute type 4 has an invalid length.
[ 1038.856067][T20331] netlink: 'syz.0.4952': attribute type 4 has an invalid length.
[ 1040.147006][   T30] audit: type=1326 audit(2000000504.189:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20342 comm="syz.4.4960" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ad8d8e969 code=0x0
[ 1040.278020][T20358] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4965'.
[ 1040.290182][T20358] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4965'.
[ 1040.339304][T20365] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4967'.
[ 1040.451016][T20367] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4968'.
[ 1041.753415][T20393] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4980'.
[ 1041.982566][T20402] netlink: 56 bytes leftover after parsing attributes in process `syz.0.4984'.
[ 1042.300736][   T30] audit: type=1326 audit(2000000506.389:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20408 comm="syz.3.4989" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fec2158e969 code=0x0
[ 1042.796787][T20412] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[ 1044.569457][T20443] __nla_validate_parse: 1 callbacks suppressed
[ 1044.569481][T20443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4998'.
[ 1044.734896][T20443] bond2: entered allmulticast mode
[ 1044.773437][T20452] netlink: 48 bytes leftover after parsing attributes in process `syz.3.5001'.
[ 1044.795123][T20443] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1044.826391][T20446] batadv_slave_0: entered promiscuous mode
[ 1044.849418][T20446] batadv_slave_0: entered allmulticast mode
[ 1044.902520][T20446] bond2: (slave batadv_slave_0): making interface the new active one
[ 1044.920729][T20446] bond2: (slave batadv_slave_0): Enslaving as an active interface with an up link
[ 1045.275910][   T30] audit: type=1326 audit(2000000509.369:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20462 comm="syz.0.5007" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f085c18e969 code=0x0
[ 1046.363788][T20484] netlink: 48 bytes leftover after parsing attributes in process `syz.6.5016'.
[ 1046.616015][T20498] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5022'.
[ 1046.707746][T20500] netlink: 'syz.3.5025': attribute type 5 has an invalid length.
[ 1046.765857][T20500] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5025'.
[ 1047.073828][T20522] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5035'.
[ 1047.243384][T20529] netlink: 'syz.5.5031': attribute type 29 has an invalid length.
[ 1047.307341][T20533] netlink: 'syz.5.5031': attribute type 29 has an invalid length.
[ 1047.385801][T20529] netlink: 'syz.5.5031': attribute type 10 has an invalid length.
[ 1047.414639][T20529] veth1_macvtap: left promiscuous mode
[ 1047.433804][T20529] team0: Device veth1_macvtap failed to register rx_handler
[ 1047.688572][T20545] netlink: 'syz.4.5044': attribute type 5 has an invalid length.
[ 1047.701402][T20547] netlink: 56 bytes leftover after parsing attributes in process `syz.6.5043'.
[ 1047.733304][T20545] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5044'.
[ 1047.740741][T20547] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5043'.
[ 1048.789104][T20554] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input20
[ 1049.268662][T20579] netlink: 52 bytes leftover after parsing attributes in process `syz.6.5054'.
[ 1049.649506][T20598] netlink: zone id is out of range
[ 1049.678127][   T30] audit: type=1326 audit(2000000513.759:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20594 comm="syz.4.5062" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ad8d8e969 code=0x0
[ 1050.438904][T20588] batman_adv: batadv0: Adding interface: macvlan2
[ 1050.459165][T20588] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1050.563450][T20588] batman_adv: batadv0: Interface activated: macvlan2
[ 1051.397225][   T30] audit: type=1326 audit(2000000515.499:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20631 comm="syz.2.5076" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4cff38e969 code=0x0
[ 1053.076725][   T30] audit: type=1326 audit(2000000517.139:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20668 comm="syz.5.5092" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f764818e969 code=0x0
[ 1053.821452][T20677] __nla_validate_parse: 1 callbacks suppressed
[ 1053.821476][T20677] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5093'.
[ 1053.863392][T20678] netlink: 'syz.6.5094': attribute type 1 has an invalid length.
[ 1053.920720][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[ 1053.973221][T20681] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5096'.
[ 1054.303679][T20694] netlink: 68 bytes leftover after parsing attributes in process `syz.4.5099'.
[ 1054.370286][T20701] netlink: 1 bytes leftover after parsing attributes in process `syz.0.5101'.
[ 1054.594940][T20710] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5106'.
[ 1055.018761][   T30] audit: type=1326 audit(2000000519.109:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20719 comm="syz.2.5110" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4cff38e969 code=0x0
[ 1056.142417][T20733] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5113'.
[ 1056.153201][T20735] netlink: 'syz.5.5114': attribute type 1 has an invalid length.
[ 1056.581197][T20757] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5123'.
[ 1056.812506][   T30] audit: type=1326 audit(2000000520.879:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20758 comm="syz.6.5124" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc2c1b8e969 code=0x0
[ 1057.910835][T20778] netlink: 'syz.4.5132': attribute type 1 has an invalid length.
[ 1058.876360][   T30] audit: type=1326 audit(2000000522.969:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20815 comm="syz.3.5143" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fec2158e969 code=0x0
[ 1059.791734][T20829] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5150'.
[ 1059.823393][T20829] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5150'.
[ 1059.891966][T20829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5150'.
[ 1059.938329][T20829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5150'.
[ 1060.222502][T20849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5158'.
[ 1060.409204][T20849] bond3: entered allmulticast mode
[ 1060.472229][   T30] audit: type=1326 audit(2000000524.559:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20851 comm="syz.5.5160" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f764818e969 code=0x0
[ 1060.512264][T20849] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1061.159139][T20853] bond2: (slave batadv_slave_0): Releasing active interface
[ 1061.550606][T20875] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1061.607051][T20878] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5169'.
[ 1061.634790][T20878] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5169'.
[ 1061.664491][T20884] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5169'.
[ 1061.687004][T20884] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5169'.
[ 1061.841373][T20892] loop6: detected capacity change from 0 to 1024
[ 1061.852769][T20892] EXT4-fs: Ignoring removed orlov option
[ 1061.858948][T20892] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1061.920884][T20892] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1063.063091][   T30] audit: type=1326 audit(2000000527.119:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20906 comm="syz.5.5177" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f764818e969 code=0x0
[ 1063.108847][T15148] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1063.397060][T20923] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5181'.
[ 1063.465308][T20923] bond2: entered allmulticast mode
[ 1063.471176][T20923] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1063.493178][T20930] batadv_slave_0: entered promiscuous mode
[ 1063.505524][T20930] batadv_slave_0: entered allmulticast mode
[ 1064.530287][   T30] audit: type=1326 audit(2000000528.599:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20963 comm="syz.5.5202" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f764818e969 code=0x0
[ 1064.780280][T20977] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input21
[ 1066.496569][   T30] audit: type=1326 audit(2000000530.529:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21022 comm="syz.0.5222" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f085c18e969 code=0x0
[ 1067.521034][T21044] __nla_validate_parse: 3 callbacks suppressed
[ 1067.521058][T21044] netlink: 56 bytes leftover after parsing attributes in process `syz.0.5226'.
[ 1067.546097][T21045] netlink: 'syz.6.5228': attribute type 1 has an invalid length.
[ 1067.575140][T21044] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5226'.
[ 1067.607769][T21046] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5228'.
[ 1067.758032][T21046] bond4: entered allmulticast mode
[ 1067.774803][T21046] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1068.216751][   T30] audit: type=1326 audit(2000000532.299:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21066 comm="syz.3.5238" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fec2158e969 code=0x0
[ 1069.237709][T21080] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5242'.
[ 1069.282509][T21080] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5242'.
[ 1069.353348][T21089] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5242'.
[ 1069.680372][T21101] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5248'.
[ 1069.727356][T21105] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5250'.
[ 1070.383441][   T30] audit: type=1326 audit(2000000534.479:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21114 comm="syz.4.5254" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ad8d8e969 code=0x0
[ 1071.793805][T21143] netlink: 56 bytes leftover after parsing attributes in process `syz.0.5262'.
[ 1071.835246][T21143] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5262'.
[ 1072.170908][T21153] netlink: 'syz.5.5266': attribute type 1 has an invalid length.
[ 1072.299646][T21162] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1073.767429][T21191] veth0_to_bond: entered allmulticast mode
[ 1074.085434][T21212] __nla_validate_parse: 3 callbacks suppressed
[ 1074.085457][T21212] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5289'.
[ 1074.124476][T21212] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5289'.
[ 1075.958845][T21261] netlink: 'syz.0.5308': attribute type 1 has an invalid length.
[ 1076.442013][T21264] pim6reg1: entered promiscuous mode
[ 1076.464287][T21264] pim6reg1: entered allmulticast mode
[ 1076.708046][T10600] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1077.230446][T21283] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5315'.
[ 1077.309080][T21281] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5314'.
[ 1077.765070][T21305] netlink: 'syz.3.5325': attribute type 1 has an invalid length.
[ 1078.099156][T21313] syzkaller0: entered promiscuous mode
[ 1078.110650][T21313] syzkaller0: entered allmulticast mode
[ 1078.229889][T21324] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5333'.
[ 1078.348961][T21329] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input22
[ 1078.645080][ T5134] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1078.846242][T21343] netlink: 56 bytes leftover after parsing attributes in process `syz.5.5339'.
[ 1078.856156][T21343] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5339'.
[ 1078.868303][T21343] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5339'.
[ 1079.454398][    T9] usb 6-1: new high-speed USB device number 62 using dummy_hcd
[ 1079.634379][    T9] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1079.644996][    T9] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1079.656662][    T9] usb 6-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1079.685412][    T9] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1079.709533][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1079.826900][    T9] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1079.836452][    T9] usb 6-1: invalid MIDI out EP 0
[ 1079.951437][    T9] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 1080.038390][    T9] usb 6-1: USB disconnect, device number 62
[ 1080.076926][T21347] delete_channel: no stack
[ 1081.932655][T21322] bridge1: entered allmulticast mode
[ 1082.422747][T21372] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5347'.
[ 1082.599952][T21379] netlink: 56 bytes leftover after parsing attributes in process `syz.5.5352'.
[ 1082.614572][T21379] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5352'.
[ 1082.653230][T21379] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5352'.
[ 1083.103552][   T63] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1083.702131][T21392] bridge2: entered allmulticast mode
[ 1083.987887][T21395] loop2: detected capacity change from 0 to 32768
[ 1084.095571][T21395] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[ 1084.133699][T21411] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5364'.
[ 1084.160683][T21395] 
[ 1084.163089][T21395] ======================================================
[ 1084.170135][T21395] WARNING: possible circular locking dependency detected
[ 1084.177313][T21395] 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 Not tainted
[ 1084.184443][T21395] ------------------------------------------------------
[ 1084.191513][T21395] syz.2.5358/21395 is trying to acquire lock:
[ 1084.193629][T21415] loop5: detected capacity change from 0 to 1024
[ 1084.197578][T21395] ffff88807b3ee610 (sb_internal#4){.+.+}-{0:0}, at: ocfs2_setattr+0x969/0x1b40
[ 1084.197660][T21395] 
[ 1084.197660][T21395] but task is already holding lock:
[ 1084.197670][T21395] ffff888053feea20 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_setattr+0x95a/0x1b40
[ 1084.197728][T21395] 
[ 1084.197728][T21395] which lock already depends on the new lock.
[ 1084.197728][T21395] 
[ 1084.205435][T21415] EXT4-fs: Ignoring removed orlov option
[ 1084.213159][T21395] 
[ 1084.213159][T21395] the existing dependency chain (in reverse order) is:
[ 1084.213176][T21395] 
[ 1084.213176][T21395] -> #4 (&oi->ip_alloc_sem){+.+.}-{4:4}:
[ 1084.213221][T21395]        lock_acquire+0x120/0x360
[ 1084.267900][T21395]        down_write+0x96/0x1f0
[ 1084.272682][T21395]        ocfs2_try_remove_refcount_tree+0xb6/0x320
[ 1084.279197][T21395]        ocfs2_xattr_set+0x595/0x11f0
[ 1084.284584][T21395]        ocfs2_set_acl+0x701/0x7b0
[ 1084.289710][T21395]        ocfs2_iop_set_acl+0x1aa/0x2a0
[ 1084.295190][T21395]        vfs_remove_acl+0x48c/0x700
[ 1084.300391][T21395]        ovl_workdir_create+0x508/0x810
[ 1084.305947][T21395]        ovl_get_workdir+0x324/0x1700
[ 1084.311325][T21395]        ovl_fill_super+0x1386/0x35d0
[ 1084.316701][T21395]        get_tree_nodev+0xbb/0x150
[ 1084.321813][T21395]        vfs_get_tree+0x92/0x2b0
[ 1084.326756][T21395]        do_new_mount+0x24a/0xa40
[ 1084.331787][T21395]        __se_sys_mount+0x317/0x410
[ 1084.336996][T21395]        do_syscall_64+0xf6/0x210
[ 1084.342030][T21395]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1084.348445][T21395] 
[ 1084.348445][T21395] -> #3 (&oi->ip_xattr_sem){++++}-{4:4}:
[ 1084.356291][T21395]        lock_acquire+0x120/0x360
[ 1084.361360][T21395]        down_read+0x46/0x2e0
[ 1084.366048][T21395]        ocfs2_init_acl+0x2f9/0x720
[ 1084.371258][T21395]        ocfs2_mknod+0x1321/0x2050
[ 1084.376379][T21395]        ocfs2_mkdir+0x191/0x440
[ 1084.381330][T21395]        vfs_mkdir+0x306/0x510
[ 1084.386133][T21395]        do_mkdirat+0x247/0x590
[ 1084.390983][T21395]        __x64_sys_mkdir+0x6c/0x80
[ 1084.396109][T21395]        do_syscall_64+0xf6/0x210
[ 1084.401153][T21395]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1084.407571][T21395] 
[ 1084.407571][T21395] -> #2 (jbd2_handle){++++}-{0:0}:
[ 1084.414890][T21395]        lock_acquire+0x120/0x360
[ 1084.419923][T21395]        start_this_handle+0x1fa7/0x21c0
[ 1084.425606][T21395]        jbd2__journal_start+0x2c1/0x5b0
[ 1084.431249][T21395]        jbd2_journal_start+0x2a/0x40
[ 1084.436635][T21395]        ocfs2_start_trans+0x376/0x6d0
[ 1084.442108][T21395]        ocfs2_mknod+0xe93/0x2050
[ 1084.447177][T21395]        ocfs2_mkdir+0x191/0x440
[ 1084.452121][T21395]        vfs_mkdir+0x306/0x510
[ 1084.456888][T21395]        do_mkdirat+0x247/0x590
[ 1084.461737][T21395]        __x64_sys_mkdir+0x6c/0x80
[ 1084.466850][T21395]        do_syscall_64+0xf6/0x210
[ 1084.471891][T21395]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1084.478312][T21395] 
[ 1084.478312][T21395] -> #1 (&journal->j_trans_barrier){.+.+}-{4:4}:
[ 1084.486901][T21395]        lock_acquire+0x120/0x360
[ 1084.491957][T21395]        down_read+0x46/0x2e0
[ 1084.496656][T21395]        ocfs2_start_trans+0x36a/0x6d0
[ 1084.502136][T21395]        ocfs2_mknod+0xe93/0x2050
[ 1084.507270][T21395]        ocfs2_mkdir+0x191/0x440
[ 1084.512229][T21395]        vfs_mkdir+0x306/0x510
[ 1084.517056][T21395]        do_mkdirat+0x247/0x590
[ 1084.521923][T21395]        __x64_sys_mkdir+0x6c/0x80
[ 1084.527046][T21395]        do_syscall_64+0xf6/0x210
[ 1084.532126][T21395]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1084.538558][T21395] 
[ 1084.538558][T21395] -> #0 (sb_internal#4){.+.+}-{0:0}:
[ 1084.546082][T21395]        validate_chain+0xb9b/0x2140
[ 1084.551423][T21395]        __lock_acquire+0xaac/0xd20
[ 1084.556664][T21395]        lock_acquire+0x120/0x360
[ 1084.561727][T21395]        ocfs2_start_trans+0x26b/0x6d0
[ 1084.567203][T21395]        ocfs2_setattr+0x969/0x1b40
[ 1084.572439][T21395]        notify_change+0xb36/0xe40
[ 1084.577553][T21395]        ovl_workdir_create+0x68b/0x810
[ 1084.583108][T21395]        ovl_get_workdir+0x324/0x1700
[ 1084.588494][T21395]        ovl_fill_super+0x1386/0x35d0
[ 1084.593887][T21395]        get_tree_nodev+0xbb/0x150
[ 1084.599017][T21395]        vfs_get_tree+0x92/0x2b0
[ 1084.603964][T21395]        do_new_mount+0x24a/0xa40
[ 1084.609002][T21395]        __se_sys_mount+0x317/0x410
[ 1084.614213][T21395]        do_syscall_64+0xf6/0x210
[ 1084.619305][T21395]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1084.625847][T21395] 
[ 1084.625847][T21395] other info that might help us debug this:
[ 1084.625847][T21395] 
[ 1084.636074][T21395] Chain exists of:
[ 1084.636074][T21395]   sb_internal#4 --> &oi->ip_xattr_sem --> &oi->ip_alloc_sem
[ 1084.636074][T21395] 
[ 1084.649346][T21395]  Possible unsafe locking scenario:
[ 1084.649346][T21395] 
[ 1084.656792][T21395]        CPU0                    CPU1
[ 1084.662150][T21395]        ----                    ----
[ 1084.667510][T21395]   lock(&oi->ip_alloc_sem);
[ 1084.672116][T21395]                                lock(&oi->ip_xattr_sem);
[ 1084.679275][T21395]                                lock(&oi->ip_alloc_sem);
[ 1084.686404][T21395]   rlock(sb_internal#4);
[ 1084.690762][T21395] 
[ 1084.690762][T21395]  *** DEADLOCK ***
[ 1084.690762][T21395] 
[ 1084.698907][T21395] 5 locks held by syz.2.5358/21395:
[ 1084.704109][T21395]  #0: ffff88804f5a00e0 (&type->s_umount_key#74/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970
[ 1084.714276][T21395]  #1: ffff88807b3ee420 (sb_writers#25){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[ 1084.723566][T21395]  #2: ffff888053fedf40 (&sb->s_type->i_mutex_key#35/1){+.+.}-{4:4}, at: ovl_workdir_create+0x143/0x810
[ 1084.734865][T21395]  #3: ffff888053feed80 (&sb->s_type->i_mutex_key#37){+.+.}-{4:4}, at: ovl_workdir_create+0x610/0x810
[ 1084.745932][T21395]  #4: ffff888053feea20 (&oi->ip_alloc_sem){+.+.}-{4:4}, at: ocfs2_setattr+0x95a/0x1b40
[ 1084.755821][T21395] 
[ 1084.755821][T21395] stack backtrace:
[ 1084.761737][T21395] CPU: 0 UID: 0 PID: 21395 Comm: syz.2.5358 Not tainted 6.15.0-rc5-syzkaller-00300-g3ce9925823c7 #0 PREEMPT(full) 
[ 1084.761767][T21395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1084.761783][T21395] Call Trace:
[ 1084.761794][T21395]  <TASK>
[ 1084.761805][T21395]  dump_stack_lvl+0x189/0x250
[ 1084.761851][T21395]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1084.761885][T21395]  ? __pfx__printk+0x10/0x10
[ 1084.761910][T21395]  ? print_lock_name+0xde/0x100
[ 1084.761949][T21395]  print_circular_bug+0x2ee/0x310
[ 1084.761975][T21395]  check_noncircular+0x134/0x160
[ 1084.762001][T21395]  validate_chain+0xb9b/0x2140
[ 1084.762023][T21395]  ? lockdep_unlock+0x89/0x120
[ 1084.762059][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.762090][T21395]  __lock_acquire+0xaac/0xd20
[ 1084.762124][T21395]  ? ocfs2_setattr+0x969/0x1b40
[ 1084.762148][T21395]  lock_acquire+0x120/0x360
[ 1084.762179][T21395]  ? ocfs2_setattr+0x969/0x1b40
[ 1084.762204][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.762232][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.762258][T21395]  ? do_raw_spin_unlock+0x122/0x240
[ 1084.762286][T21395]  ocfs2_start_trans+0x26b/0x6d0
[ 1084.762319][T21395]  ? ocfs2_setattr+0x969/0x1b40
[ 1084.762345][T21395]  ? __pfx_ocfs2_start_trans+0x10/0x10
[ 1084.762376][T21395]  ? setattr_prepare+0x1e7/0xac0
[ 1084.762404][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.762436][T21395]  ocfs2_setattr+0x969/0x1b40
[ 1084.762468][T21395]  ? __pfx_ocfs2_setattr+0x10/0x10
[ 1084.762491][T21395]  ? ktime_get_coarse_real_ts64_mg+0x57/0x210
[ 1084.762520][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.762546][T21395]  ? seqcount_lockdep_reader_access+0x175/0x1c0
[ 1084.762572][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.762602][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.762630][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.762656][T21395]  ? ktime_get_coarse_real_ts64_mg+0x1f5/0x210
[ 1084.762688][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.762714][T21395]  ? current_time+0x222/0x370
[ 1084.762747][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.762772][T21395]  ? evm_inode_setattr+0x1bd/0x7d0
[ 1084.762800][T21395]  ? __pfx_current_time+0x10/0x10
[ 1084.762836][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.762897][T21395]  ? try_break_deleg+0x79/0x130
[ 1084.762920][T21395]  ? __pfx_ocfs2_setattr+0x10/0x10
[ 1084.762944][T21395]  notify_change+0xb36/0xe40
[ 1084.762973][T21395]  ovl_workdir_create+0x68b/0x810
[ 1084.763001][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.763032][T21395]  ? __pfx_ovl_workdir_create+0x10/0x10
[ 1084.763062][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.763088][T21395]  ? mnt_get_write_access+0x223/0x2a0
[ 1084.763126][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.763155][T21395]  ovl_get_workdir+0x324/0x1700
[ 1084.763185][T21395]  ? __pfx_ovl_get_workdir+0x10/0x10
[ 1084.763211][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.763237][T21395]  ? __lock_acquire+0xaac/0xd20
[ 1084.763273][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.763299][T21395]  ? do_raw_spin_lock+0x121/0x290
[ 1084.763327][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.763355][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.763380][T21395]  ? do_raw_spin_unlock+0x122/0x240
[ 1084.763407][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.763433][T21395]  ? _raw_spin_unlock+0x28/0x50
[ 1084.763456][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.763482][T21395]  ? ovl_inuse_trylock+0xae/0xf0
[ 1084.763506][T21395]  ovl_fill_super+0x1386/0x35d0
[ 1084.763534][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.763561][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.763588][T21395]  ? rcu_is_watching+0x15/0xb0
[ 1084.763625][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.763653][T21395]  ? shrinker_register+0x124/0x230
[ 1084.763680][T21395]  ? __pfx_ovl_fill_super+0x10/0x10
[ 1084.763704][T21395]  ? __pfx___mutex_lock+0x10/0x10
[ 1084.763733][T21395]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1084.763766][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.763792][T21395]  ? __raw_spin_lock_init+0x45/0x100
[ 1084.763824][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.763856][T21395]  ? sget_fc+0x962/0xa40
[ 1084.763878][T21395]  ? __pfx_set_anon_super_fc+0x10/0x10
[ 1084.763901][T21395]  ? __pfx_ovl_fill_super+0x10/0x10
[ 1084.763926][T21395]  get_tree_nodev+0xbb/0x150
[ 1084.763951][T21395]  vfs_get_tree+0x92/0x2b0
[ 1084.763978][T21395]  do_new_mount+0x24a/0xa40
[ 1084.764012][T21395]  __se_sys_mount+0x317/0x410
[ 1084.764043][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.764071][T21395]  ? __pfx___se_sys_mount+0x10/0x10
[ 1084.764103][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.764130][T21395]  ? __x64_sys_mount+0x20/0xc0
[ 1084.764161][T21395]  do_syscall_64+0xf6/0x210
[ 1084.764191][T21395]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1084.764219][T21395]  ? exc_page_fault+0x91/0x110
[ 1084.764247][T21395]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1084.764272][T21395] RIP: 0033:0x7f4cff38e969
[ 1084.764294][T21395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1084.764316][T21395] RSP: 002b:00007f4d001f4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1084.764340][T21395] RAX: ffffffffffffffda RBX: 00007f4cff5b5fa0 RCX: 00007f4cff38e969
[ 1084.764358][T21395] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000
[ 1084.764374][T21395] RBP: 00007f4cff410ab1 R08: 00002000000001c0 R09: 0000000000000000
[ 1084.764390][T21395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1084.764404][T21395] R13: 0000000000000000 R14: 00007f4cff5b5fa0 R15: 00007ffcfaad6fe8
[ 1084.764430][T21395]  </TASK>
[ 1084.765472][T21415] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1084.776605][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1084.779967][T21395] overlayfs: upper fs does not support tmpfile.
[ 1084.896493][T21415] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1084.901051][T21395] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1085.059387][ T5847] Bluetooth: hci5: command 0x1003 tx timeout
[ 1085.076022][ T5134] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1085.421891][T21395] OCFS2: ERROR (device loop2): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #0 has bad signature 
[ 1085.437738][T21395] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[ 1085.447807][T21395] OCFS2: File system is now read-only.
[ 1085.453370][T21395] (syz.2.5358,21395,1):ocfs2_search_chain:1817 ERROR: status = -30
[ 1085.461643][T21395] (syz.2.5358,21395,1):ocfs2_search_chain:1940 ERROR: status = -30
[ 1085.469639][T21395] (syz.2.5358,21395,1):ocfs2_claim_suballoc_bits:2010 ERROR: status = -30
[ 1085.478276][T21395] (syz.2.5358,21395,1):ocfs2_claim_suballoc_bits:2063 ERROR: status = -30
[ 1085.486954][T21395] (syz.2.5358,21395,1):ocfs2_claim_metadata:2088 ERROR: status = -30
[ 1085.495211][T21395] (syz.2.5358,21395,1):ocfs2_claim_metadata:2101 ERROR: status = -30
[ 1085.503459][T21395] (syz.2.5358,21395,1):ocfs2_create_xattr_block:2887 ERROR: status = -30
[ 1085.512105][T21395] (syz.2.5358,21395,1):ocfs2_xattr_block_set:2968 ERROR: status = -30
[ 1085.521031][T21395] overlayfs: failed to set xattr on upper
[ 1085.527031][T21395] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1085.533949][T21395] overlayfs: ...falling back to index=off.
[ 1085.539911][T21395] overlayfs: ...falling back to uuid=null.
[ 1085.545827][T21395] overlayfs: upper fs missing required features.
[ 1085.688180][T17071] ocfs2: Unmounting device (7,2) on (node local)
[ 1085.835222][T16419] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.