last executing test programs:

2m53.600365341s ago: executing program 4 (id=120):
ioprio_set$uid(0x3, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000540)='.log\x00', 0x1c10c1, 0x9c37611dc13d0db7)
fchown(r3, 0x0, 0xee01)
fchown(r3, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000012000000000000000000"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in=@remote, 0x0, 0x400, 0x1000, 0x0, 0x2, 0x20, 0x10, 0x84}, {}, {0x0, 0x4000000000000}}}, 0xb8}}, 0x0)

2m52.475093137s ago: executing program 4 (id=125):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = syz_open_dev$loop(&(0x7f00000000c0), 0xfffffffffffff800, 0x4000)
ioctl$BLKSECTGET(r2, 0x1267, &(0x7f0000000180))
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
fstatfs(r1, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
prlimit64(r5, 0x6, &(0x7f00000000c0)={0x6, 0x6}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
r8 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
fcntl$notify(r8, 0x402, 0x29)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00')
pread64(r9, &(0x7f0000001240)=""/102400, 0x19000, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newlink={0x20, 0x10, 0x403, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r3, 0xef7b}}, 0x20}}, 0x0)

2m52.43195132s ago: executing program 4 (id=128):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
r4 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {}, {}, {0xffe0, 0x5}}, [@filter_kind_options=@f_u32={{0x8}, {0xfffffed3, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0xffffffff}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x20048850)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r3, {0xc, 0xc}, {0x0, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080)
socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1)

2m50.179175812s ago: executing program 4 (id=136):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'dh\x00', 0x10, 0x5, 0x2d}, 0x2c)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'fo\x00', 0x3a, 0x5, 0x54}, 0x2c)

2m49.943409189s ago: executing program 4 (id=139):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x2, &(0x7f00000003c0)=[{0x5, 0x9, 0xf2}, {0x6, 0x5, 0x80, 0x7f}]}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000000206030000000000000000000300000705000100070000000900020073797a31000000000c00078008001240000000050500050002000000050004000100000011000300686173683a69702c706f7274"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtfilter={0x50, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_META={0xc, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x4}}}]}]}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000005c0), &(0x7f0000000680)=0x4)
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x81)
sendmsg$nl_route(r0, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
close(r3)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, 0x0, 0x4900)

2m46.561398508s ago: executing program 4 (id=160):
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000040)={<r0=>0xffffffffffffffff, 0x4, 0x1, 0x1})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
fsmount(0xffffffffffffffff, 0x0, 0x41)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0xa, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
shmdt(0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x80000000, 0x10000000, 0xfffffffc}, 0xbf)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCBRADDBR(r6, 0x89a0, &(0x7f0000000100)='rose0\x00')
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r7, &(0x7f0000000600)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r8, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="3c0000001000030500000000fcffffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400128009000100626f6e64000000000400028008000a00", @ANYRES32=r8], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r8], 0x5c}}, 0x40)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r8], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x4c, 0x4c, 0x4, [@decl_tag={0x5, 0x0, 0x0, 0x11, 0x4, 0x5}, @volatile={0x2}, @type_tag={0x8, 0x0, 0x0, 0x12, 0x5}, @float={0xf, 0x0, 0x0, 0x10, 0x2}, @union={0x5, 0x1, 0x0, 0x5, 0x1, 0x3, [{0x5, 0x1, 0xe41}]}]}, {0x0, [0x0, 0x61]}}, &(0x7f0000000300), 0x68, 0x0, 0x1}, 0x28)
pread64(0xffffffffffffffff, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0x9, 0x3, 0x1000, 0x12258, r0, 0xfffffffa, '\x00', r8, r10, 0x5, 0x1, 0x2, 0x3}, 0x50)

2m31.320499912s ago: executing program 32 (id=160):
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000040)={<r0=>0xffffffffffffffff, 0x4, 0x1, 0x1})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
fsmount(0xffffffffffffffff, 0x0, 0x41)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0xa, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
shmdt(0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x80000000, 0x10000000, 0xfffffffc}, 0xbf)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCBRADDBR(r6, 0x89a0, &(0x7f0000000100)='rose0\x00')
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r7, &(0x7f0000000600)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r8, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="3c0000001000030500000000fcffffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400128009000100626f6e64000000000400028008000a00", @ANYRES32=r8], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r8], 0x5c}}, 0x40)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r8], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x4c, 0x4c, 0x4, [@decl_tag={0x5, 0x0, 0x0, 0x11, 0x4, 0x5}, @volatile={0x2}, @type_tag={0x8, 0x0, 0x0, 0x12, 0x5}, @float={0xf, 0x0, 0x0, 0x10, 0x2}, @union={0x5, 0x1, 0x0, 0x5, 0x1, 0x3, [{0x5, 0x1, 0xe41}]}]}, {0x0, [0x0, 0x61]}}, &(0x7f0000000300), 0x68, 0x0, 0x1}, 0x28)
pread64(0xffffffffffffffff, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0x9, 0x3, 0x1000, 0x12258, r0, 0xfffffffa, '\x00', r8, r10, 0x5, 0x1, 0x2, 0x3}, 0x50)

1m10.974931071s ago: executing program 2 (id=430):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x56202329, @empty, 0x4000005}, 0x1c)
r1 = dup(r0)
read$FUSE(r1, &(0x7f00000009c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_STATFS(r1, &(0x7f0000002a00)={0x60, 0x0, r2, {{0x7f, 0x1, 0xa, 0x401, 0x6f, 0x3, 0x9, 0x5}}}, 0x60)

1m10.527377652s ago: executing program 2 (id=431):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000c40)=ANY=[@ANYBLOB="d40000001b001d0328bd7000fcdbdf25ffffffff000000000000000000000000fe8000000000000000000000000000264e2000014e2404000200000087000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="08000000000000000100010000000000f4ffffffffffffff04000000000000000200000000000000ba410000000091ad07000000000000000000008000000000ffffff7f0000000003000000000000000400000000000000080000000000000003000000b86b6e"], 0xd4}}, 0x0)
renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c000000100003040000fff30000ea000000", @ANYRES32, @ANYBLOB], 0x5c}, 0x1, 0x0, 0x0, 0x11}, 0x4000044)
r2 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@bloom_filter={0x1e, 0x2, 0x2, 0x8, 0x80, 0xffffffffffffffff, 0x8, '\x00', 0x0, r2, 0x0, 0x2, 0x2, 0x4}, 0x50)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = socket(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/net\x00')
write(r4, &(0x7f00000000c0)="240000005a001f001007f4f9002304000a04f51108000400020100020800038005", 0x21)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
r5 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$cgroup_int(r5, 0x0, 0x0)
ioctl$LOOP_CLR_FD(r5, 0x4c01)
ioctl$TCSETAW(r3, 0x5407, &(0x7f0000000080)={0xd10, 0x7, 0xe51, 0x7, 0x16, "ffe6d914f3903273"})
setns(r5, 0x10000000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$EVIOCGABS20(r5, 0x80184560, 0x0)

1m10.059735563s ago: executing program 2 (id=433):
r0 = semget$private(0x0, 0x6, 0x0)
semtimedop(r0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)
semop(r0, &(0x7f00000000c0)=[{0x4}, {0x2}], 0x2)
semop(r0, &(0x7f0000001240)=[{}], 0x1)

1m7.860171762s ago: executing program 2 (id=442):
ioprio_set$uid(0x3, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000540)='.log\x00', 0x1c10c1, 0x9c37611dc13d0db7)
fchown(r3, 0x0, 0xee01)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000012000000000000000000"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in=@remote, 0x0, 0x400, 0x1000, 0x0, 0x2, 0x20, 0x10, 0x84}, {}, {0x0, 0x4000000000000}}}, 0xb8}}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47ba, 0x3e82, 0x60, 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

1m6.628023856s ago: executing program 2 (id=446):
r0 = io_uring_setup(0x1f1c, &(0x7f00000005c0)={0x0, 0x17d7, 0xa, 0x3, 0x283})
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
socket(0x2a, 0x2, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f0000000000)="f20000000000008508003e6e8f86a32c824a706b81acdfadc6d16ef4d5a280f4247ac655ac2b24b07b829ac6b4ef9c0ea296", 0x32, 0x4000053, &(0x7f0000000200)={0x11, 0x8, r6, 0x1, 0x40, 0x6, @broadcast}, 0x14)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x3c}}, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1m1.370568452s ago: executing program 2 (id=467):
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$kcm(0x10, 0x6, 0x10)
sendmsg$kcm(r2, 0x0, 0x48050)
sendmsg(0xffffffffffffffff, 0x0, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0x300}, {0xe}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0xf, 0x491, 0x3, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00)

44.393018909s ago: executing program 33 (id=467):
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$kcm(0x10, 0x6, 0x10)
sendmsg$kcm(r2, 0x0, 0x48050)
sendmsg(0xffffffffffffffff, 0x0, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0x300}, {0xe}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0xf, 0x491, 0x3, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00)

14.427870931s ago: executing program 6 (id=606):
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="290000001e00190f00003fffffffda060200000000e80001dd0008040d0008000c000000", 0x24}], 0x1)

14.341497477s ago: executing program 3 (id=607):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019300)={<r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'gretap0\x00', <r4=>0x0})
setsockopt$CAN_RAW_ERR_FILTER(r2, 0x65, 0x7, &(0x7f00000001c0)=0x4, 0x4)
sendmsg$can_raw(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x1d, r4}, 0x10, &(0x7f00000005c0)={&(0x7f0000000440)=@canfd={{0x4, 0x1, 0x0, 0x1}, 0x36, 0x0, 0x0, 0x0, "c2e5125998090b803796ce5cc5a115cc13c80a3eea1a09004a5845763ed8c6f643acf753f5409c76425436309f411775ff030000dd446d6291193400d6d200da"}, 0x48}, 0x1, 0x0, 0x0, 0x4044851}, 0x4b2281376c22b9a9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$kcm(0x10, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket(0x1d, 0x2, 0x6)
r5 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
keyctl$read(0xb, r5, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000200)={0x10})
r6 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000040)={0x9, 0x100, 0x0, {0xfffffffd, 0x4, 0xb, 0x8001}})
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x18)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
r8 = open(0x0, 0x64842, 0x389b0d52417bb201)
mbind(&(0x7f0000200000/0x3000)=nil, 0x3000, 0x2005, &(0x7f0000000600)=0x20002d34, 0x80000000, 0x6)
pwritev2(r8, &(0x7f0000000240), 0x0, 0x7000, 0x0, 0x3)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='numa_maps\x00')
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010007000000000000000000000a20000000000a03000000000000000100010000000900010073797a300000000048000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140000100075c0000000e0a01020000000000000000010000000900020073797a3200000000090001"], 0xec}, 0x1, 0x0, 0x0, 0x24004005}, 0x0)

14.238507254s ago: executing program 6 (id=608):
syz_io_uring_setup(0x4f6, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
bpf$MAP_CREATE(0xc00000000000018, &(0x7f0000000380)=@base={0x1e, 0xffffffff, 0x4, 0xfffffc75, 0x0, 0xffffffffffffffff, 0x1e, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x11}, 0x50)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
openat$dlm_control(0xffffffffffffff9c, 0x0, 0x8502, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r3, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

12.571674477s ago: executing program 6 (id=612):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
recvmmsg(0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x2120, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r2 = io_uring_setup(0x35c5, &(0x7f0000000040)={0x0, 0x7b4e, 0xf080, 0xc, 0xa0002f5})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000e800"], 0x28}}, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)='0', 0x1}], 0x1, 0x0, 0x3)
syz_usb_connect$sierra_net(0x3, 0x0, 0x0, 0x0)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="44000000090605000000000000000000010000050900020073797a1c0000000005000100070000000800094000000001140008801000070100001100aaaa2aaaaaaa0000540134d72a"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000)

11.666365329s ago: executing program 0 (id=614):
syz_open_procfs$userns(0x0, &(0x7f0000000140))
getpgrp(0xffffffffffffffff)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000e00)="abc662f2a7dc713d226b612e712df36db5547daf508fb74a679224", 0x1b}], 0x1}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4caeeeb0b0c17aa4", 0xc}], 0x1}}], 0x2, 0x20000044)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
accept4(r0, 0x0, 0x0, 0x800)
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

11.476491431s ago: executing program 0 (id=615):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = syz_open_dev$loop(&(0x7f00000000c0), 0xfffffffffffff800, 0x4000)
ioctl$BLKSECTGET(r2, 0x1267, &(0x7f0000000180))
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
fstatfs(r1, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
prlimit64(0x0, 0x6, &(0x7f00000000c0)={0x6, 0x6}, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, r7, 0x0, '\x00', 0x0, 0x0}, 0x50)
r8 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
fcntl$notify(r8, 0x402, 0x29)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00')
pread64(r9, &(0x7f0000001240)=""/102400, 0x19000, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newlink={0x20, 0x10, 0x403, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r3, 0xef7b}}, 0x20}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)

8.080385111s ago: executing program 3 (id=618):
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="290000001e00190f00003fffffffda060200000000e80001dd0008040d0008000c000000", 0x24}], 0x1)

7.745727274s ago: executing program 3 (id=620):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="120100001d9167204f17316a3f26010203010902120001000000000904"], 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)

7.677781459s ago: executing program 6 (id=621):
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
syz_io_uring_setup(0x2, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000))
sendmsg$rds(r3, &(0x7f0000000600)={&(0x7f0000000200)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20000040}, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000300)=0xffffffff, 0x4)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0x4}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'macvlan1\x00'})

7.076498809s ago: executing program 1 (id=623):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$kcm(0x11, 0x3, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x70bd2b, 0xfffffffe, {0x0, 0x0, 0x0, r4, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x9, 0x5, 0x3, 0x2, 0x1}, 0x48}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}}, 0x2)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r1, &(0x7f0000000640)={&(0x7f0000000380)=@xdp={0x2c, 0x8, r5, 0x40}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000200)="27030200000314000e00203c2424000000000006", 0x14}, {&(0x7f00000022c0)="6037524d630f68287629547bd5c098e381953c405689f3afe4ec", 0x1a}], 0x2}, 0x4041)

6.674622057s ago: executing program 1 (id=624):
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x2)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x6}, 0x1c)
listen(r0, 0x10040)
syz_emit_ethernet(0x52, &(0x7f0000000980)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010102, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0xc, 0xc2, 0x0, 0x0, 0x0, {[@sack={0x5, 0x1a, [0x3, 0x4, 0xe2, 0xffffffff, 0xf, 0xf0]}]}}}}}}}, 0x0)

6.470450101s ago: executing program 1 (id=626):
syz_open_procfs(0x0, &(0x7f0000000180)='numa_maps\x00')
r0 = syz_open_dev$ndb(0x0, 0x0, 0x16f081)
r1 = socket$packet(0x11, 0x2, 0x300)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = shmget$private(0x0, 0x3000, 0x2, &(0x7f0000ffd000/0x3000)=nil)
shmat(r5, &(0x7f0000ffc000/0x3000)=nil, 0x4000)
remap_file_pages(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0xfd9, 0x4000000)
setsockopt$packet_int(r1, 0x107, 0x13, &(0x7f0000000080), 0x4)
syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo\x00')
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x972, &(0x7f0000000300))
lseek(0xffffffffffffffff, 0x1, 0x2)
r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r6, &(0x7f00000003c0)={0x24, @none={0x0, 0x2}}, 0x14)
ioctl$NBD_DISCONNECT(r0, 0xab08)

6.303583242s ago: executing program 0 (id=627):
r0 = io_uring_setup(0x1f1c, &(0x7f00000005c0)={0x0, 0x17d7, 0xa, 0x3, 0x283})
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
socket(0x2a, 0x2, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x3c}}, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

5.843502283s ago: executing program 5 (id=629):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x20)
syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0)
close_range(r0, 0xffffffffffffffff, 0x400000000000000)

5.173564708s ago: executing program 1 (id=630):
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="290000001e00190f00003fffffffda060200000000e80001dd0008040d0008000c000000000500", 0x27}], 0x1)

5.00867055s ago: executing program 5 (id=631):
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0xe, 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003b80), 0x0, 0x8000)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_UNBLANKSCREEN(r4, 0x541c, 0x0)
syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

4.843568201s ago: executing program 0 (id=632):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000280)={{0x25, 0x0, 0x1ff, 0xffffffff, 'syz1\x00'}, 0x0, [0x0, 0x1ffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0xfffffffffffffffc, 0x0, 0x0, 0x10000000000000b, 0x0, 0x8000, 0x5, 0x0, 0x1d4c06aa, 0x3, 0x3ff, 0x0, 0x2, 0x0, 0xfffffffffffffff8, 0xfffffffffffffffe, 0x9, 0x0, 0x4000000000000000, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x0, 0x800000000000000, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x71, 0x100, 0x10000000000003, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x400000007, 0x0, 0x1000, 0xfffffffffffffff7, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x40000000000, 0x0, 0x1, 0x0, 0x3, 0x80000000000, 0x10, 0x100000000, 0x5, 0x100000001, 0x2, 0xfffffffffffffffe, 0x0, 0x400003, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x800000000000000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0xfffffffffffffffc]})
r1 = syz_open_dev$mouse(&(0x7f0000000080), 0x4, 0x40e00)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000100)={'mangle\x00', 0x2, [{}, {}]}, 0x48)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x97b}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0)

4.843075441s ago: executing program 1 (id=633):
syz_open_dev$video(&(0x7f0000000100), 0x3, 0x2000)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000080))
write$dsp(r3, 0x0, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0xf0, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in=@rand_addr=0x64010101, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x3f}, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x4, 0x0, 0x20}}, 0xf0}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r4, 0x25, &(0x7f0000000040)={0x1, 0x0, 0x7f, 0x7})
r5 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000001880)={'bond0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000980)=@getstats={0x1c, 0x5e, 0x1, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r6, 0x2}}, 0x1c}}, 0x20024090)
ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000380)={0x7, 0x7, 0x7e, 0x3, 0x9, "9b6ec8186d29a10e"})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80942, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = dup(r8)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r9, r9, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x4b, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f00000002c0)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
sendmsg$netlink(r9, &(0x7f0000005200)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000001080)={0x10, 0x13, 0x210, 0x70bd2c, 0x25dfdbfc}, 0x10}], 0x1, &(0x7f0000005100), 0x0, 0x40000}, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)

3.97200337s ago: executing program 0 (id=634):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$kcm(0x11, 0x3, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x70bd2b, 0xfffffffe, {0x0, 0x0, 0x0, r4, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x9, 0x5, 0x3, 0x2, 0x1}, 0x48}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}}, 0x2)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r1, &(0x7f0000000640)={&(0x7f0000000380)=@xdp={0x2c, 0x8, r5, 0x40}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000200)="27030200000314000e00203c2424000000000006", 0x14}, {&(0x7f00000022c0)="6037524d630f68287629547bd5c098e381953c405689f3afe4ec", 0x1a}], 0x2}, 0x4041)

3.783010073s ago: executing program 5 (id=635):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
ioctl$BLKSECTGET(0xffffffffffffffff, 0x1267, &(0x7f0000000180))
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
fstatfs(r1, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
prlimit64(r4, 0x6, &(0x7f00000000c0)={0x6, 0x6}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
r7 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
fcntl$notify(r7, 0x402, 0x29)
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00')
pread64(r8, &(0x7f0000001240)=""/102400, 0x19000, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newlink={0x20, 0x10, 0x403, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r2, 0xef7b}}, 0x20}}, 0x0)

3.466564514s ago: executing program 3 (id=636):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x106f)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10, 0x0}, 0x0)
syz_io_uring_setup(0x2, 0x0, 0x0, 0x0, &(0x7f0000000000))
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000200)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20000040}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000300)=0xffffffff, 0x4)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0x4}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'macvlan1\x00'})

3.116898688s ago: executing program 0 (id=637):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = syz_open_dev$loop(&(0x7f00000000c0), 0xfffffffffffff800, 0x4000)
ioctl$BLKSECTGET(r2, 0x1267, &(0x7f0000000180))
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
fstatfs(r1, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
prlimit64(r5, 0x6, &(0x7f00000000c0)={0x6, 0x6}, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, r8, 0x0, '\x00', 0x0, 0x0}, 0x50)
r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
fcntl$notify(r9, 0x402, 0x29)
r10 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00')
pread64(r10, &(0x7f0000001240)=""/102400, 0x19000, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newlink={0x20, 0x10, 0x403, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r3, 0xef7b}}, 0x20}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)

2.846707137s ago: executing program 5 (id=638):
socket$alg(0x26, 0x5, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89c, 0xc000, 0xa, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xfff0}, {0xe, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
io_uring_enter(r0, 0x2219, 0x7725, 0x16, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50)

2.223500089s ago: executing program 3 (id=639):
socket$kcm(0x10, 0x400000002, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x40000071, 0x0, 0x1ff}]})

2.096604647s ago: executing program 5 (id=640):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000001b00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=""/54, 0x36}, 0x10008}], 0x1, 0x820b, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x4d, &(0x7f0000000180)=0x8, 0x4)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x2409c8c1, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0)

1.896193271s ago: executing program 3 (id=641):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x62040200)
r2 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
set_mempolicy(0x3, &(0x7f0000000040)=0xe3, 0x8)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x40800)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
syz_usb_connect(0x5, 0x0, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

1.805294057s ago: executing program 5 (id=642):
syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
unshare(0x8000000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x15)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1)
open$dir(0x0, 0xa001, 0x0)
r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000100)={0x3, 0x980900})
r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f0000000280)={0x3, 0x980900, 0x2eae0342ca72d7e8})
ioctl$VIDIOC_QUERYMENU(r5, 0xc008561c, &(0x7f00000001c0)={0x980900, 0xfffffff2, @value=0x9})
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000003a00010326bd7000fcfeffff060000001338231bb104"], 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x0)
r6 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r6, &(0x7f0000000180)={0xa, 0x0, 0x403ffd, @loopback, 0x7cfd1f0f}, 0x20)
socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r6, &(0x7f00000004c0)={0xa, 0x7, 0x200000, @rand_addr=' \x01\x00', 0x8}, 0x20)
madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4)
syz_clone(0x840980, &(0x7f00000002c0)="e482173e05231ecb8fbd1c381aea92dc191c3904a0d2941b33b88368b300b38a931c0c5a30c45804e2be2171d5445952f1de15db4ec7ed3a26a451c50d39c02ba635b382bc596533d5e5b6dbc351629c6f8d2400b867335a42d9d39ee297d55561b84d12f8e61a8ea9dd9a26fd60376cab8af4caca5181b4403076460219cf46f18505cdcef6eeb5b7c3268d7224748f0228b49db87cf8", 0x97, &(0x7f0000000100), &(0x7f0000000380), 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), r2)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x101800, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))

1.61721372s ago: executing program 6 (id=643):
r0 = io_uring_setup(0x1f1c, &(0x7f00000005c0)={0x0, 0x17d7, 0xa, 0x3, 0x283})
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
socket(0x2a, 0x2, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x3c}}, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

477.443947ms ago: executing program 6 (id=644):
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0x2000000000000021, 0x2, 0x10000000000002)
socket$nl_route(0x10, 0x3, 0x0)
connect$rxrpc(r2, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r2, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r2, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)

0s ago: executing program 1 (id=645):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@local, @local}, 0x10)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x1, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10)
setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0xfb, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c)
close(r1)

kernel console output (not intermixed with test programs):

_0: link becomes ready
[   69.336558][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   69.346353][ T4185] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   69.379598][ T4186] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.390160][ T4185] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   69.401994][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   69.411719][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   69.449920][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   69.458989][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   69.468703][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   69.478000][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   69.490173][ T4184] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   69.504467][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   69.513097][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   69.532991][ T4186] 8021q: adding VLAN 0 to HW filter on device team0
[   69.543226][ T4187] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   69.576380][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   69.592070][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   69.603298][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.610464][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.622793][ T4183] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.630014][ T4187] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   69.642838][ T4187] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   69.675734][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   69.684965][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   69.694216][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   69.704678][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.712038][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.722070][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   69.731715][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   69.740977][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   69.750981][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   69.763068][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   69.784954][ T4187] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   69.800031][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   69.815953][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   69.845537][ T4186] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   69.857649][ T4186] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   69.873213][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   69.888729][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   69.897931][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   69.908389][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   69.917827][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   69.928293][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   69.941002][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   69.972012][ T4183] 8021q: adding VLAN 0 to HW filter on device team0
[   69.983955][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   69.994443][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   70.037454][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   70.047354][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   70.056761][ T1124] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.065009][ T1124] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.075677][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   70.086156][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   70.095126][ T1124] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.102277][ T1124] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.111999][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   70.137212][ T4185] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.155409][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   70.164942][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   70.178453][ T4184] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.206582][ T4185] 8021q: adding VLAN 0 to HW filter on device team0
[   70.216732][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   70.229256][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   70.238621][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   70.250102][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   70.299716][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   70.315343][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   70.322058][ T1107] Bluetooth: hci3: command 0x041b tx timeout
[   70.330132][ T1107] Bluetooth: hci1: command 0x041b tx timeout
[   70.331795][ T4230] Bluetooth: hci4: command 0x041b tx timeout
[   70.343074][ T4230] Bluetooth: hci0: command 0x041b tx timeout
[   70.353048][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   70.361097][ T1107] Bluetooth: hci2: command 0x041b tx timeout
[   70.364272][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   70.377478][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   70.387203][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   70.400228][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   70.414913][ T1277] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.422171][ T1277] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.430273][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   70.439989][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   70.449663][ T1277] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.456850][ T1277] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.466523][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   70.478184][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   70.494832][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   70.503933][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   70.518522][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   70.526995][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   70.544173][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   70.557380][ T4183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   70.578366][ T4186] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.620157][ T4185] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   70.631229][ T4185] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   70.645900][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   70.657943][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   70.668303][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   70.678169][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   70.687817][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   70.698491][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   70.708389][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   70.718996][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   70.728648][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   70.736921][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   70.796404][ T4187] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.838974][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   70.851285][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   70.913861][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   70.937631][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   70.968486][ T4187] 8021q: adding VLAN 0 to HW filter on device team0
[   71.017294][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   71.035908][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   71.046437][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   71.055303][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   71.065678][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   71.074772][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   71.111597][ T4186] device veth0_vlan entered promiscuous mode
[   71.121733][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   71.132524][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   71.142825][ T1124] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.150100][ T1124] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.158976][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   71.166926][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   71.175683][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   71.186132][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   71.195593][ T1124] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.203016][ T1124] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.211476][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   71.221013][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   71.229842][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   71.248339][ T4183] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.260457][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   71.269602][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   71.287267][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   71.334052][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   71.344550][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   71.354421][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   71.369377][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   71.378555][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   71.387911][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   71.397203][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   71.406414][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   71.416210][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   71.425549][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   71.434886][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   71.443219][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   71.451746][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   71.460101][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   71.472381][ T4184] device veth0_vlan entered promiscuous mode
[   71.485446][ T4186] device veth1_vlan entered promiscuous mode
[   71.495771][ T4187] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   71.521978][ T4185] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.546208][ T4184] device veth1_vlan entered promiscuous mode
[   71.566523][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   71.578416][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   71.596902][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   71.609383][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[   71.616013][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[   71.626930][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   71.635698][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   71.644754][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   71.654295][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   71.662634][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   71.709943][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   71.719921][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   71.733168][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   71.743081][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   71.754122][ T4183] device veth0_vlan entered promiscuous mode
[   71.777616][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   71.788801][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   71.802413][ T4186] device veth0_macvtap entered promiscuous mode
[   71.828780][ T4183] device veth1_vlan entered promiscuous mode
[   71.844063][ T4184] device veth0_macvtap entered promiscuous mode
[   71.858603][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   71.869203][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   71.884707][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   71.899868][ T4185] device veth0_vlan entered promiscuous mode
[   71.911058][ T4186] device veth1_macvtap entered promiscuous mode
[   71.922012][ T4184] device veth1_macvtap entered promiscuous mode
[   71.943158][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   71.952389][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   71.960953][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   71.975921][ T4185] device veth1_vlan entered promiscuous mode
[   72.011740][ T4186] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.035624][ T4187] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.049219][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   72.058455][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   72.068951][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   72.079301][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   72.090639][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   72.098194][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   72.109254][ T4186] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.127439][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.138807][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.151978][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.159449][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   72.170589][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   72.179816][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   72.192066][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   72.202619][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   72.211591][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   72.226042][ T4183] device veth0_macvtap entered promiscuous mode
[   72.242416][ T4186] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.253121][ T4186] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.263351][ T4186] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.272446][ T4186] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.298663][ T4183] device veth1_macvtap entered promiscuous mode
[   72.313089][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   72.326044][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   72.335826][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   72.345416][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   72.380941][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.392350][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.402095][   T23] Bluetooth: hci2: command 0x040f tx timeout
[   72.404980][ T4229] Bluetooth: hci1: command 0x040f tx timeout
[   72.415538][ T4229] Bluetooth: hci0: command 0x040f tx timeout
[   72.423684][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.431332][ T4229] Bluetooth: hci4: command 0x040f tx timeout
[   72.437405][ T4229] Bluetooth: hci3: command 0x040f tx timeout
[   72.448933][ T4184] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.469467][ T4184] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.480010][ T4184] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.491891][ T4184] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.516504][ T4187] device veth0_vlan entered promiscuous mode
[   72.532999][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   72.547942][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   72.558071][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   72.572742][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   72.581762][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   72.590557][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   72.599355][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   72.608057][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   72.619996][ T4185] device veth0_macvtap entered promiscuous mode
[   72.651490][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.668876][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.679977][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.694740][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.707281][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.721490][ T4185] device veth1_macvtap entered promiscuous mode
[   72.738231][ T4187] device veth1_vlan entered promiscuous mode
[   72.751631][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   72.761826][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   72.770157][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   72.779795][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   72.788835][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   72.800867][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.813883][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.824028][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   72.836334][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   72.849466][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.875044][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   72.888827][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   72.902158][ T4183] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.913649][ T4183] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.923456][ T4183] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.932715][ T4183] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.977451][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   72.989478][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.000693][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.011989][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.022202][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.032769][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.045645][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.069904][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   73.084371][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   73.094406][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   73.103811][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   73.119761][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.119767][ T4187] device veth0_macvtap entered promiscuous mode
[   73.141367][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.150749][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.164244][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.175280][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.186721][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.197031][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.210633][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.223574][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.243715][ T4187] device veth1_macvtap entered promiscuous mode
[   73.252842][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   73.262001][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   73.271914][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   73.280665][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   73.292361][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   73.319715][ T4185] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.329246][ T4185] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.338513][ T4185] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.347660][ T4185] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.421363][ T1277] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.429252][ T1277] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.436088][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.454789][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.467357][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.479481][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.489984][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.501614][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.512432][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.524694][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.537012][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.554213][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   73.566960][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   73.582263][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   73.607025][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.623569][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.635289][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.646714][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.657838][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.669248][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.679775][ T4187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.692286][ T4187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.714277][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.726922][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.743312][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.758890][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   73.769823][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   73.789718][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   73.801016][ T4187] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.809774][ T4187] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.822622][ T4187] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.832677][ T4187] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.885727][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.906422][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.937638][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   73.982607][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.014775][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.038034][ T4254] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   74.048175][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.097482][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.120982][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   74.138173][ T1124] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.168366][ T1124] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.201071][ T4254] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   74.216128][ T4254] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.230928][ T4254] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.256907][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   74.292446][ T1124] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.310224][ T1124] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.342960][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   74.383485][ T4254] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.397949][ T4254] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.465846][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   74.480763][ T1107] Bluetooth: hci3: command 0x0419 tx timeout
[   74.487024][ T1107] Bluetooth: hci4: command 0x0419 tx timeout
[   74.530567][ T1107] Bluetooth: hci0: command 0x0419 tx timeout
[   74.549724][ T1107] Bluetooth: hci1: command 0x0419 tx timeout
[   74.556514][ T4279] capability: warning: `syz.2.3' uses 32-bit capabilities (legacy support in use)
[   74.566808][ T1107] Bluetooth: hci2: command 0x0419 tx timeout
[   74.661946][ T4279] program syz.2.3 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   75.015493][ T4295] tipc: Started in network mode
[   75.024753][ T4295] tipc: Node identity fe80000000000000000000000000004, cluster identity 4711
[   75.067510][ T4295] tipc: Enabled bearer <udp:syz0>, priority 10
[   75.094827][ T4290] netlink: 'syz.2.7': attribute type 8 has an invalid length.
[   76.183302][ T4194] tipc: Node number set to 4269801536
[   76.446743][ T4314] loop0: detected capacity change from 0 to 128
[   76.569009][ T4316] device syzkaller0 entered promiscuous mode
[   76.773197][ T4314] FAT-fs (loop0): error, corrupted directory (invalid i_start)
[   76.825335][ T4314] FAT-fs (loop0): Filesystem has been set read-only
[   77.085610][ T4328] loop3: detected capacity change from 0 to 4096
[   78.348050][ T4328] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,barrier=0x0000000000000857,,errors=continue. Quota mode: writeback.
[   78.440324][    C0] sched: RT throttling activated
[   78.560130][ T4340] loop1: detected capacity change from 0 to 512
[   78.581822][ T4340] =======================================================
[   78.581822][ T4340] WARNING: The mand mount option has been deprecated and
[   78.581822][ T4340]          and is ignored by this kernel. Remove the mand
[   78.581822][ T4340]          option from the mount to silence this warning.
[   78.581822][ T4340] =======================================================
[   78.826663][ T4340] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   78.857537][ T4340] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   79.370965][ T4327] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.766442][ T4327] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.828115][ T4352] netlink: 4 bytes leftover after parsing attributes in process `syz.1.25'.
[   79.962899][ T4327] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.069092][ T4327] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.095543][ T4359] netlink: 12 bytes leftover after parsing attributes in process `syz.4.27'.
[   80.157354][ T4361] loop1: detected capacity change from 0 to 2048
[   80.225134][ T4361] EXT4-fs (loop1): mounted filesystem without journal. Opts: min_batch_time=0x000000000000002d,mb_optimize_scan=0x0000000000000001,noblock_validity,,errors=continue. Quota mode: none.
[   80.399317][ T4360] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[   80.451448][ T4327] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.532244][ T4327] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.598000][ T4327] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.661776][ T4327] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.767444][ T4370] loop1: detected capacity change from 0 to 1024
[   80.916499][ T4370] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   80.971429][ T4374] netlink: 27 bytes leftover after parsing attributes in process `syz.3.31'.
[   81.432992][ T4383] tipc: Failed to obtain node identity
[   81.459315][ T4383] tipc: Enabling of bearer <ib:wg1> rejected, failed to enable media
[   81.931413][ T4391] netlink: 8 bytes leftover after parsing attributes in process `syz.1.35'.
[   82.058141][ T4394] loop2: detected capacity change from 0 to 512
[   82.114218][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805fce4400: rx timeout, send abort
[   82.396760][ T4396] Invalid ELF header magic: != ELF
[   82.436305][ T4394] EXT4-fs (loop2): 1 orphan inode deleted
[   82.470649][ T4394] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   82.623836][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805fce4400: abort rx timeout. Force session deactivation
[   82.676420][ T4394] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   82.758505][ T4404] loop3: detected capacity change from 0 to 512
[   82.851662][ T4404] EXT4-fs (loop3): Unrecognized mount option "fowner=00000000000000000000" or missing value
[   82.862736][ T4402] loop1: detected capacity change from 0 to 4096
[   83.193345][ T4406] loop3: detected capacity change from 0 to 1024
[   83.252947][ T4409] netlink: 12 bytes leftover after parsing attributes in process `syz.1.41'.
[   83.266951][ T4406] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[   83.314693][ T4406] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   83.341871][ T4411] loop0: detected capacity change from 0 to 736
[   83.424670][ T4406] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,delalloc,debug_want_extra_isize=0x00000000000002bc,nodioread_nolock,dioread_nolock,sysvgroups,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback.
[   83.955664][ T4417] loop2: detected capacity change from 0 to 512
[   84.067589][ T4417] EXT4-fs (loop2): Ignoring removed nobh option
[   84.163582][ T4254] Bluetooth: hci5: Frame reassembly failed (-84)
[   84.182176][ T4417] EXT4-fs (loop2): corrupt root inode, run e2fsck
[   84.189045][ T4417] EXT4-fs (loop2): mount failed
[   84.229169][ T4427] netlink: 8 bytes leftover after parsing attributes in process `syz.0.47'.
[   84.301194][ T4427] netlink: 356 bytes leftover after parsing attributes in process `syz.0.47'.
[   84.497575][ T4429] device syzkaller0 entered promiscuous mode
[   84.988338][ T4443] hub 8-0:1.0: USB hub found
[   84.996196][ T4443] hub 8-0:1.0: 1 port detected
[   85.806557][ T4449] loop2: detected capacity change from 0 to 128
[   85.911002][   T26] audit: type=1800 audit(1775725468.120:2): pid=4449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.54" name="file2" dev="loop2" ino=1048592 res=0 errno=0
[   85.953695][ T4449] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006)
[   85.985270][ T4449] FAT-fs (loop2): Filesystem has been set read-only
[   86.004397][ T4449] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006)
[   86.028469][ T4449] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006)
[   86.069430][ T4449] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006)
[   86.108943][ T4449] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006)
[   86.183965][ T4449] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006)
[   86.225392][ T4449] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006)
[   86.234173][ T4455] loop0: detected capacity change from 0 to 512
[   86.242497][ T4194] Bluetooth: hci0: command 0x0401 tx timeout
[   86.250448][ T4194] Bluetooth: hci5: command 0x1003 tx timeout
[   86.270564][ T4449] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006)
[   86.299986][ T4201] Bluetooth: hci5: sending frame failed (-49)
[   86.323035][ T4449] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006)
[   86.346369][ T4449] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006)
[   86.359459][ T4455] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[   86.379034][ T4455] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[   86.414086][ T4457] Illegal XDP return value 32768, expect packet loss!
[   86.468038][ T4455] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #2: block 4: comm syz.0.57: lblock 0 mapped to illegal pblock 4 (length 1)
[   86.534384][ T4455] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.57: error -117 reading directory block
[   86.632220][ T4455] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117
[   86.650425][ T4455] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,init_itable=0x0000000000000040,abort,mblk_io_submit,stripe=0x00000000000001f5,grpjquota=.discard,nolazytime,jqfmt=vfsv1,mblk_io_submit,,,errors=continue. Quota mode: writeback.
[   86.706284][ T4461] loop1: detected capacity change from 0 to 512
[   86.771314][ T4455] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #2: block 4: comm syz.0.57: lblock 0 mapped to illegal pblock 4 (length 1)
[   86.842021][ T4461] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   86.877428][ T4455] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.57: error -117 reading directory block
[   87.001439][   T13] cfg80211: failed to load regulatory.db
[   87.003295][ T4461] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   87.171000][   T26] audit: type=1800 audit(1775725469.390:3): pid=4464 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.59" name="file2" dev="loop1" ino=16 res=0 errno=0
[   87.223481][ T4466] netlink: 32 bytes leftover after parsing attributes in process `syz.0.60'.
[   87.280516][ T4466] tipc: Invalid UDP bearer configuration
[   87.280565][ T4466] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[   88.448356][ T4194] Bluetooth: hci5: command 0x1001 tx timeout
[   88.603216][ T4201] Bluetooth: hci5: sending frame failed (-49)
[   89.223551][ T4484] device syzkaller0 entered promiscuous mode
[   89.697908][ T4486] loop2: detected capacity change from 0 to 512
[   89.801933][ T4486] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.67: invalid indirect mapped block 256 (level 2)
[   89.902400][ T4486] EXT4-fs (loop2): 2 truncates cleaned up
[   89.908207][ T4486] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,auto_da_alloc,lazytime,journal_dev=0x0000000000000006,,errors=continue. Quota mode: writeback.
[   90.059633][ T4486] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.67: bg 0: block 5: invalid block bitmap
[   90.349362][ T4482] loop1: detected capacity change from 0 to 32768
[   90.418958][ T4482] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   90.447808][ T4482] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   90.550802][ T4482] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[   90.577296][ T4194] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   90.615531][ T4194] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[   90.654012][ T4493] loop2: detected capacity change from 0 to 512
[   90.733553][ T4493] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.69: invalid indirect mapped block 256 (level 2)
[   90.861407][ T4493] EXT4-fs (loop2): 2 truncates cleaned up
[   90.868587][ T4493] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,auto_da_alloc,lazytime,journal_dev=0x0000000000000006,,errors=continue. Quota mode: writeback.
[   90.920520][ T4194] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 304ms
[   90.932082][ T4194] gfs2: fsid=syz:syz.0: jid=0: Done
[   90.944292][ T4482] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   90.952516][ T4194] Bluetooth: hci5: command 0x1009 tx timeout
[   92.189021][   T26] audit: type=1326 audit(1775725473.600:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4494 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb655ee819 code=0x7ffc0000
[   92.234403][ T4482] gfs2: fsid=syz:syz.0: can't start logd thread: -4
[   92.681842][   T26] audit: type=1326 audit(1775725473.600:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4494 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb655ee819 code=0x7ffc0000
[   92.761793][   T26] audit: type=1326 audit(1775725473.700:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4494 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fcb655ee819 code=0x7ffc0000
[   92.791587][   T26] audit: type=1326 audit(1775725473.700:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4494 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb655ee819 code=0x7ffc0000
[   92.822655][   T26] audit: type=1326 audit(1775725473.700:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4494 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb655ee819 code=0x7ffc0000
[   92.847845][   T26] audit: type=1326 audit(1775725473.800:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4494 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcb655ee819 code=0x7ffc0000
[   92.872274][   T26] audit: type=1326 audit(1775725473.800:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4494 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb655ee819 code=0x7ffc0000
[   92.895181][   T26] audit: type=1326 audit(1775725473.800:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4494 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb655ee819 code=0x7ffc0000
[   92.941810][   T26] audit: type=1326 audit(1775725473.900:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4494 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fcb655ee819 code=0x7ffc0000
[   93.029958][ T4506] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   93.054879][   T26] audit: type=1326 audit(1775725473.900:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4494 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb655ee819 code=0x7ffc0000
[   93.277328][ T4514] device syzkaller0 entered promiscuous mode
[   94.001456][ T4527] netlink: 40 bytes leftover after parsing attributes in process `syz.1.79'.
[   94.192795][ T4523] xt_CT: No such helper "snmp_trap"
[   94.344454][ T4535] loop0: detected capacity change from 0 to 512
[   94.602125][ T4535] EXT4-fs error (device loop0): ext4_expand_extra_isize_ea:2757: inode #11: comm syz.0.81: corrupted xattr block 95
[   94.709151][ T4535] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2807: Unable to expand inode 11. Delete some EAs or run e2fsck.
[   94.817330][ T4554] SET target dimension over the limit!
[   94.883903][ T4535] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm syz.0.81: bg 0: block 7: invalid block bitmap
[   95.144575][ T4535] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6192: Corrupt filesystem
[   95.527576][ T4535] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2923: inode #11: comm syz.0.81: corrupted xattr block 95
[   95.667717][ T4557] capability: warning: `syz.3.89' uses deprecated v2 capabilities in a way that may be insecure
[   95.693148][ T4535] EXT4-fs warning (device loop0): ext4_evict_inode:302: xattr delete (err -117)
[   95.710712][ T4535] EXT4-fs (loop0): 1 orphan inode deleted
[   95.717283][ T4535] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   95.749640][ T4559] loop2: detected capacity change from 0 to 512
[   96.071404][ T4573] loop1: detected capacity change from 0 to 128
[   96.904336][ T4584] netlink: 40 bytes leftover after parsing attributes in process `syz.4.95'.
[   97.180243][ T4596] Zero length message leads to an empty skb
[   97.203657][ T4596] netlink: 20 bytes leftover after parsing attributes in process `syz.1.99'.
[   97.224213][ T4596] netlink: 60 bytes leftover after parsing attributes in process `syz.1.99'.
[   97.365060][ T4602] loop0: detected capacity change from 0 to 256
[   98.206566][ T4612] loop2: detected capacity change from 0 to 736
[   98.260669][ T2239] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   98.345972][ T4606] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[   98.356533][ T4606] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[   98.461469][   T23] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[   98.931486][   T23] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   99.085741][   T23] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   99.118171][   T23] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   99.137257][   T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.352485][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!!
[   99.402858][ T4619] netlink: 40 bytes leftover after parsing attributes in process `syz.1.108'.
[   99.482598][ T2239] usb 4-1: config 0 has an invalid interface number: 64 but max is 0
[   99.502932][ T2239] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   99.529164][ T2239] usb 4-1: config 0 has no interface number 0
[   99.767281][ T2239] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[   99.808335][ T2239] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.824728][ T2239] usb 4-1: Product: syz
[   99.912513][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[   99.921763][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[   99.931165][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[   99.940582][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[   99.949774][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[   99.958849][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[   99.968103][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[   99.977234][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[   99.987009][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!!
[  100.667390][ T2239] usb 4-1: Manufacturer: syz
[  101.022172][   T23] usb 1-1: usb_control_msg returned -71
[  101.028193][   T23] usbtmc 1-1:16.0: can't read capabilities
[  101.030673][ T2239] usb 4-1: SerialNumber: syz
[  101.080615][ T2239] usb 4-1: config 0 descriptor??
[  101.121714][   T23] usb 1-1: USB disconnect, device number 2
[  101.154032][ T2239] usb 4-1: can't set config #0, error -71
[  101.357815][ T4640] netlink: 20 bytes leftover after parsing attributes in process `syz.2.113'.
[  101.368503][ T2239] usb 4-1: USB disconnect, device number 2
[  101.399043][ T4618] bond1 (unregistering): Released all slaves
[  101.449576][ T4640] netlink: 60 bytes leftover after parsing attributes in process `syz.2.113'.
[  101.539575][ T4635] netlink: 'syz.0.111': attribute type 1 has an invalid length.
[  101.761958][ T4644] block device autoloading is deprecated and will be removed.
[  103.403192][   T26] kauditd_printk_skb: 4 callbacks suppressed
[  103.403208][   T26] audit: type=1800 audit(1775725485.620:18): pid=4651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.116" name="bus" dev="ramfs" ino=33638 res=0 errno=0
[  104.437684][ T4677] device syzkaller0 entered promiscuous mode
[  104.451736][ T4677] 0: reclassify loop, rule prio 0, protocol 800
[  104.469343][ T4680] netlink: 20 bytes leftover after parsing attributes in process `syz.2.124'.
[  104.596010][ T4680] netlink: 60 bytes leftover after parsing attributes in process `syz.2.124'.
[  104.643708][ T4681] netlink: 12 bytes leftover after parsing attributes in process `syz.4.128'.
[  106.884425][ T4724] loop0: detected capacity change from 0 to 256
[  106.930420][   T13] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  106.960275][ T4724] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d)
[  106.989341][   T26] audit: type=1800 audit(1775725489.200:19): pid=4724 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.138" name="file1" dev="loop0" ino=1048594 res=0 errno=0
[  107.178845][ T4730] netlink: 20 bytes leftover after parsing attributes in process `syz.0.140'.
[  107.179568][ T4730] netlink: 60 bytes leftover after parsing attributes in process `syz.0.140'.
[  107.363268][   T13] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  107.363290][   T13] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  107.451269][   T13] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  107.451295][   T13] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  107.451310][   T13] usb 3-1: SerialNumber: syz
[  107.737478][   T13] usb 3-1: 0:2 : does not exist
[  107.737626][   T13] usb 3-1: unit 5: unexpected type 0x0c
[  107.824146][   T13] usb 3-1: USB disconnect, device number 2
[  108.121751][ T4324] udevd[4324]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  108.385611][ T4744] loop0: detected capacity change from 0 to 512
[  109.177926][   T26] audit: type=1800 audit(1775725491.390:20): pid=4744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.145" name="file1" dev="loop0" ino=1048595 res=0 errno=0
[  109.199483][    C0] vkms_vblank_simulate: vblank timer overrun
[  109.232559][ T4744] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003)
[  109.310676][ T4744] FAT-fs (loop0): Filesystem has been set read-only
[  109.380966][ T4751] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  109.434184][ T4758] loop3: detected capacity change from 0 to 256
[  109.535871][ T4751] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 548)
[  109.546196][ T4758] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  109.600914][ T4761] netlink: 20 bytes leftover after parsing attributes in process `syz.2.151'.
[  109.646705][ T4761] netlink: 60 bytes leftover after parsing attributes in process `syz.2.151'.
[  110.090206][ T4727] ODEBUG: Out of memory. ODEBUG disabled
[  110.751479][ T4775] loop2: detected capacity change from 0 to 4096
[  110.921349][ T4775] ntfs3: Invalid value for dmask.
[  113.142316][ T4786] netlink: 'syz.4.160': attribute type 1 has an invalid length.
[  113.245113][ T4808] netlink: 20 bytes leftover after parsing attributes in process `syz.3.167'.
[  114.211295][ T4808] netlink: 60 bytes leftover after parsing attributes in process `syz.3.167'.
[  115.067116][ T4819] hub 8-0:1.0: USB hub found
[  115.073707][ T4819] hub 8-0:1.0: 1 port detected
[  117.066818][ T4839] loop0: detected capacity change from 0 to 1024
[  117.088687][ T4839] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[  117.096463][ T4839] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  118.284876][ T4839] EXT4-fs error (device loop0): ext4_ext_check_inode:501: inode #11: comm syz.0.174: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  118.312214][ T4839] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.174: couldn't read orphan inode 11 (err -117)
[  118.329197][ T4839] EXT4-fs (loop0): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback.
[  118.439996][ T4839] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm syz.0.174: Invalid block bitmap block 0 in block_group 0
[  118.474252][ T4839] Quota error (device loop0): write_blk: dquota write failed
[  118.483179][ T4839] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  118.504494][ T4839] EXT4-fs error (device loop0): ext4_acquire_dquot:6234: comm syz.0.174: Failed to acquire dquot type 0
[  118.520983][ T4845] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.174: Invalid inode bitmap blk 137438953472 in block_group 0
[  123.510539][    T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4327: comm kworker/u4:0: Invalid inode table block 8589934593 in block_group 0
[  123.581692][ T4868] netlink: 20 bytes leftover after parsing attributes in process `syz.3.182'.
[  123.631505][ T4868] netlink: 60 bytes leftover after parsing attributes in process `syz.3.182'.
[  123.932183][ T4872] hub 8-0:1.0: USB hub found
[  123.938227][ T4872] hub 8-0:1.0: 1 port detected
[  125.084259][ T4882] loop1: detected capacity change from 0 to 128
[  125.207179][ T4882] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  125.770727][   T26] audit: type=1804 audit(1775725507.940:21): pid=4889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.187" name="/newroot/47/file1/bus" dev="loop1" ino=1048598 res=1 errno=0
[  126.495610][ T1277] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  127.534155][ T4892] loop2: detected capacity change from 0 to 4096
[  127.567833][ T4900] loop1: detected capacity change from 0 to 512
[  127.575884][ T4899] loop0: detected capacity change from 0 to 128
[  127.686025][ T4899] FAT-fs (loop0): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  127.719032][ T4900] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.191: invalid indirect mapped block 256 (level 2)
[  127.771162][ T4900] EXT4-fs (loop1): 2 truncates cleaned up
[  127.776961][ T4900] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,auto_da_alloc,lazytime,journal_dev=0x0000000000000006,,errors=continue. Quota mode: writeback.
[  128.002248][ T4904] block nbd3: NBD_DISCONNECT
[  128.021481][ T4907] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  128.046869][ T4903] block nbd3: Disconnected due to user request.
[  128.700336][   T26] audit: type=1804 audit(1775725510.910:22): pid=4908 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.193" name="/newroot/43/file1/bus" dev="loop0" ino=1048600 res=1 errno=0
[  129.151663][ T4334] FAT-fs (loop0): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  129.180999][ T4903] block nbd3: shutting down sockets
[  129.331633][ T4902] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap
[  129.631129][ T4915] netlink: 20 bytes leftover after parsing attributes in process `syz.0.195'.
[  131.814777][ T4927] loop3: detected capacity change from 0 to 512
[  131.922340][ T4927] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  132.083805][ T4917] chnl_net:caif_netlink_parms(): no params data found
[  132.899814][ T4947] overlayfs: failed to get inode (-116)
[  132.961120][    T7] Bluetooth: hci5: command 0x0409 tx timeout
[  133.018212][ T4947] overlayfs: failed to get inode (-116)
[  133.046226][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  133.052744][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  133.124544][ T4951] loop1: detected capacity change from 0 to 512
[  133.195361][ T4927] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6
[  133.257893][ T4951] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.205: invalid indirect mapped block 256 (level 2)
[  133.369061][ T4951] EXT4-fs (loop1): 2 truncates cleaned up
[  133.382486][ T4951] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,auto_da_alloc,lazytime,journal_dev=0x0000000000000006,,errors=continue. Quota mode: writeback.
[  133.458114][ T4917] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.600978][ T4917] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.610322][ T4917] device bridge_slave_0 entered promiscuous mode
[  133.619131][ T4917] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.016293][ T4917] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.024714][ T4917] device bridge_slave_1 entered promiscuous mode
[  134.217185][ T4917] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  134.290541][   T26] audit: type=1326 audit(1775725516.490:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4960 comm="syz.0.207" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcb655ee819 code=0x0
[  134.515240][ T4917] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  135.297370][   T21] Bluetooth: hci5: command 0x041b tx timeout
[  135.544152][ T4972] netlink: 20 bytes leftover after parsing attributes in process `syz.3.209'.
[  135.671432][ T4917] team0: Port device team_slave_0 added
[  135.734577][ T4917] team0: Port device team_slave_1 added
[  136.217560][ T4917] batman_adv: batadv0: Adding interface: batadv_slave_0
[  136.243153][ T4917] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  136.345806][ T4917] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  137.360453][   T21] Bluetooth: hci5: command 0x040f tx timeout
[  137.378187][ T4979] netlink: 'syz.3.212': attribute type 8 has an invalid length.
[  137.409794][ T4917] batman_adv: batadv0: Adding interface: batadv_slave_1
[  137.455161][ T4917] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.531954][ T4917] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  137.533051][ T4988] loop5: detected capacity change from 0 to 7
[  137.646273][ T4988] Dev loop5: unable to read RDB block 7
[  137.664900][ T4988]  loop5: unable to read partition table
[  137.685515][ T4988] loop5: partition table beyond EOD, truncated
[  137.697846][ T4917] device hsr_slave_0 entered promiscuous mode
[  137.742276][ T4917] device hsr_slave_1 entered promiscuous mode
[  137.762800][ T4988] loop_reread_partitions: partition scan of loop5 (úùƒWå¡™‰ü�¾Ã½¸*‹ºÐ	œëÜ%õ«µ4FLQkÝŠ5) failed (rc=-5)
[  137.793760][ T4917] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  137.821226][ T4917] Cannot create hsr debugfs directory
[  137.900796][ T4991] device syzkaller0 entered promiscuous mode
[  138.004692][ T4993] loop3: detected capacity change from 0 to 512
[  138.092384][ T4993] EXT4-fs (loop3): Ignoring removed nobh option
[  138.191002][ T4993] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.217: iget: bad i_size value: 38620345925642
[  138.225923][ T4993] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.217: couldn't read orphan inode 15 (err -117)
[  138.239182][ T4993] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,,errors=continue. Quota mode: writeback.
[  139.441099][ T4709] Bluetooth: hci5: command 0x0419 tx timeout
[  139.661950][ T5007] netlink: 20 bytes leftover after parsing attributes in process `syz.2.221'.
[  140.213321][ T4917] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  140.265039][ T4917] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  140.297306][ T4917] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  140.329988][ T5010] loop3: detected capacity change from 0 to 4096
[  140.372934][ T4917] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  140.608815][ T5026] device syzkaller0 entered promiscuous mode
[  140.775968][ T5030] loop1: detected capacity change from 0 to 128
[  140.813072][ T4917] 8021q: adding VLAN 0 to HW filter on device bond0
[  140.853301][ T4850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  140.884442][ T4850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  140.893918][ T5034] netlink: 20 bytes leftover after parsing attributes in process `syz.2.232'.
[  140.913671][ T4917] 8021q: adding VLAN 0 to HW filter on device team0
[  140.951233][ T5034] netlink: 60 bytes leftover after parsing attributes in process `syz.2.232'.
[  140.986258][ T5030] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  141.014488][ T4850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  141.045175][ T5030] ext4 filesystem being mounted at /64/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  141.079987][ T4850] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  141.092797][ T5039] loop3: detected capacity change from 0 to 128
[  141.120958][ T4850] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.128235][ T4850] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.148233][ T4850] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  142.226808][ T4917] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  142.277066][ T4917] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  142.343982][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  142.379052][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  142.411414][ T4334] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.418670][ T4334] bridge0: port 2(bridge_slave_1) entered forwarding state
[  142.427668][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  142.437495][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  142.448673][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  142.467094][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  142.486533][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  142.513592][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  142.529506][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  142.601474][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  142.642220][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  142.669537][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  142.732473][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  142.825401][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  143.302990][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  143.342310][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  143.389370][ T4917] 8021q: adding VLAN 0 to HW filter on device batadv0
[  143.844468][ T5079] hub 9-0:1.0: USB hub found
[  143.850624][ T5079] hub 9-0:1.0: 1 port detected
[  143.920404][ T5076] device syzkaller0 entered promiscuous mode
[  144.353942][ T5081] netlink: 20 bytes leftover after parsing attributes in process `syz.3.244'.
[  144.540760][ T4480] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.690093][ T5081] netlink: 60 bytes leftover after parsing attributes in process `syz.3.244'.
[  144.963054][ T4480] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.560129][ T4480] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.488256][ T4480] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.849712][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  146.891264][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  146.933890][ T5110] netlink: 40 bytes leftover after parsing attributes in process `syz.1.252'.
[  146.966592][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  147.028116][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  147.059042][ T4917] device veth0_vlan entered promiscuous mode
[  147.100950][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  147.123991][ T1124] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  147.199253][ T4917] device veth1_vlan entered promiscuous mode
[  147.474460][ T4917] device veth0_macvtap entered promiscuous mode
[  147.695992][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  147.810916][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  147.977040][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  148.048626][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  148.079036][   T26] audit: type=1800 audit(1775725530.290:24): pid=5117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.256" name="bus" dev="ramfs" ino=36267 res=0 errno=0
[  148.121357][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  148.160017][ T4917] device veth1_macvtap entered promiscuous mode
[  148.302102][ T4917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  148.517385][ T4917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  148.739343][ T4917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  148.964828][ T4917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.145021][ T5128] loop3: detected capacity change from 0 to 4096
[  149.174087][ T4917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.190404][ T4917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.212063][ T4917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.234543][ T4917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.248605][ T4917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.272795][ T4917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.308910][ T4917] batman_adv: batadv0: Interface activated: batadv_slave_0
[  149.340622][ T5128] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512)
[  149.389692][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  149.412193][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  149.463537][ T4917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.501014][ T5128] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  149.512309][ T4917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.561103][ T4917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.600332][ T4917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.635310][ T4917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.656693][ T4917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.687358][ T4917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.722588][ T4917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.749060][ T4917] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.762693][ T4917] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.784835][ T4917] batman_adv: batadv0: Interface activated: batadv_slave_1
[  149.812431][ T4254] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  149.836596][ T4254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  149.923806][ T4917] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.960047][ T4917] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.976624][ T4917] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.985767][ T4917] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  150.477623][ T5140] loop2: detected capacity change from 0 to 32768
[  150.647588][ T4254] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  150.664186][ T4254] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.380962][ T5140] XFS (loop2): Mounting V5 Filesystem
[  151.580260][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  151.606881][ T1277] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.688012][ T1277] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.785711][ T5140] XFS (loop2): Ending clean mount
[  151.796441][ T4446] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  152.040128][ T4185] XFS (loop2): Unmounting Filesystem
[  152.964969][ T5203] device syzkaller0 entered promiscuous mode
[  153.120534][ T5207] program syz.0.274 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  153.226547][   T26] audit: type=1800 audit(1775725535.440:25): pid=5186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.268" name="bus" dev="ramfs" ino=35760 res=0 errno=0
[  155.409252][ T4480] device hsr_slave_0 left promiscuous mode
[  155.505487][ T4480] device hsr_slave_1 left promiscuous mode
[  155.608490][ T4480] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  155.707622][ T4480] batman_adv: batadv0: Removing interface: batadv_slave_0
[  155.831482][ T4480] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  155.870437][ T4480] batman_adv: batadv0: Removing interface: batadv_slave_1
[  155.888845][ T4480] device bridge_slave_1 left promiscuous mode
[  155.897543][ T4480] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.973818][ T4480] device bridge_slave_0 left promiscuous mode
[  155.987353][ T4480] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.027616][ T4480] device veth1_macvtap left promiscuous mode
[  156.036862][ T4480] device veth0_macvtap left promiscuous mode
[  156.047895][ T4480] device veth1_vlan left promiscuous mode
[  156.056960][ T4480] device veth0_vlan left promiscuous mode
[  156.951837][ T5266] affs: No valid root block on device nullb0
[  158.026326][ T4480] bond1 (unregistering): Released all slaves
[  158.374566][ T4480] team0 (unregistering): Port device team_slave_1 removed
[  158.413697][ T4480] team0 (unregistering): Port device team_slave_0 removed
[  158.485990][ T4480] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  158.535608][ T4480] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  158.679660][ T4480] bond0 (unregistering): Released all slaves
[  159.180455][ T5285] netlink: 'syz.0.292': attribute type 8 has an invalid length.
[  159.711571][ T5289] loop5: detected capacity change from 0 to 128
[  159.832117][   T26] audit: type=1800 audit(1775725542.050:26): pid=5278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.290" name="bus" dev="ramfs" ino=36983 res=0 errno=0
[  159.891984][ T5289] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  159.921610][ T5289] ext4 filesystem being mounted at /6/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  159.970003][ T5296] loop0: detected capacity change from 0 to 128
[  160.736111][ T5297] hub 8-0:1.0: USB hub found
[  160.743252][ T5297] hub 8-0:1.0: 1 port detected
[  161.189710][ T5313] hub 9-0:1.0: USB hub found
[  161.195776][ T5313] hub 9-0:1.0: 1 port detected
[  162.267504][ T5332] sg_write: process 27 (syz.5.304) changed security contexts after opening file descriptor, this is not allowed.
[  162.989721][ T5329] device syzkaller0 entered promiscuous mode
[  166.905748][ T5364] vivid-001: kernel_thread() failed
[  167.095676][   T26] audit: type=1800 audit(1775725549.290:27): pid=5353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.308" name="bus" dev="ramfs" ino=37140 res=0 errno=0
[  170.149391][ T5397] device syzkaller0 entered promiscuous mode
[  172.562874][ T5440] hub 8-0:1.0: USB hub found
[  172.567782][ T5440] hub 8-0:1.0: 1 port detected
[  172.719609][ T5437] device syzkaller0 entered promiscuous mode
[  173.446311][   T26] audit: type=1800 audit(1775725555.660:28): pid=5424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.325" name="bus" dev="ramfs" ino=37211 res=0 errno=0
[  176.800747][ T5470] process 'syz.1.335' launched './file0' with NULL argv: empty string added
[  178.081448][ T5489] device syzkaller0 entered promiscuous mode
[  178.218039][ T5496] hub 8-0:1.0: USB hub found
[  178.222918][ T5496] hub 8-0:1.0: 1 port detected
[  182.747969][ T5550] device syzkaller0 entered promiscuous mode
[  183.015807][   T23] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  184.030639][   T23] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  184.052129][   T23] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  184.238525][   T23] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.262950][   T23] usb 6-1: config 0 descriptor??
[  184.315273][   T23] pwc: Askey VC010 type 2 USB webcam detected.
[  184.349250][ T5578] loop1: detected capacity change from 0 to 128
[  184.580746][   T23] pwc: send_video_command error -71
[  184.586597][   T23] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  184.748841][   T23] Philips webcam: probe of 6-1:0.0 failed with error -71
[  185.033770][   T23] usb 6-1: USB disconnect, device number 2
[  185.111354][ T5578] netlink: 'syz.1.363': attribute type 1 has an invalid length.
[  185.690544][   T23] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  185.798218][ T5578] 8021q: adding VLAN 0 to HW filter on device bond1
[  185.912577][ T5592] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  185.990510][   T23] usb 6-1: device descriptor read/all, error -71
[  185.998890][ T4334] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  186.355073][ T5605] mmap: syz.5.364 (5605) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  186.971586][ T5613] netlink: 60 bytes leftover after parsing attributes in process `syz.1.367'.
[  187.078073][ T5616] device syzkaller0 entered promiscuous mode
[  187.220380][ T4194] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  188.245233][ T4194] usb 1-1: Using ep0 maxpacket: 8
[  188.480468][ T4194] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  189.628696][ T5640] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  189.636446][ T5640] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  189.645275][ T5649] vhci_hcd: connection closed
[  189.648073][ T5640] vhci_hcd vhci_hcd.0: Device attached
[  189.662123][ T4334] vhci_hcd: stop threads
[  189.677048][ T4334] vhci_hcd: release socket
[  189.796208][ T4194] usb 1-1: config 179 has no interface number 0
[  189.802882][ T4194] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  189.815444][ T4194] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  189.828440][ T4194] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  189.841101][ T4194] usb 1-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  189.858137][ T4194] usb 1-1: config 179 interface 65 has no altsetting 0
[  189.866611][ T4194] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  189.886075][ T4194] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.899062][ T4334] vhci_hcd: disconnect device
[  189.954485][ T4194] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input5
[  190.074790][ T4194] usb 1-1: USB disconnect, device number 3
[  190.081087][    C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  190.081563][    C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  190.126884][ T5662] loop0: detected capacity change from 0 to 128
[  190.363206][ T4194] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  190.752391][ T5667] IPVS: sync thread started: state = MASTER, mcast_ifn = syz_tun, syncid = 0, id = 0
[  190.854904][ T5662] EXT4-fs (loop0): Test dummy encryption mode enabled
[  190.870462][ T5662] EXT4-fs (loop0): inline encryption not supported
[  190.952655][ T5662] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption=v1,nodioread_nolock,errors=continue,inlinecrypt,,errors=continue. Quota mode: none.
[  190.971416][ T5662] ext4 filesystem being mounted at /91/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  191.143322][ T5677] loop3: detected capacity change from 0 to 736
[  191.567254][ T4194] Bluetooth: hci1: command 0x0406 tx timeout
[  191.637540][ T4194] Bluetooth: hci4: command 0x0406 tx timeout
[  191.892432][ T4194] Bluetooth: hci3: command 0x0406 tx timeout
[  191.898681][ T4194] Bluetooth: hci2: command 0x0406 tx timeout
[  191.964829][ T5686] netlink: 60 bytes leftover after parsing attributes in process `syz.1.381'.
[  193.521381][ T5662] fscrypt (loop0): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  194.345198][ T5729] loop1: detected capacity change from 0 to 8
[  194.481937][ T5729] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  194.509023][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  194.554940][ T5729] cramfs: Error -3 while decompressing!
[  194.561087][ T5729] cramfs: ffffffff964030a8(26)->ffff88805ba04000(4096)
[  194.568564][ T5729] cramfs: Error -3 while decompressing!
[  194.574744][ T5729] cramfs: ffffffff964030c2(26)->ffff88805a278000(4096)
[  194.581819][ T5729] cramfs: Error -3 while decompressing!
[  194.588188][ T5729] cramfs: ffffffff964030dc(16)->ffff88805c1c1000(4096)
[  194.595930][ T5729] cramfs: Error -3 while decompressing!
[  194.602006][ T5729] cramfs: ffffffff964030a8(26)->ffff88805ba04000(4096)
[  194.618862][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  194.956139][ T5416] udevd[5416]: incorrect cramfs checksum on /dev/loop1
[  195.001761][ T4194] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  195.156393][ T5739] loop1: detected capacity change from 0 to 8
[  195.340413][ T4194] usb 4-1: device descriptor read/all, error -71
[  195.528885][ T5753] netlink: 60 bytes leftover after parsing attributes in process `syz.3.394'.
[  195.766062][ T5762] loop3: detected capacity change from 0 to 512
[  195.863403][ T5762] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[  195.920545][ T5762] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  195.951870][ T4229] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  195.960495][ T5762] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e028, mo2=0002]
[  196.001429][ T5762] EXT4-fs (loop3): orphan cleanup on readonly fs
[  196.008829][ T5762] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.397: bg 0: block 361: padding at end of block bitmap is not set
[  196.030370][ T5762] EXT4-fs (loop3): Remounting filesystem read-only
[  196.037171][ T5762] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6192: Corrupt filesystem
[  196.049853][ T5762] EXT4-fs (loop3): Remounting filesystem read-only
[  196.061818][ T5762] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #11: comm syz.3.397: attempt to clear invalid blocks 33619980 len 1
[  196.096792][ T5762] EXT4-fs (loop3): Remounting filesystem read-only
[  196.115862][ T5762] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.397: invalid indirect mapped block 1811939328 (level 0)
[  196.150935][ T5762] EXT4-fs (loop3): Remounting filesystem read-only
[  196.162051][ T5762] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.397: invalid indirect mapped block 2185560079 (level 1)
[  196.209581][ T5762] EXT4-fs (loop3): Remounting filesystem read-only
[  196.227173][ T5762] EXT4-fs (loop3): 1 truncate cleaned up
[  196.260805][ T5762] EXT4-fs (loop3): mounted filesystem without journal. Opts: nogrpid,noblock_validity,discard,errors=remount-ro,mblk_io_submit. Quota mode: none.
[  196.341613][ T5762] EXT4-fs warning (device loop3): dx_probe:893: inode #2: comm syz.3.397: dx entry: limit 0 != root limit 125
[  196.375336][ T5762] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.397: Corrupt directory, running e2fsck is recommended
[  196.431947][ T4229] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  196.470630][ T4229] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  196.491211][ T4229] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  196.508516][ T5777] loop0: detected capacity change from 0 to 8192
[  196.515348][ T4229] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  196.539995][ T4229] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  196.560503][   T23] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  196.679509][ T5789] loop3: detected capacity change from 0 to 256
[  196.710551][ T4229] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  196.726439][ T4229] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  196.746658][ T4229] usb 6-1: Product: syz
[  196.802298][ T5789] netlink: 666 bytes leftover after parsing attributes in process `syz.3.403'.
[  196.820945][ T4229] usb 6-1: Manufacturer: syz
[  196.978272][ T4229] cdc_wdm 6-1:1.0: skipping garbage
[  196.991055][ T4229] cdc_wdm 6-1:1.0: skipping garbage
[  197.005946][ T5793] netlink: 12 bytes leftover after parsing attributes in process `syz.2.404'.
[  197.085165][ T4229] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  197.262949][ T4229] cdc_wdm 6-1:1.0: Unknown control protocol
[  197.542930][ T4229] usb 6-1: USB disconnect, device number 5
[  197.584954][ T5795] /dev/loop0: Can't open blockdev
[  197.611345][   T23] usb 2-1: Using ep0 maxpacket: 8
[  197.677137][ T5798] netlink: 60 bytes leftover after parsing attributes in process `syz.3.407'.
[  197.732106][   T23] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  197.751725][   T23] usb 2-1: config 179 has no interface number 0
[  197.758255][   T23] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  197.874847][ T5804] device syzkaller0 entered promiscuous mode
[  197.892942][   T23] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  197.925239][   T23] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  197.950558][   T23] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  197.975064][   T23] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  198.010480][   T23] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  198.026111][   T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.110673][ T5775] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  198.516756][   T21] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input6
[  198.679147][ T4709] usb 2-1: USB disconnect, device number 2
[  198.690335][    C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  198.699307][    C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  198.811567][ T4709] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  201.931999][ T5826] loop3: detected capacity change from 0 to 32768
[  202.219348][ T5860] netlink: 60 bytes leftover after parsing attributes in process `syz.5.419'.
[  202.286529][ T5862] Cannot find set identified by id 1 to match
[  203.117892][ T5858] loop1: detected capacity change from 0 to 40427
[  203.144789][ T5858] F2FS-fs (loop1): Corrupted extension count (327717 + 1 > 64)
[  203.177528][ T5858] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  203.217230][ T5858] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x1ffff
[  203.257340][ T5858] F2FS-fs (loop1): invalid crc value
[  203.298528][ T5858] F2FS-fs (loop1): Found nat_bits in checkpoint
[  203.382596][ T5858] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[  203.397578][ T5858] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  204.042834][ T5872] netlink: 12 bytes leftover after parsing attributes in process `syz.5.421'.
[  204.122994][ T5876] device syzkaller0 entered promiscuous mode
[  204.144265][ T5858] F2FS-fs (loop1) : inject no more block in inc_valid_block_count of __allocate_data_block+0x4af/0xa30
[  204.305518][ T4186] attempt to access beyond end of device
[  204.305518][ T4186] loop1: rw=2049, want=45104, limit=40427
[  204.390436][ T2239] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  204.650763][ T2239] usb 1-1: Using ep0 maxpacket: 8
[  204.800810][ T2239] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  204.812703][ T2239] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  204.825708][ T2239] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  204.838174][ T2239] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  204.853443][ T2239] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  204.924681][ T2239] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.636143][ T2239] usb 1-1: GET_CAPABILITIES returned 0
[  205.642373][ T2239] usbtmc 1-1:16.0: can't read capabilities
[  205.861618][ T2239] usb 1-1: USB disconnect, device number 4
[  206.619621][ T5913] netlink: 20 bytes leftover after parsing attributes in process `syz.2.431'.
[  206.655918][ T5913] netlink: 60 bytes leftover after parsing attributes in process `syz.2.431'.
[  206.900605][ T5815] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  207.005027][ T5928] loop0: detected capacity change from 0 to 256
[  207.049658][ T5925] device syzkaller0 entered promiscuous mode
[  207.103515][ T5928] exfat: Unknown parameter 'sys_tz'
[  207.260590][ T5815] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  207.276281][ T5815] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  207.520630][ T5815] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  207.537316][ T5815] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.564734][ T5815] usb 2-1: Product: syz
[  207.574493][ T5815] usb 2-1: Manufacturer: syz
[  207.584698][ T5815] usb 2-1: SerialNumber: syz
[  207.614854][ T5815] usb 2-1: config 0 descriptor??
[  207.640634][ T5907] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  207.651361][ T5907] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  207.682044][ T5815] usb 2-1: ucan: probing device on interface #0
[  207.697393][ T5815] usb 2-1: ucan: invalid EP count (1)
[  207.710061][ T5815] usb 2-1: ucan: probe failed; try to update the device firmware
[  208.001973][ T5950] loop0: detected capacity change from 0 to 512
[  208.920821][ T5950] EXT4-fs (loop0): test_dummy_encryption requires encrypt feature
[  208.970571][ T5815] usb 2-1: USB disconnect, device number 3
[  209.097317][ T5954] binder: 5952:5954 ioctl 4018620d 0 returned -22
[  209.160874][ T5958] netlink: 20 bytes leftover after parsing attributes in process `syz.3.443'.
[  209.234282][ T5960] hub 8-0:1.0: USB hub found
[  209.240090][ T5960] hub 8-0:1.0: 1 port detected
[  209.407895][ T5958] netlink: 60 bytes leftover after parsing attributes in process `syz.3.443'.
[  210.452656][ T5977] hub 8-0:1.0: USB hub found
[  210.460901][ T5977] hub 8-0:1.0: 1 port detected
[  211.468267][ T5954] syz.5.441 (5954): drop_caches: 2
[  211.495420][ T5987] loop3: detected capacity change from 0 to 512
[  211.655702][ T5987] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  211.675957][ T5985] loop0: detected capacity change from 0 to 4096
[  211.690584][ T5987] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  211.723815][ T5993] netlink: 28 bytes leftover after parsing attributes in process `syz.5.452'.
[  211.731634][ T5987] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 not in group (block 3)!
[  211.744583][ T5997] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  211.800361][ T5987] EXT4-fs (loop3): group descriptors corrupted!
[  211.856778][ T5985] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
[  211.971674][ T5985] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  213.070158][ T6005] loop3: detected capacity change from 0 to 4096
[  213.154651][ T6012] hub 8-0:1.0: USB hub found
[  213.160349][ T6012] hub 8-0:1.0: 1 port detected
[  213.529375][ T6014] IPVS: sync thread started: state = MASTER, mcast_ifn = syz_tun, syncid = 1, id = 0
[  214.173516][ T4183] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22.
[  214.203699][ T4183] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  214.238250][ T5999] loop5: detected capacity change from 0 to 32768
[  214.356841][ T5999] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.454 (5999)
[  214.441023][ T6039] loop0: detected capacity change from 0 to 128
[  214.631674][ T6039] FAT-fs (loop0): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  214.666807][ T6045] loop1: detected capacity change from 0 to 512
[  214.802403][ T5999] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  214.954927][ T6045] EXT4-fs (loop1): Ignoring removed nobh option
[  215.106573][ T5999] BTRFS info (device loop5): using free space tree
[  215.421750][ T6045] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.466: iget: bad i_size value: 38620345925642
[  215.436681][ T5999] BTRFS info (device loop5): has skinny extents
[  215.560063][ T6045] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.466: couldn't read orphan inode 15 (err -117)
[  215.600040][ T6045] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,,errors=continue. Quota mode: writeback.
[  216.015151][ T5999] BTRFS error (device loop5): open_ctree failed: -12
[  216.478173][   T26] audit: type=1326 audit(1775725598.690:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6057 comm="syz.2.467" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcc7cab8819 code=0x0
[  216.542567][ T6082] device lo entered promiscuous mode
[  216.548362][ T6082] device tunl0 entered promiscuous mode
[  216.648239][ T6082] device gre0 entered promiscuous mode
[  216.689176][ T6082] device gretap0 entered promiscuous mode
[  216.697327][ T6089] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  216.739643][ T6082] device erspan0 entered promiscuous mode
[  216.798394][ T6082] device ip_vti0 entered promiscuous mode
[  216.991196][ T6082] device ip6_vti0 entered promiscuous mode
[  217.735862][ T6082] device sit0 entered promiscuous mode
[  217.800341][ T6082] device ip6tnl0 entered promiscuous mode
[  217.859415][ T6082] device ip6gre0 entered promiscuous mode
[  217.921615][ T6105] hub 8-0:1.0: USB hub found
[  217.926747][ T6105] hub 8-0:1.0: 1 port detected
[  217.938439][ T6082] device syz_tun entered promiscuous mode
[  218.021255][ T6082] device ip6gretap0 entered promiscuous mode
[  218.224514][ T6082] device bridge0 entered promiscuous mode
[  218.269066][ T6082] device vcan0 entered promiscuous mode
[  219.111395][ T6082] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  219.333954][ T6082] device bond0 entered promiscuous mode
[  219.341115][ T6082] device bond_slave_0 entered promiscuous mode
[  219.348231][ T6082] device bond_slave_1 entered promiscuous mode
[  219.357760][ T6082] device team0 entered promiscuous mode
[  219.377530][ T6082] device team_slave_0 entered promiscuous mode
[  220.111601][ T6082] device team_slave_1 entered promiscuous mode
[  220.223870][ T6082] device dummy0 entered promiscuous mode
[  220.230038][ T6082] device nlmon0 entered promiscuous mode
[  220.372636][ T6121] loop0: detected capacity change from 0 to 512
[  220.421193][ T6082] device caif0 entered promiscuous mode
[  220.427131][ T6082] device batadv0 entered promiscuous mode
[  220.463820][ T6121] EXT4-fs (loop0): Ignoring removed nobh option
[  220.808398][ T6082] device vxcan0 entered promiscuous mode
[  220.820703][ T6082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  220.831193][ T6082] device vxcan1 entered promiscuous mode
[  220.858552][ T6082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  220.887849][ T6082] device veth0 entered promiscuous mode
[  220.898159][ T6121] EXT4-fs error (device loop0): ext4_orphan_get:1400: inode #15: comm syz.0.479: iget: bad i_size value: 38620345925642
[  220.915760][ T6082] device veth1 entered promiscuous mode
[  220.933208][ T6121] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.479: couldn't read orphan inode 15 (err -117)
[  220.947318][ T6082] device wg0 entered promiscuous mode
[  220.960111][ T6082] device wg1 entered promiscuous mode
[  220.970187][ T6082] device wg2 entered promiscuous mode
[  220.978992][ T6082] device veth0_to_bridge entered promiscuous mode
[  221.024143][ T6082] device veth1_to_bridge entered promiscuous mode
[  221.051603][ T6082] device veth0_to_bond entered promiscuous mode
[  221.065721][ T6082] device veth1_to_bond entered promiscuous mode
[  221.075120][ T6082] device veth0_to_team entered promiscuous mode
[  221.082091][ T6121] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,,errors=continue. Quota mode: writeback.
[  221.113647][ T6082] device veth1_to_team entered promiscuous mode
[  221.159238][ T6082] device veth0_to_batadv entered promiscuous mode
[  221.316982][ T6082] device batadv_slave_0 entered promiscuous mode
[  221.336441][ T6082] device veth1_to_batadv entered promiscuous mode
[  221.360822][ T6082] device batadv_slave_1 entered promiscuous mode
[  221.787199][ T6082] device xfrm0 entered promiscuous mode
[  221.843100][ T6082] device veth0_to_hsr entered promiscuous mode
[  222.064883][ T6082] device veth1_to_hsr entered promiscuous mode
[  222.086842][ T6082] device hsr0 entered promiscuous mode
[  222.095305][ T6082] device veth1_virt_wifi entered promiscuous mode
[  222.943734][ T6082] device veth0_virt_wifi entered promiscuous mode
[  222.991800][ T6082] device virt_wifi0 entered promiscuous mode
[  223.002304][ T6082] device vlan0 entered promiscuous mode
[  223.019374][ T6082] device vlan1 entered promiscuous mode
[  223.037839][ T6082] device macvlan0 entered promiscuous mode
[  223.123549][ T6144] hub 8-0:1.0: USB hub found
[  223.130688][ T6144] hub 8-0:1.0: 1 port detected
[  223.944016][ T6082] device macvlan1 entered promiscuous mode
[  223.966775][ T6082] device ipvlan0 entered promiscuous mode
[  223.977066][ T6082] device ipvlan1 entered promiscuous mode
[  223.998952][ T6082] device macvtap0 entered promiscuous mode
[  224.040805][ T6082] device macsec0 entered promiscuous mode
[  224.243214][ T6082] device geneve0 entered promiscuous mode
[  224.258018][ T6082] device geneve1 entered promiscuous mode
[  224.265691][ T6082] device wlan0 entered promiscuous mode
[  224.278339][ T6082] device wlan1 entered promiscuous mode
[  225.232729][ T6082] device eth0 entered promiscuous mode
[  225.238593][ T6082] device eth1 entered promiscuous mode
[  225.255206][ T6082] device eth2 entered promiscuous mode
[  225.264841][ T6082] device eth3 entered promiscuous mode
[  228.288702][ T6197] hub 8-0:1.0: USB hub found
[  228.294782][ T6197] hub 8-0:1.0: 1 port detected
[  229.628733][ T6208] netlink: 51 bytes leftover after parsing attributes in process `syz.5.499'.
[  232.772279][ T6247] netlink: 12 bytes leftover after parsing attributes in process `syz.3.509'.
[  233.265026][ T1277] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.415780][ T1277] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.506712][ T1277] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.784410][ T6255] chnl_net:caif_netlink_parms(): no params data found
[  234.957585][ T1277] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.040589][ T4227] Bluetooth: hci0: command 0x0409 tx timeout
[  235.621173][ T6255] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.640066][ T6255] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.724001][ T6255] device bridge_slave_0 entered promiscuous mode
[  235.898657][ T6255] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.949400][ T6255] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.971726][ T6255] device bridge_slave_1 entered promiscuous mode
[  235.996629][ T6313] netlink: 12 bytes leftover after parsing attributes in process `syz.1.523'.
[  236.056982][ T6255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  236.472011][ T6255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  236.615695][ T6255] team0: Port device team_slave_0 added
[  236.674223][ T6255] team0: Port device team_slave_1 added
[  236.877098][ T6255] batman_adv: batadv0: Adding interface: batadv_slave_0
[  236.893450][ T6255] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.001021][ T6328] hub 8-0:1.0: USB hub found
[  237.006919][ T6328] hub 8-0:1.0: 1 port detected
[  237.409665][ T6255] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  237.764201][ T6255] batman_adv: batadv0: Adding interface: batadv_slave_1
[  237.814601][ T4261] Bluetooth: hci0: command 0x041b tx timeout
[  237.840475][ T6255] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.894376][ T6333] loop1: detected capacity change from 0 to 256
[  237.930398][ T6255] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  237.971243][ T6333] exfat: Deprecated parameter 'utf8'
[  237.976683][ T6333] exfat: Deprecated parameter 'utf8'
[  238.001380][ T6333] exfat: Deprecated parameter 'namecase'
[  238.032924][ T6333] exfat: Deprecated parameter 'namecase'
[  238.145247][ T6333] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d)
[  238.165080][ T6255] device hsr_slave_0 entered promiscuous mode
[  238.201772][ T6255] device hsr_slave_1 entered promiscuous mode
[  240.162921][ T6086] Bluetooth: hci0: command 0x040f tx timeout
[  240.305493][ T6372] netlink: 12 bytes leftover after parsing attributes in process `syz.1.534'.
[  240.533853][ T1277] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  240.547422][ T1277] batman_adv: batadv0: Removing interface: batadv_slave_0
[  240.561465][ T1277] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  240.569690][ T1277] batman_adv: batadv0: Removing interface: batadv_slave_1
[  240.590901][ T1277] bridge0: port 2(bridge_slave_1) entered disabled state
[  240.601056][ T1277] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.688256][ T6381] hub 8-0:1.0: USB hub found
[  240.694376][ T6381] hub 8-0:1.0: 1 port detected
[  241.543552][ T6385] loop5: detected capacity change from 0 to 512
[  241.642488][ T6385] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.538: invalid indirect mapped block 256 (level 2)
[  241.675070][ T6385] EXT4-fs (loop5): 2 truncates cleaned up
[  241.683258][ T6385] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpid,auto_da_alloc,lazytime,journal_dev=0x0000000000000006,,errors=continue. Quota mode: writeback.
[  241.870436][   T21] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  241.936131][ T1277] team0 (unregistering): Port device team_slave_1 removed
[  242.079834][ T1277] team0 (unregistering): Port device team_slave_0 removed
[  242.118570][ T1277] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  242.148004][ T1277] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  242.250621][   T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  242.280499][   T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  242.321036][   T21] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  242.341898][   T21] usb 1-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[  242.356436][   T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.375555][   T21] usb 1-1: config 0 descriptor??
[  242.389551][ T1277] bond0 (unregistering): Released all slaves
[  242.481801][ T4227] Bluetooth: hci0: command 0x0419 tx timeout
[  242.499907][ T6393] device syzkaller0 entered promiscuous mode
[  242.530047][ T6255] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  242.557888][ T6255] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  242.642380][ T6255] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  242.770357][ T6255] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  242.866797][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  243.031970][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  243.039723][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  243.048386][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  243.065858][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  243.277649][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  243.455919][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  243.668887][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  243.785418][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  243.862632][ T6255] 8021q: adding VLAN 0 to HW filter on device bond0
[  243.872723][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  243.920344][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  243.941717][ T6255] 8021q: adding VLAN 0 to HW filter on device team0
[  243.966298][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  243.992461][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  244.001013][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.008962][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.022725][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  244.053959][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  244.072569][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.101150][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  244.110593][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.130367][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.139232][ T4480] bridge0: port 1(bridge_slave_0) entered blocking state
[  244.146807][ T4480] bridge0: port 1(bridge_slave_0) entered forwarding state
[  244.156936][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.173309][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.186299][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.192134][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  244.211806][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.219699][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.276312][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  244.306434][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  244.319905][ T6433] loop1: detected capacity change from 0 to 1024
[  244.374825][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.393614][ T4480] bridge0: port 2(bridge_slave_1) entered blocking state
[  244.400907][ T4480] bridge0: port 2(bridge_slave_1) entered forwarding state
[  244.439899][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.458294][ T6433] EXT4-fs (loop1): Ignoring removed mblk_io_submit option
[  244.496434][ T6433] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  244.526694][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.547567][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  244.582075][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.630941][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  244.639052][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.692329][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  244.700674][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.708205][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.746747][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  244.765824][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.785984][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  244.810385][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.829004][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  244.850403][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.857784][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.875046][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  244.902991][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.921227][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  244.941258][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  244.958558][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  244.985505][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  245.013023][ T6255] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  245.033981][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  245.065342][ T6255] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  245.080487][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  245.111185][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  245.120652][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  245.128223][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  245.146807][ T4480] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  245.196988][   T21] magicmouse 0003:05AC:0265.0001: unknown main item tag 0x0
[  245.274188][   T21] magicmouse 0003:05AC:0265.0001: hidraw0: USB HID v0.03 Device [HID 05ac:0265] on usb-dummy_hcd.0-1/input0
[  245.376224][   T21] usb 1-1: USB disconnect, device number 5
[  245.570119][ T6433] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.547: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  245.593300][ T6433] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.547: couldn't read orphan inode 11 (err -117)
[  245.616353][ T6433] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback.
[  245.660169][ T6430] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.547: Invalid block bitmap block 0 in block_group 0
[  245.676615][ T6430] Quota error (device loop1): write_blk: dquota write failed
[  245.684828][ T6430] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  245.696126][ T6430] EXT4-fs error (device loop1): ext4_acquire_dquot:6234: comm syz.1.547: Failed to acquire dquot type 0
[  245.990677][   T21] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  246.031318][ T4669] EXT4-fs error (device loop1): __ext4_get_inode_loc:4327: comm kworker/u4:13: Invalid inode table block 8589934593 in block_group 0
[  246.069509][ T6446] fido_id[6446]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  246.392457][ T4843] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  246.456345][ T4843] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  246.496194][   T21] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  246.507147][   T21] usb 1-1: config 0 interface 0 has no altsetting 0
[  246.541505][ T6255] 8021q: adding VLAN 0 to HW filter on device batadv0
[  246.569537][ T6469] loop5: detected capacity change from 0 to 512
[  246.570754][ T4231] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  246.831017][   T21] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  246.961914][ T4231] usb 4-1: config 0 has an invalid interface number: 214 but max is 0
[  247.063874][   T21] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  247.384385][ T6469] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.551: invalid indirect mapped block 256 (level 2)
[  247.403116][ T4231] usb 4-1: config 0 has no interface number 0
[  247.409494][ T4231] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  247.427255][   T21] usb 1-1: Product: syz
[  247.440653][   T21] usb 1-1: Manufacturer: syz
[  247.445969][ T6469] EXT4-fs (loop5): 2 truncates cleaned up
[  247.452620][   T21] usb 1-1: SerialNumber: syz
[  247.460665][ T6469] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpid,auto_da_alloc,lazytime,journal_dev=0x0000000000000006,,errors=continue. Quota mode: writeback.
[  247.479228][   T21] usb 1-1: config 0 descriptor??
[  247.603910][   T21] usb 1-1: can't set config #0, error -71
[  247.669385][   T21] usb 1-1: USB disconnect, device number 6
[  247.680639][ T4231] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  247.700329][ T4231] usb 4-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  247.776582][ T6476] netlink: 12 bytes leftover after parsing attributes in process `syz.0.552'.
[  247.808303][ T4231] usb 4-1: Manufacturer: syz
[  247.942006][ T4231] usb 4-1: SerialNumber: syz
[  248.023156][ T4231] usb 4-1: config 0 descriptor??
[  248.284660][ T6489] netlink: 'syz.1.554': attribute type 3 has an invalid length.
[  248.643657][ T6498] loop0: detected capacity change from 0 to 128
[  248.731405][ T4231] usbtouchscreen: probe of 4-1:0.214 failed with error -71
[  248.740147][ T4843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  248.751911][ T6498] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  248.770500][ T6498] ext4 filesystem being mounted at /130/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  248.778597][ T4231] usb 4-1: USB disconnect, device number 5
[  248.811369][ T4843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  249.013002][ T6507] loop5: detected capacity change from 0 to 1024
[  249.032124][ T6507] EXT4-fs (loop5): Ignoring removed mblk_io_submit option
[  249.040865][ T6507] EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled
[  249.118023][ T6507] EXT4-fs error (device loop5): ext4_ext_check_inode:501: inode #11: comm syz.5.559: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  249.141596][ T6507] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.559: couldn't read orphan inode 11 (err -117)
[  249.156166][ T6507] EXT4-fs (loop5): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback.
[  249.199968][ T6507] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:476: comm syz.5.559: Invalid block bitmap block 0 in block_group 0
[  249.216701][ T6507] Quota error (device loop5): write_blk: dquota write failed
[  249.224540][ T6507] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  249.236789][ T6507] EXT4-fs error (device loop5): ext4_acquire_dquot:6234: comm syz.5.559: Failed to acquire dquot type 0
[  249.479293][ T4843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  249.560735][ T4843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  249.770310][ T4843] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  249.778741][ T4843] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  249.898302][ T6255] device veth0_vlan entered promiscuous mode
[  249.913054][ T6255] device veth1_vlan entered promiscuous mode
[  249.940271][ T6255] device veth0_macvtap entered promiscuous mode
[  249.965855][ T4670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  250.517198][ T4670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  250.585320][ T4254] EXT4-fs error (device loop5): __ext4_get_inode_loc:4327: comm kworker/u4:6: Invalid inode table block 8589934593 in block_group 0
[  250.662354][ T6255] device veth1_macvtap entered promiscuous mode
[  250.706031][ T6255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.727536][ T6255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.825941][ T6255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.873218][ T6255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.883362][ T6255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.894035][ T6255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.904271][ T6255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.915452][ T6255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.927053][ T6255] batman_adv: batadv0: Interface activated: batadv_slave_0
[  250.936059][ T4670] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  250.944994][ T4670] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  250.961889][ T4670] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  251.017887][ T4670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  251.052921][ T6255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  251.080867][ T6255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.132287][ T6255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  251.189111][ T6255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.226176][ T6255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  251.279745][ T6255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.348240][ T6255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  251.400179][ T6255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.468453][ T6255] batman_adv: batadv0: Interface activated: batadv_slave_1
[  251.504296][ T4843] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  251.534996][ T4843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  251.581762][ T6255] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  251.610348][ T6255] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  251.620069][ T6255] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  251.690739][ T6255] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  251.897312][ T6547] netlink: 12 bytes leftover after parsing attributes in process `syz.1.565'.
[  252.009971][ T4843] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  252.053597][ T4843] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  252.114802][ T6549] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link
[  252.205507][ T6547] netlink: 28 bytes leftover after parsing attributes in process `syz.1.565'.
[  252.243080][ T6534] loop5: detected capacity change from 0 to 32768
[  252.263106][ T6547] 8021q: adding VLAN 0 to HW filter on device bond2
[  252.302016][ T4670] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  252.311355][ T4670] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  252.344503][ T4670] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  252.366683][ T6534] XFS (loop5): Mounting V5 Filesystem
[  252.398888][ T4670] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  252.517928][ T4670] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  252.609134][ T6534] XFS (loop5): Ending clean mount
[  252.692102][ T6566] netlink: 12 bytes leftover after parsing attributes in process `syz.1.566'.
[  252.761953][ T4917] XFS (loop5): Unmounting Filesystem
[  253.138465][ T6578] device gre0 entered promiscuous mode
[  254.721515][ T6593] device syzkaller0 entered promiscuous mode
[  255.014267][   T13] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  255.103515][ T6604] device syzkaller0 entered promiscuous mode
[  255.450929][   T13] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  255.480428][   T13] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  255.640703][   T13] usb 2-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[  255.666474][ T6620] netlink: 12 bytes leftover after parsing attributes in process `syz.0.578'.
[  255.675709][   T13] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  255.712037][   T13] usb 2-1: Manufacturer: syz
[  255.762505][   T13] usb 2-1: config 0 descriptor??
[  255.843134][   T13] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  255.922633][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  255.929477][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  256.043857][   T13] usb 2-1: USB disconnect, device number 4
[  256.910493][ T6643] device syzkaller0 entered promiscuous mode
[  257.214085][ T6653] device syzkaller0 entered promiscuous mode
[  258.010532][ T6084] Bluetooth: hci5: command 0x0406 tx timeout
[  258.162939][ T6664] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  258.182366][   T26] audit: type=1800 audit(1775725640.400:30): pid=6656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.588" name="bus" dev="ramfs" ino=41331 res=0 errno=0
[  261.250531][   T23] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  261.503615][   T23] usb 1-1: Using ep0 maxpacket: 8
[  261.630566][   T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  261.654384][   T23] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  261.687734][   T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.730912][   T23] usb 1-1: config 0 descriptor??
[  261.836987][   T26] audit: type=1800 audit(1775725644.050:31): pid=6696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.597" name="bus" dev="ramfs" ino=41400 res=0 errno=0
[  262.004461][   T23] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  262.285354][ T6086] usb 1-1: USB disconnect, device number 7
[  265.996968][ T6807] loop5: detected capacity change from 0 to 1024
[  268.184984][ T6807] EXT4-fs (loop5): Ignoring removed mblk_io_submit option
[  268.250447][ T6807] EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled
[  268.425236][ T6807] EXT4-fs error (device loop5): ext4_ext_check_inode:501: inode #11: comm syz.5.616: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  268.530552][ T6807] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.616: couldn't read orphan inode 11 (err -117)
[  268.610714][ T6807] EXT4-fs (loop5): mounted filesystem without journal. Opts: sysvgroups,bsdgroups,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback.
[  268.762912][ T6806] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:476: comm syz.5.616: Invalid block bitmap block 0 in block_group 0
[  268.779264][ T6806] Quota error (device loop5): write_blk: dquota write failed
[  268.786979][ T6806] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  268.797343][ T6806] EXT4-fs error (device loop5): ext4_acquire_dquot:6234: comm syz.5.616: Failed to acquire dquot type 0
[  269.017397][ T1124] Quota error (device loop5): remove_tree: Getting block too big (0 >= 9)
[  269.047707][ T1124] EXT4-fs error (device loop5): ext4_release_dquot:6270: comm kworker/u4:3: Failed to release dquot type 0
[  269.590445][ T6077] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  269.636097][ T6833] nftables ruleset with unbound set
[  270.120590][ T6077] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  270.129852][ T6077] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  270.161279][ T6077] usb 4-1: Product: syz
[  270.182454][ T6077] usb 4-1: Manufacturer: syz
[  270.187282][ T6077] usb 4-1: SerialNumber: syz
[  270.243351][ T6077] usb 4-1: config 0 descriptor??
[  270.303626][ T6077] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  270.877666][ T6870] Unsupported ieee802154 address type: 0
[  272.790646][ T6077] gspca_stk1135: reg_w 0x200 err -71
[  272.799422][ T6077] gspca_stk1135: serial bus timeout: status=0x00
[  272.869635][ T6077] gspca_stk1135: Sensor write failed
[  272.893731][ T6077] gspca_stk1135: serial bus timeout: status=0x00
[  272.940363][ T6077] gspca_stk1135: Sensor write failed
[  272.983101][ T6077] gspca_stk1135: serial bus timeout: status=0x00
[  273.017246][ T6077] gspca_stk1135: Sensor read failed
[  273.037495][ T6077] gspca_stk1135: serial bus timeout: status=0x00
[  273.230357][ T6077] gspca_stk1135: Sensor read failed
[  273.236349][ T6077] gspca_stk1135: Detected sensor type unknown (0x0)
[  273.244322][ T6077] gspca_stk1135: serial bus timeout: status=0x00
[  273.252245][ T6077] gspca_stk1135: Sensor read failed
[  273.258470][ T6077] gspca_stk1135: serial bus timeout: status=0x00
[  273.268087][ T6077] gspca_stk1135: Sensor read failed
[  273.273835][ T6077] gspca_stk1135: serial bus timeout: status=0x00
[  273.300556][ T6077] gspca_stk1135: Sensor write failed
[  273.306389][ T6077] gspca_stk1135: serial bus timeout: status=0x00
[  273.380318][ T6077] gspca_stk1135: Sensor write failed
[  273.409066][ T6077] stk1135: probe of 4-1:0.0 failed with error -71
[  273.653830][ T6077] usb 4-1: USB disconnect, device number 6
[  274.836599][ T6923] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  276.925875][ T6958] 
[  276.928395][ T6958] =============================
[  276.963943][ T6958] WARNING: suspicious RCU usage
[  276.987846][ T6958] syzkaller #0 Not tainted
[  277.028566][ T6958] -----------------------------
[  277.067209][ T6958] include/linux/rhashtable.h:594 suspicious rcu_dereference_check() usage!
[  277.120177][ T6958] 
[  277.120177][ T6958] other info that might help us debug this:
[  277.120177][ T6958] 
[  277.175806][ T6958] 
[  277.175806][ T6958] rcu_scheduler_active = 2, debug_locks = 1
[  277.215628][ T6958] 1 lock held by syz.1.645/6958:
[  277.247915][ T6958]  #0: ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x136/0x1250
[  277.302287][ T6958] 
[  277.302287][ T6958] stack backtrace:
[  277.334477][ T6958] CPU: 1 PID: 6958 Comm: syz.1.645 Not tainted syzkaller #0
[  277.342129][ T6958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  277.352469][ T6958] Call Trace:
[  277.355988][ T6958]  <TASK>
[  277.358998][ T6958]  dump_stack_lvl+0x188/0x250
[  277.364047][ T6958]  ? load_image+0x400/0x400
[  277.368906][ T6958]  ? show_regs_print_info+0x20/0x20
[  277.374561][ T6958]  ? lockdep_rcu_suspicious+0x110/0x180
[  277.380555][ T6958]  ? local_bh_enable+0x20/0x20
[  277.385479][ T6958]  rhltable_lookup+0x7a9/0x7c0
[  277.390742][ T6958]  ? local_bh_enable+0x20/0x20
[  277.395979][ T6958]  ? release_firmware_map_entry+0x190/0x190
[  277.402113][ T6958]  ? mr_mfc_find_parent+0x190/0x190
[  277.408017][ T6958]  ? mark_lock+0x94/0x320
[  277.412494][ T6958]  ? local_bh_enable+0x20/0x20
[  277.417778][ T6958]  ? preempt_schedule+0xbc/0xd0
[  277.422700][ T6958]  ? ipmr_mfc_add+0x212d/0x2d40
[  277.427612][ T6958]  ? preempt_schedule+0xbc/0xd0
[  277.433537][ T6958]  ? schedule_preempt_disabled+0x20/0x20
[  277.440826][ T6958]  ? lock_chain_count+0x20/0x20
[  277.446007][ T6958]  mr_mfc_find_any_parent+0xb6/0x1e0
[  277.452336][ T6958]  ? local_bh_enable+0x20/0x20
[  277.457326][ T6958]  ip_mr_forward+0x24c/0xf90
[  277.462129][ T6958]  ipmr_mfc_add+0x23cc/0x2d40
[  277.467541][ T6958]  ? ipmr_mfc_delete+0x5f0/0x5f0
[  277.472688][ T6958]  ? __lock_acquire+0x7d10/0x7d10
[  277.478272][ T6958]  ip_mroute_setsockopt+0xeaf/0x1250
[  277.483768][ T6958]  ? ipmr_rule_default+0x70/0x70
[  277.488752][ T6958]  ? __might_sleep+0xf0/0xf0
[  277.493478][ T6958]  ip_setsockopt+0x568/0x3130
[  277.498406][ T6958]  ? ipv4_pktinfo_prepare+0x6f0/0x6f0
[  277.504168][ T6958]  ? aa_sk_perm+0x7dc/0x910
[  277.508804][ T6958]  ? aa_af_perm+0x340/0x340
[  277.513516][ T6958]  ? __fget_files+0x40f/0x480
[  277.518707][ T6958]  ? aa_sock_opt_perm+0x74/0x100
[  277.523795][ T6958]  ? sock_common_setsockopt+0x32/0xb0
[  277.529416][ T6958]  ? raw_setsockopt+0xc5/0x180
[  277.534350][ T6958]  ? sock_common_recvmsg+0x1c0/0x1c0
[  277.539698][ T6958]  __sys_setsockopt+0x2bf/0x3d0
[  277.544618][ T6958]  __x64_sys_setsockopt+0xb1/0xc0
[  277.549697][ T6958]  do_syscall_64+0x4c/0xa0
[  277.554131][ T6958]  ? clear_bhb_loop+0x30/0x80
[  277.558818][ T6958]  ? clear_bhb_loop+0x30/0x80
[  277.563614][ T6958]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  277.569934][ T6958] RIP: 0033:0x7f9e97db0819
[  277.574468][ T6958] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  277.595000][ T6958] RSP: 002b:00007f9e9600a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  277.603548][ T6958] RAX: ffffffffffffffda RBX: 00007f9e98029fa0 RCX: 00007f9e97db0819
[  277.611682][ T6958] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 0000000000000005
[  277.619983][ T6958] RBP: 00007f9e97e46c91 R08: 000000000000003c R09: 0000000000000000
[  277.628474][ T6958] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000
[  277.636974][ T6958] R13: 00007f9e9802a038 R14: 00007f9e98029fa0 R15: 00007fff86c0c2d8
[  277.645206][ T6958]  </TASK>
[  277.672199][ T6958] 
[  277.682538][ T6958] =============================
[  277.701655][ T6958] WARNING: suspicious RCU usage
[  277.723392][ T6958] syzkaller #0 Not tainted
[  277.751890][ T6958] -----------------------------
[  277.783829][ T6958] include/linux/rhashtable.h:369 suspicious rcu_dereference_check() usage!
[  277.825277][ T6958] 
[  277.825277][ T6958] other info that might help us debug this:
[  277.825277][ T6958] 
[  278.284321][ T6958] 
[  278.284321][ T6958] rcu_scheduler_active = 2, debug_locks = 1
[  278.295971][ T6958] 1 lock held by syz.1.645/6958:
[  278.304980][ T6958]  #0: ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x136/0x1250
[  278.317615][ T6958] 
[  278.317615][ T6958] stack backtrace:
[  278.342626][ T6958] CPU: 1 PID: 6958 Comm: syz.1.645 Not tainted syzkaller #0
[  278.351108][ T6958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  278.361487][ T6958] Call Trace:
[  278.364807][ T6958]  <TASK>
[  278.367780][ T6958]  dump_stack_lvl+0x188/0x250
[  278.372855][ T6958]  ? load_image+0x400/0x400
[  278.377462][ T6958]  ? show_regs_print_info+0x20/0x20
[  278.382781][ T6958]  ? lockdep_rcu_suspicious+0x110/0x180
[  278.388473][ T6958]  ? local_bh_enable+0x20/0x20
[  278.393266][ T6958]  rhltable_lookup+0x52a/0x7c0
[  278.398223][ T6958]  ? local_bh_enable+0x20/0x20
[  278.403293][ T6958]  ? mr_mfc_find_parent+0x190/0x190
[  278.408695][ T6958]  ? mark_lock+0x94/0x320
[  278.413307][ T6958]  ? local_bh_enable+0x20/0x20
[  278.418174][ T6958]  ? preempt_schedule+0xbc/0xd0
[  278.423244][ T6958]  ? ipmr_mfc_add+0x212d/0x2d40
[  278.428293][ T6958]  ? preempt_schedule+0xbc/0xd0
[  278.433610][ T6958]  ? schedule_preempt_disabled+0x20/0x20
[  278.439645][ T6958]  ? lock_chain_count+0x20/0x20
[  278.444533][ T6958]  mr_mfc_find_any_parent+0xb6/0x1e0
[  278.449854][ T6958]  ? local_bh_enable+0x20/0x20
[  278.454652][ T6958]  ip_mr_forward+0x24c/0xf90
[  278.459515][ T6958]  ipmr_mfc_add+0x23cc/0x2d40
[  278.464279][ T6958]  ? ipmr_mfc_delete+0x5f0/0x5f0
[  278.469412][ T6958]  ? __lock_acquire+0x7d10/0x7d10
[  278.474465][ T6958]  ip_mroute_setsockopt+0xeaf/0x1250
[  278.479769][ T6958]  ? ipmr_rule_default+0x70/0x70
[  278.484732][ T6958]  ? __might_sleep+0xf0/0xf0
[  278.489419][ T6958]  ip_setsockopt+0x568/0x3130
[  278.494346][ T6958]  ? ipv4_pktinfo_prepare+0x6f0/0x6f0
[  278.500051][ T6958]  ? aa_sk_perm+0x7dc/0x910
[  278.505004][ T6958]  ? aa_af_perm+0x340/0x340
[  278.509709][ T6958]  ? __fget_files+0x40f/0x480
[  278.514628][ T6958]  ? aa_sock_opt_perm+0x74/0x100
[  278.519619][ T6958]  ? sock_common_setsockopt+0x32/0xb0
[  278.525273][ T6958]  ? raw_setsockopt+0xc5/0x180
[  278.530168][ T6958]  ? sock_common_recvmsg+0x1c0/0x1c0
[  278.535967][ T6958]  __sys_setsockopt+0x2bf/0x3d0
[  278.541214][ T6958]  __x64_sys_setsockopt+0xb1/0xc0
[  278.546311][ T6958]  do_syscall_64+0x4c/0xa0
[  278.550831][ T6958]  ? clear_bhb_loop+0x30/0x80
[  278.555618][ T6958]  ? clear_bhb_loop+0x30/0x80
[  278.560479][ T6958]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  278.566732][ T6958] RIP: 0033:0x7f9e97db0819
[  278.571303][ T6958] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  278.591989][ T6958] RSP: 002b:00007f9e9600a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  278.600570][ T6958] RAX: ffffffffffffffda RBX: 00007f9e98029fa0 RCX: 00007f9e97db0819
[  278.608888][ T6958] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 0000000000000005
[  278.617127][ T6958] RBP: 00007f9e97e46c91 R08: 000000000000003c R09: 0000000000000000
[  278.625230][ T6958] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000
[  278.633401][ T6958] R13: 00007f9e9802a038 R14: 00007f9e98029fa0 R15: 00007fff86c0c2d8
[  278.641415][ T6958]  </TASK>
[  278.771130][ T6958] 
[  278.774122][ T6958] =============================
[  278.779477][ T6958] WARNING: suspicious RCU usage
[  278.812489][ T6958] syzkaller #0 Not tainted
[  278.828689][ T6958] -----------------------------
[  278.845305][ T6958] include/linux/rhashtable.h:614 suspicious rcu_dereference_check() usage!
[  278.866911][ T6958] 
[  278.866911][ T6958] other info that might help us debug this:
[  278.866911][ T6958] 
[  278.893510][ T6958] 
[  278.893510][ T6958] rcu_scheduler_active = 2, debug_locks = 1
[  278.913759][ T6958] 1 lock held by syz.1.645/6958:
[  278.924407][ T6958]  #0: ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x136/0x1250
[  278.948050][ T6958] 
[  278.948050][ T6958] stack backtrace:
[  278.955172][ T6958] CPU: 0 PID: 6958 Comm: syz.1.645 Not tainted syzkaller #0
[  278.962755][ T6958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  278.973572][ T6958] Call Trace:
[  278.977162][ T6958]  <TASK>
[  278.980240][ T6958]  dump_stack_lvl+0x188/0x250
[  278.985412][ T6958]  ? load_image+0x400/0x400
[  278.990138][ T6958]  ? show_regs_print_info+0x20/0x20
[  278.995492][ T6958]  ? lockdep_rcu_suspicious+0x110/0x180
[  279.001258][ T6958]  ? local_bh_enable+0x20/0x20
[  279.006316][ T6958]  rhltable_lookup+0x61e/0x7c0
[  279.011496][ T6958]  ? local_bh_enable+0x20/0x20
[  279.016863][ T6958]  ? mr_mfc_find_parent+0x190/0x190
[  279.022710][ T6958]  ? mark_lock+0x94/0x320
[  279.027185][ T6958]  ? local_bh_enable+0x20/0x20
[  279.032094][ T6958]  ? preempt_schedule+0xbc/0xd0
[  279.037088][ T6958]  ? ipmr_mfc_add+0x212d/0x2d40
[  279.042344][ T6958]  ? preempt_schedule+0xbc/0xd0
[  279.047478][ T6958]  ? schedule_preempt_disabled+0x20/0x20
[  279.053166][ T6958]  ? lock_chain_count+0x20/0x20
[  279.058257][ T6958]  mr_mfc_find_any_parent+0xb6/0x1e0
[  279.063673][ T6958]  ? local_bh_enable+0x20/0x20
[  279.068719][ T6958]  ip_mr_forward+0x24c/0xf90
[  279.073825][ T6958]  ipmr_mfc_add+0x23cc/0x2d40
[  279.078572][ T6958]  ? ipmr_mfc_delete+0x5f0/0x5f0
[  279.083583][ T6958]  ? __lock_acquire+0x7d10/0x7d10
[  279.088804][ T6958]  ip_mroute_setsockopt+0xeaf/0x1250
[  279.094232][ T6958]  ? ipmr_rule_default+0x70/0x70
[  279.099233][ T6958]  ? __might_sleep+0xf0/0xf0
[  279.103960][ T6958]  ip_setsockopt+0x568/0x3130
[  279.108697][ T6958]  ? ipv4_pktinfo_prepare+0x6f0/0x6f0
[  279.114205][ T6958]  ? aa_sk_perm+0x7dc/0x910
[  279.118762][ T6958]  ? aa_af_perm+0x340/0x340
[  279.123427][ T6958]  ? __fget_files+0x40f/0x480
[  279.128162][ T6958]  ? aa_sock_opt_perm+0x74/0x100
[  279.133175][ T6958]  ? sock_common_setsockopt+0x32/0xb0
[  279.139181][ T6958]  ? raw_setsockopt+0xc5/0x180
[  279.144335][ T6958]  ? sock_common_recvmsg+0x1c0/0x1c0
[  279.149663][ T6958]  __sys_setsockopt+0x2bf/0x3d0
[  279.155540][ T6958]  __x64_sys_setsockopt+0xb1/0xc0
[  279.160895][ T6958]  do_syscall_64+0x4c/0xa0
[  279.165360][ T6958]  ? clear_bhb_loop+0x30/0x80
[  279.170415][ T6958]  ? clear_bhb_loop+0x30/0x80
[  279.175582][ T6958]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  279.181520][ T6958] RIP: 0033:0x7f9e97db0819
[  279.185971][ T6958] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  279.205889][ T6958] RSP: 002b:00007f9e9600a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  279.214556][ T6958] RAX: ffffffffffffffda RBX: 00007f9e98029fa0 RCX: 00007f9e97db0819
[  279.222567][ T6958] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 0000000000000005
[  279.230661][ T6958] RBP: 00007f9e97e46c91 R08: 000000000000003c R09: 0000000000000000
[  279.239671][ T6958] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000
[  279.248421][ T6958] R13: 00007f9e9802a038 R14: 00007f9e98029fa0 R15: 00007fff86c0c2d8
[  279.257091][ T6958]  </TASK>