last executing test programs:

7.652828978s ago: executing program 0 (id=958):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000005c0)=@abs={0x0, 0x0, 0x20004e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r4=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000140)={r4, @in={{0x2, 0x4e20, @multicast1}}}, &(0x7f0000000040)=0x84)

5.714848842s ago: executing program 0 (id=962):
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(r1, &(0x7f0000001f80)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r2, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0)
setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@local, @local}, 0x10)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_mreq(r3, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0xfb, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r4, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000320, 0x8, "004ae9d56a571bfa970548fc3c7b000000000000000000000200", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c)
close(0xffffffffffffffff)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000001900))

5.254406602s ago: executing program 0 (id=976):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x14, r4, 0x1, 0x70bd26, 0x20000}, 0x14}}, 0x0)

5.253560002s ago: executing program 1 (id=967):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x800)
recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)

4.834923511s ago: executing program 3 (id=969):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000300)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r4, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a)

3.867767353s ago: executing program 3 (id=972):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r3, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20)
connect$l2tp6(r3, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
sendmmsg$inet6(r3, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00)

3.45424692s ago: executing program 2 (id=973):
fsopen(&(0x7f0000000200)='overlay\x00', 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
syz_open_dev$vim2m(&(0x7f0000001580), 0x57, 0x2)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000001200), 0x2, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
memfd_create(&(0x7f0000000f40)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89*`\xf3\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9m\xe94 \f-\xebNv\x04\xa2Z\x0f\x0e^\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00 \x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x84\xa8\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0&\x8a\x18\xdfH\x80\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x05\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\b\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15>\x8fQ\xc2\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x9b 1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x00p+sh\xf5\xd3\x86i\x01>U\x9d\bT\xcd\xa2\xea\x9c\xec\xea\xf2\'\x8a\x89\x10=\x8eklgW\x8fEOr\xa1\xee\xec\xed1\xa6\xfev\r\x16\x0e\xae\xe6[\xf7p\xd8\xc2\xa5\xa0\xed\x8e\xcc\xfd\xf2*\xc1\x9eD\x8b3Q\xd15\x9f\xf8/ \xa5\x05\xf486A\xc6\xc0Pq;\xeb\xa5\a+\x8d\xed\xb2\xf7\xd4Kd\x0f\x1d_\x96\x80\xfd\xf1i\"\x13\xf1\x19\xf0\xc8\xa6\xd5d&\rx\x90\xa8_\x15g`\xf6\xa0\x85\xa6\xeb\a7\xd8]l\x0f[4]&(b\x12;Y\x04\xa7\xb2E\t[\xf7\xe1\x04\xed\xbd\xa4\xbc\x9a\x8a\xb9q\x86\x88\xaf\xaeK6\xa5\xbb\xd6\x81\x04p\x10\xe8\x80\xeb\x0fM\xae\xed\\L\xf8\xb0/\x0e;\x97\xff\xff\xff\xff\xff\xff\xff\x7f\xf2.\xef\xa8\xfd\r\x84\x80\xf8Yv\xc4\xcb\x00Rb\x0e(\xa3\xcf$\xd8\xd3vqG>\x05Z\xb2\xd0\xf6\x8c\xf77\xf8\x1f\x99\x18wZ\x1e\n\xbd\xb9\xa1\xe4H\xea\xab\x15\x1f\xec\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8e\xe5U\x87H\xc7~\x952 \x1b\xeb\xd8\xff\x17C\xd4/I\x82N\xea\x99k\x9e\x91G\x01\x01\xe7NX\x15%>\xdc\xd6\x85\r\xf2\xc6\x0f\x18wk\xd9\x83\"\x1f\x0f\t\xd0D\x9e\xdf\'\xea#\xcc$V\xfa\xb8%\x0f\x8b\xa2\xa16l\xf626u\xc4\xf7y\xec5\xce\xd9\xe5\xba\x1e\xfb\xc3\xbe\xb0`\x87\x99z\x1b\xcc&\x8d\xf3\x81\x8d\xab\xd7\xa0+\xb1\xd5\xa8c\x8a/1\xc0\xach\xd04se!k\xed\xae\xe0\xa3\x1by\"b\"c\xa25CA\x17\xedc7\x80\xad(S;\x8f2\x00\fS\xc7\xf5eS\xc0\xddc7\x86\x9a\x90nvI\x04g\xab\x88\xf3\xb5\xfaVZ\x02\xf6\x1b\xf2\x9d\b\xe5m*\xe5\x87\xfe\xb7o\x19j\xf5\xd9\x9f~\xe6)\x92h\xfd\xb4\x0e\xea\xfd\x0e\xfc\x02\xce=\xcc\xfc3j\x81\xbb\xfc*h\xf7\xd1\xb1`,x\xb3\x13F\x18\xbb\xa1I\b\xc8\xa5M\x14+_\x8f\xe3\xa3=\x8b}\x85\xf0\x9djE\x99\xfd\x1e\xa0\xc8\xcc\x94\x00\x02\xb9\xbaB\xd1rq\xf7\xe4\xee\x9a\xa1\x88\xa8g\xd0\xf5R\xae\xffne\x87\x1b\x1e\xea\x94\xf8\x98\xbf\xef\x8b\xaby\x8d\xe1\xf7\xb8E~Ou\xc7\xae\x96j\xff\xd3\xe1\xa9\x13\xa2\x061R<1]\xb75\x91\xfa\xc2\a\xc1\xf18\xc3\x977\xaf\x01vzl\xc3\xefex\xc8r\aE\x1d\x11Ld\xa6\xf0\x03\xb2.\xa1;\x05U\xab&\x1bo\x1b\n\x96\x93FO%H\x1fr\xe8\xde&\x95\xd7d\x8d\xde\xa8\xaa\xf3\xc8\x99M\x90V,f\xc1\x9d\x95y\x12\x84\xddw\x87y\x80\x9f/', 0x2)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20040040}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)

3.360953395s ago: executing program 0 (id=974):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r3, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000180)='W', 0x1}], 0x1}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
recvmsg(r4, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x10000)
sendmsg$inet(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x840)

2.836198767s ago: executing program 3 (id=975):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x54, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x2}, [@IFLA_CARRIER={0x5, 0x21, 0x8}, @IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10, 0x2, {0x80000000, 0x33d, 0x8}}]}]}, @IFLA_IFNAME={0x14, 0x3, 'team0\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c801}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_0\x00', <r3=>0x0})
write(r0, &(0x7f0000000480)="5ce4b8276f4832147f7137e672df16222c2758364453d053fbb2bd91e81e75df0e5122fa1b4fe0754adc40257eafaa4838fef39ef1c20714", 0x38)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000040)={'team0\x00', <r5=>0x0})
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000500), 0x200, 0x0)
r6 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x5c, r6, 0x1, 0x70bd25, 0x0, {0x1, 0x6c00000000000000}, [{{0x8, 0x1, r5}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r3}}}]}}]}, 0x5c}, 0x1, 0xf000, 0x0, 0x3000000}, 0x10)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
syz_open_dev$loop(0x0, 0x8, 0x2180)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0x1000, 0x0, r0, 0x1000, '\x00', r3, r7, 0x3, 0x4, 0x5}, 0x50)

2.834559527s ago: executing program 2 (id=986):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200601, 0x0)
lseek(r0, 0x81, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NFT_MSG_GETCHAIN(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x40040}, 0x0)
getsockname$packet(r4, &(0x7f0000000280)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000370400000000ffdbdf2500000000", @ANYRES32=r5, @ANYBLOB="83450500010000001c0012800b00010067656e65766500000c00028005000d0002000000a19ad46a1816"], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x50}, {0x6}]}, 0x10)
sendmmsg$inet(r2, &(0x7f0000000440)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @empty}}}], 0x20}}, {{&(0x7f00000000c0)={0x2, 0x4e24, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000580)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x8}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @dev={0xac, 0x14, 0x14, 0x2e}, @local}}}], 0x38}}], 0x2, 0x4000084)
recvfrom$inet_nvme(r1, 0x0, 0x0, 0x40, 0x0, 0x0)

2.790358179s ago: executing program 3 (id=977):
epoll_create1(0x0)
epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x40000}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="af4fd73a", 0xffffffffffffff19, 0x840, 0x0, 0x0)
shutdown(r0, 0x1)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000340)=0x20000000, 0x4)
socket$inet6_udp(0xa, 0x2, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

2.744379401s ago: executing program 1 (id=978):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newqdisc={0x30, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x24, 0x29, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0x2, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x40)

2.723212872s ago: executing program 2 (id=979):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x7, 0x4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x1}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7fffffff, 0x1}}]}}]}, 0x48}}, 0x8d0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newtfilter={0x70, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x8}, {0xfff2}, {0xfff1, 0x10}}, [@filter_kind_options=@f_bpf={{0x8}, {0x44, 0x2, [@TCA_BPF_ACT={0x34, 0x1, [@m_vlan={0x30, 0x9, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}]}}]}, 0x70}}, 0x0)

2.656447595s ago: executing program 4 (id=980):
r0 = getpgid(0x0)
ioprio_set$pid(0x1, r0, 0x2000)
ioprio_set$pid(0x2, r0, 0x6000)
r1 = getpgid(0x0)
ptrace$getenv(0x4201, r1, 0x0, 0x0)
sched_getaffinity(r1, 0x8, &(0x7f0000002040))
timer_create(0x2, &(0x7f0000002080)={0x0, 0x1d, 0x0, @tid=0xffffffffffffffff}, &(0x7f00000020c0)=<r2=>0x0)
r3 = getpgid(0x0)
ptrace$getenv(0x4201, r3, 0x0, 0x0)
rt_tgsigqueueinfo(r0, r3, 0xe, 0x0)
r4 = getpgid(0x0)
ioprio_get$pid(0x1, r4)
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000002240)=0x871)
timer_delete(r2)

2.627018616s ago: executing program 2 (id=981):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r3 = fsopen(&(0x7f0000000040)='efivarfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)

2.625953267s ago: executing program 4 (id=982):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
shutdown(0xffffffffffffffff, 0x0)
open$dir(0x0, 0x2, 0x4)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x8, 0x3, 0x4c0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f0, 0xffffffff, 0xffffffff, 0x3f0, 0xffffffff, 0xb, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x230, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@set2={{0x28}, {{0x0, 0x40}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)

2.159440377s ago: executing program 1 (id=983):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r3, 0x40046208, 0x0)

2.158218887s ago: executing program 0 (id=984):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newlink={0x40, 0x10, 0xffffff1f, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x15482, 0x35288}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}, @IFLA_MTU={0x8}]}, 0x40}}, 0x0)

1.6304992s ago: executing program 3 (id=985):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @private=0xa010100, 0x15, 0x3, 'lblc\x00', 0x1, 0x4, 0x6d}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0)

1.629229609s ago: executing program 2 (id=996):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4004800, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffe, 0x0, 0x20000000000000}, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x11, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x87}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0xe, 0x0, &(0x7f00000003c0)="c274386d178550cb864bd57221bc", 0x0, 0x1200000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.583504822s ago: executing program 1 (id=987):
r0 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000004c0)='j\x95\'\x8aC\x16\xca\\', &(0x7f0000000c40)='\xe6usek\v\xf6u%\x9b\x00\x00\xad\xeb\x00\x00\x00\x00\x01\x80\x00\x00\xcf\x9b\x9f\b\xb6\xfe\xc8\xda~-\xf5S>\xb8\x86\xfc\x9cVR\x82\x9a\xbdp\xbd\x83w\xf9Z\xd2\xcb\xcdF\xd0#N7\x17\xfc\x1e\xf1\x97\xffxi\xe0KE}]\x8e\xca\xe3+\xc8\x98\x03\x91\x88(\bn\x7f\x0e\x85\xa5\xb4\n?_\xc9\xef\xe0Q\xdb\xb6\xa5\x81t\x06\xda\x95\x935\xf1\x18\xac\x00\xf0\xff\xff\xbd\xb5\xa1\x06\xfd\x01\x00\x00\x00\x0f\xf8\xe3\x8a\x1f\x9c\xf3\xc5\x1f\xf9\xbf[\xd13\xb3\xd3j\r6\x7f', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000140)='{:\'@-\x00', &(0x7f0000000180)='%*.\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000003c0)='\x00', &(0x7f0000000400)='(!\xef(.(\\-]\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000200)='^](*\r\\!\x00', &(0x7f0000000500)='{:\'@-\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b80)='\xe0\"\xef\xb1\xea\xe6\x9c\xe6\xc8M\xdb\x86\xb3\x8b\xbe\xd5\xbdB\x92\xa0\x19-+a\x13qQ\xd5f39hSr\xafbB\xe2\xe8\xcd\x1bf\x18\x7f\xf27E#\"\xab\x99\xec\x88\x8d\xd8C\x0f\x95\xff\xfeG\xf9t\xb1 \xcc\xc5\xbb\x88\xb6\xd2\xf2Jwq\xf8oG<v\xb8\x18\x80\xe1Kf\xf8R\xdd\x06\xe8\xfbl\v\xb0\xdd\x05\x05\xd8\xdb\xfd`\xf9\xf8\x915\b\x8c\xad\xc8\x9d=\xfeN\x8b\x1eR\x1e\xf8\x9dn\x19H\xd2aE\xa0\x06\xb0Yv\xf9^\x8c\x8f\xc3\xa5\x985\x85U\x8cZ/\'\xbd\xe2\xdc\xe3\xb9\x8e$Z\xef\xa8\xe5(Mt\xd3\xd9\xf6X\x1a\x9b\t$N\xd0U\xe2z\xeb\x01\x80!0\xe8\xc3\xce\xf8\x03\xde\x92s\xf9', &(0x7f0000000ac0)='fuseblk\x00M\x13k\x92#\x05z)\xe0c\\35\xdf%\xa3\xac!zoO\xf8\xcex\xb3\f\xad@\x853o\x0f0\x1a\xc0\"\xf7\x11Z\x01\xc1\xd9\x9fbJ7\xd1\xad\xe1\xed\x87\xae\x11-s\xb4\xbd\x1e\x9a\xd7\xc1crt\x88%\x92\x8fL\x8d\xb3-\xb60O \xc5\xd1q\xcc\x97\xe0\xe8\xb0\n\v\xa9V\xfa\xeb\x1e|M\x98W\x81\xa2@{_\xba^\xa2\x82k\x10G\xfc\xd4\x99Pl\xfa\xe8\x7f\xc9 h\xd0\xfd\x04\x95\x8c\xb1\xe7', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000a40)='^,/\x00', &(0x7f0000000a80)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000280)='\x1c@\\\x00', &(0x7f00000002c0)='\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000300)='(\xed\xef(.(\\-]\x00', &(0x7f0000000340)="0f", 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000380)='}\x00', &(0x7f0000000880)='\xc1J\xaf\xfd,\x86\xbc\xa9\x02\xf2\xf6\xe2\xcd\x9f\xf6\x83\xeb\xba_6\xfdR\xd0\x8d\xc1\xf6.$w\xab|*`\x11H+^\xbb\x8ar\xb1\x8ec\xecQ\x94\x15\xbe\x80E\x9c\x93Hq?<(+\xceb0\xcc\xad\xdd\x1c\xee\x19\x1b\x91Z\x85\xb7\x04\xe7\xaf\xe0W,G\xc8\xc0\xbcR\x90\x17\x19@m\xa5\x19\x16i\xc8\x99)\xa5\xb0\xba\xbc\xe0rV\x06\xd0B\x0f\xcdF\xbc\x8e\x8a^%8k\x849@\x15=kxS\x1c\xc1\xdaT\x9c\b\xb6\xd8\xa0st~\xf1\x93\xb8\xba\xa5gV\x18F\x8f\xf4b\xdc\x19_P\x81\xa4\xc3\\g\x11\xd1\xc8 U\xba\x03\xc9\xf17\x88\r\xb99]\xdfM\xc8AQB\xc3\xf0\xf7t\xee\x95&w\xc3;\xf1C\xea!J\x19\xe1\xfe\x0f\x84\xdfY\x10\xed\x1c\xb2n\xc0ME\xaa\x9e\xd1f\x92q\xeb\xdb)\xcd1(>\x8e\x0f}\x03\xdd\xf8\x84\x9bz!\x80F\xc5ls< \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\x1c\x9f\xbd\xcd\xea\xc3w\xa3\xf5\x1d.\x00\x00\x00\xa0\xf4\xe9\xe2\x83\xac\xde\x95cmvM\x12\xc1O\x1f#\xcd\x90\x1e\x03\x1e}\xe7w\xe7\"Oh`\xed\bM9\xaf\xa3BQ\xbf\xfd1\x1cG\xb5\xed\x86\xb9Q(\x19dZ\x8da\x008e*\x928\xcf\x0f\x0e\x05\x1dM?\x11$E\xc3\x12\x1e\xffI\x84t0D\xec\xf3T\xe2\xddJm\x87\xc9\xb1\xff\n\xa1\x13\xcbo\xc6\xda\x84\x02\xa3\x14\xf2q\x96\xa8Sa\xe4\x1f\x01\xa2]\xb2\xc9\xd5\xff\xfd\xf2\xb5\xf5\xef \xc7\x02\x927\xdb\xa5\a\x9eS\xb6\xe2\xbaL\x99n\xb4\xe3\xf7\x0eU\xc0', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='(\xed\xef(.(\\-]\x00', &(0x7f00000000c0)='f\xf0p\xce\x97\xbb\xd2dH\xdf\xbd\x18\x9baE\xef\x90\x90\x057g\x85\xf4\xf0\xba\xb0\xb1\x06\xa6q\xef\x03H\xda\"`\xd6', 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000240)='fuseblk\x00', 0x0, r0)
read(r0, 0x0, 0xfffffea1)
close(r0)

1.557996973s ago: executing program 1 (id=988):
socket$netlink(0x10, 0x3, 0x0)
mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180), 0xfea7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400}, 0x8000)
sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16, @ANYBLOB="2d01620000000900509072fb60cb080003"], 0x2c}}, 0x0)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r4, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r0], 0x4}}, 0x0)
sendfile(r3, r1, 0x0, 0x100000000)

1.526307454s ago: executing program 4 (id=989):
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040057}, 0x240008c4)
sendmsg$IPSET_CMD_LIST(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x1c, 0x7, 0x6, 0x401, 0x0, 0x0, {0x5, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004055}, 0x48000)
syz_read_part_table(0x59d, &(0x7f0000000000)="$eJzs0r1Lu1cUB/CbgKSFSkQEBzsIBpdGhTjokAxWYprFiFiR0llw0EFwcJCU6OzLP6D4BuIidnYUI4hCnCSjOBcUl0wprU+hrV3aYkp/fD5LuPece08u3yfwvxYPPzWbzVgIoZn4+6e/Pc1PFHunxqZnQoiF70MI+S+/+LUSizp+u/U8WpeidTGRqe3fjL+cdtz23VdTh/GofhEP4YcQwuLjUfLfvo1P31nuKrm+sVzYXM0tPBTWnobnB/I9W/mlnZGDbHm2OzsXfVgX8dbMT9VGj++apefd9sG2aq2RuY760rGPmc9/68/573VV6pXGZP/JylC6s35Z3o5yf5U/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwwc5yV8n1jeXC5mpu4aGw9jQ8P5Dv2cov7YwcZMuz3dm5+FvfRbw181O10eO7Zul5t32wrVprZK6jvnTs3dGvf/yYv0QLfRX+mP9eV6VeaUz2n6wMpTvrl+XtKPfX9/kDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyl/ESxd2pseiaEWPgshPDN/Xd9v+w3E2/1WNR3Hv2Wov1iIlPbvxl/Oe247buvpg6nEiEkfnfv4uNR8vNWPoR/5OcAAAD//8gGhpo=")
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xff, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0)

1.467917547s ago: executing program 1 (id=990):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0xd, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bc8900000000000035090100000000009500000000000000b7080000000000007b9a00fe00000000b509000000000000c3aaf0fff1000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018220000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000004608ebff76000000bf9800000000000056080000000000008500000000000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.206350998s ago: executing program 0 (id=991):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000004c0000004c00000002000000000000000000000903000000000000000000000105000000080000000000000000000003000000000200000002000000000200000000000000000003000000000100000002"], 0x0, 0x66}, 0x20)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x201000, 0x1000}, 0x20)

1.074451834s ago: executing program 4 (id=992):
r0 = socket$inet(0xa, 0x801, 0x84)
listen(r0, 0x8)
r1 = socket$inet(0xa, 0x801, 0x84)
listen(r1, 0x8)
r2 = socket$inet(0xa, 0x801, 0x84)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r3, 0x4)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
listen(r4, 0x100)
listen(r2, 0x8)
r5 = socket$inet(0xa, 0x801, 0x84)
listen(r5, 0x1)
r6 = socket$netlink(0x10, 0x3, 0x4)
writev(r6, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)

1.007149037s ago: executing program 4 (id=993):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @broadcast, 'geneve1\x00'}}, 0x1e)
r2 = socket$pppoe(0x18, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)

531.298678ms ago: executing program 3 (id=994):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r3, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000180)='W', 0x1}], 0x1}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
recvmsg(r4, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x10000)
sendmsg$inet(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x840)

402.012043ms ago: executing program 2 (id=995):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0xacecc787ffad8d56, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xf}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x0, 0x1, {0x0, 0x4, 0x9}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0xffff}, {}, {0x2, 0x1}}, [@qdisc_kind_options=@q_cbq={{0x8}, {0x1c, 0x2, [@TCA_CBS_PARMS={0x18, 0x1, {0x4, '\x00', 0x80000000, 0x3, 0xfffffffd, 0x1}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r7, &(0x7f0000000140)="bad330fbc9b5544972e7a5ea0756", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r6, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14)

0s ago: executing program 4 (id=997):
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000180)=0x3)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r4=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f00000001c0)={0xfff8, 0x6, 0x89, 0xc9, r4}, &(0x7f0000000340)=0x10)

kernel console output (not intermixed with test programs):

comes ready
[   33.938806][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   33.941859][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   33.943431][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   33.944925][ T1771] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.946066][ T1771] bridge0: port 1(bridge_slave_0) entered forwarding state
[   33.947423][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   33.948853][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   33.951235][ T1771] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.952411][ T1771] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.953817][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   33.956465][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   33.964205][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   33.967402][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   33.968589][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   33.970326][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   33.972079][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   33.973318][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   33.978252][ T4322] 8021q: adding VLAN 0 to HW filter on device batadv0
[   33.986012][ T4320] 8021q: adding VLAN 0 to HW filter on device batadv0
[   33.988348][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   33.990246][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   33.991767][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   33.993295][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   33.995692][ T4324] device veth0_macvtap entered promiscuous mode
[   33.997929][ T4324] device veth1_macvtap entered promiscuous mode
[   34.005435][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   34.006987][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   34.010125][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   34.012636][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   34.014595][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   34.032105][ T4323] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   34.033691][ T4323] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   34.036559][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   34.038199][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   34.040853][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   34.042412][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   34.044024][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   34.045520][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   34.046902][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   34.053832][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   34.055497][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   34.062151][ T4324] batman_adv: batadv0: Interface activated: batadv_slave_0
[   34.067675][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   34.069262][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   34.075072][ T4324] batman_adv: batadv0: Interface activated: batadv_slave_1
[   34.083273][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   34.085544][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   34.087100][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   34.088667][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   34.093324][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   34.094967][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   34.096956][ T4322] device veth0_vlan entered promiscuous mode
[   34.107554][ T4322] device veth1_vlan entered promiscuous mode
[   34.111796][ T4324] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   34.113388][ T4324] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   34.114698][ T4324] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   34.116095][ T4324] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   34.132501][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   34.134037][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   34.135359][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   34.136884][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   34.138359][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   34.142549][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   34.144890][ T4321] 8021q: adding VLAN 0 to HW filter on device batadv0
[   34.146178][ T4320] device veth0_vlan entered promiscuous mode
[   34.148364][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   34.151163][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   34.158928][ T4320] device veth1_vlan entered promiscuous mode
[   34.187191][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   34.188842][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   34.191294][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   34.192796][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   34.194693][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   34.196330][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   34.198268][ T4322] device veth0_macvtap entered promiscuous mode
[   34.201955][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   34.203423][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   34.204704][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   34.213254][ T4323] 8021q: adding VLAN 0 to HW filter on device batadv0
[   34.215864][ T4322] device veth1_macvtap entered promiscuous mode
[   34.232962][ T1772] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   34.234678][ T1772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   34.235054][  T887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   34.236140][ T1772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   34.237076][  T887] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   34.238601][ T1772] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   34.242042][ T1772] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   34.244865][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   34.248975][ T4321] device veth0_vlan entered promiscuous mode
[   34.254778][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   34.256501][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   34.258376][ T4322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.262696][ T4322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.264926][ T4322] batman_adv: batadv0: Interface activated: batadv_slave_0
[   34.268867][ T4320] device veth0_macvtap entered promiscuous mode
[   34.272596][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   34.274188][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   34.275783][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   34.286391][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   34.286721][ T4322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.287668][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   34.290421][ T4322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.292917][ T4322] batman_adv: batadv0: Interface activated: batadv_slave_1
[   34.294215][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   34.295791][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   34.297378][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   34.299277][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   34.301444][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   34.304772][ T4321] device veth1_vlan entered promiscuous mode
[   34.306792][ T4320] device veth1_macvtap entered promiscuous mode
[   34.321582][ T4322] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   34.322986][ T4322] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   34.324265][ T4322] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   34.325562][ T4322] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   34.332893][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   34.334433][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   34.335831][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   34.337394][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   34.338904][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   34.343004][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   34.344538][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   34.346182][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.347709][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.349143][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.351788][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.354030][ T4320] batman_adv: batadv0: Interface activated: batadv_slave_0
[   34.359241][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   34.361459][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   34.374763][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.376488][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.380184][ T4320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.381904][ T4320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.385111][ T4320] batman_adv: batadv0: Interface activated: batadv_slave_1
[   34.386352][ T1772] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   34.388098][ T1772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   34.391377][ T4323] device veth0_vlan entered promiscuous mode
[   34.397788][ T4320] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   34.399113][ T4320] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   34.401314][ T4320] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   34.402695][ T4320] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   34.409633][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   34.411282][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   34.422610][ T4321] device veth0_macvtap entered promiscuous mode
[   34.426956][ T4323] device veth1_vlan entered promiscuous mode
[   34.432916][ T1771] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   34.434155][ T1771] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   34.607050][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   34.612236][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   34.641633][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   34.689332][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   34.755939][ T4321] device veth1_macvtap entered promiscuous mode
[   34.784413][ T4435] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   34.785727][ T4435] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   34.791429][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   34.802088][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   34.803878][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   34.811794][ T4323] device veth0_macvtap entered promiscuous mode
[   34.814265][ T4323] device veth1_macvtap entered promiscuous mode
[   34.827305][ T4321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.835943][ T4321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.837487][ T4321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.839105][ T4321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.843283][ T4321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.845100][ T4321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.847681][ T4321] batman_adv: batadv0: Interface activated: batadv_slave_0
[   34.853200][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   34.854875][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   34.856379][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   34.857832][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   34.863649][ T4435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   34.864841][ T4435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   34.866540][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   34.878855][ T4435] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   34.881386][ T4435] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   34.883537][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   34.887668][ T4323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.889231][ T4323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.899489][ T4323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.901155][ T4323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.902671][ T4323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.905992][ T4323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.907599][ T4323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.909321][ T4323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.914690][ T4323] batman_adv: batadv0: Interface activated: batadv_slave_0
[   34.932173][ T4323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.933947][ T4323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.935563][ T4323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.937259][ T4323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.938725][ T4323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.941477][ T4323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.943884][ T4323] batman_adv: batadv0: Interface activated: batadv_slave_1
[   34.946473][ T4323] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   34.947900][ T4323] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   34.949753][ T4323] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   34.951237][ T4323] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   34.988723][ T4321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.991795][ T4321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.993490][ T4321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.995032][ T4321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.996509][ T4321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.998122][ T4321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   35.000701][ T4321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   35.002365][ T4321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   35.004952][ T4321] batman_adv: batadv0: Interface activated: batadv_slave_1
[   35.006183][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   35.007965][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   35.010014][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   35.011567][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   35.013112][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   35.014735][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   35.027038][   T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   35.028547][   T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   35.399160][ T4332] Bluetooth: hci4: command 0x041b tx timeout
[   35.402687][ T4328] Bluetooth: hci0: command 0x041b tx timeout
[   35.423755][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   35.433114][ T4321] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   35.437095][ T4321] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   35.438467][ T4321] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   35.443511][ T4321] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   35.459537][ T4328] Bluetooth: hci1: command 0x041b tx timeout
[   35.461326][ T4328] Bluetooth: hci2: command 0x041b tx timeout
[   35.462497][ T4328] Bluetooth: hci3: command 0x041b tx timeout
[   35.947896][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   35.950361][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   35.975946][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   35.978042][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   35.986154][ T4448] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   35.992272][ T4448] device bridge_slave_0 left promiscuous mode
[   35.993995][ T4448] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.016805][ T4457] loop1: detected capacity change from 0 to 256
[   36.022441][ T4457] exfat: Unknown parameter 'F¥ÅámA‡eÉ?�˜ÔwH�~íƒk|ˆ³Õ¤�ce‰:†aF]¼$cas¢%¥NÍ:…{ìý„ SÖ¯€bP‘³wÑù?¶Àù�Úñ8¼Ô�0x000000000000000000000000000000000000003'
[   36.041102][ T4448] device bridge_slave_1 left promiscuous mode
[   36.042407][ T4448] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.071223][ T4448] bond0: (slave bond_slave_0): Releasing backup interface
[   36.123841][ T4448] bond0: (slave bond_slave_1): Releasing backup interface
[   36.170178][ T4448] team0: Port device team_slave_0 removed
[   36.177486][ T4448] team0: Port device team_slave_1 removed
[   36.178810][ T4448] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   36.180658][ T4448] batman_adv: batadv0: Removing interface: batadv_slave_0
[   36.182604][ T4448] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   36.183821][ T4448] batman_adv: batadv0: Removing interface: batadv_slave_1
[   36.187535][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   36.195352][ T4451] netlink: 'syz.0.1': attribute type 10 has an invalid length.
[   36.207334][ T4451] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[   36.271242][ T4435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   36.272476][ T4435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   36.319286][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   36.323485][ T4435] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   36.325151][ T4435] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   36.330767][ T4435] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   36.763909][ T4466] capability: warning: `syz.2.3' uses deprecated v2 capabilities in a way that may be insecure
[   36.822574][ T4475] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   36.823823][ T4475] IPv6: NLM_F_CREATE should be set when creating new route
[   36.824876][ T4475] IPv6: NLM_F_CREATE should be set when creating new route
[   37.449853][ T4332] Bluetooth: hci0: command 0x040f tx timeout
[   37.450852][ T4332] Bluetooth: hci4: command 0x040f tx timeout
[   37.529705][ T4328] Bluetooth: hci3: command 0x040f tx timeout
[   37.530702][ T4328] Bluetooth: hci2: command 0x040f tx timeout
[   37.531705][ T4328] Bluetooth: hci1: command 0x040f tx timeout
[   37.561704][ T4489] vcan0: tx drop: invalid da for name 0x0000000000000015
[   37.581997][ T4491] loop0: detected capacity change from 0 to 512
[   37.629101][ T4491] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   37.666256][ T4491] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[   37.668823][ T4491] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.19: invalid indirect mapped block 2683928664 (level 1)
[   37.679568][ T4491] EXT4-fs (loop0): Remounting filesystem read-only
[   37.681366][ T4491] EXT4-fs (loop0): 1 truncate cleaned up
[   37.682310][ T4491] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   37.752418][ T4480] Zero length message leads to an empty skb
[   37.796941][ T4320] EXT4-fs (loop0): unmounting filesystem.
[   37.966244][ T4505] ptrace attach of "./syz-executor exec"[4324] was attempted by "./syz-executor exec"[4505]
[   39.252816][   T27] audit: type=1326 audit(39.240:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4510 comm="syz.1.26" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb735b9e8 code=0x7fc00000
[   39.296661][ T4530] loop0: detected capacity change from 0 to 1024
[   39.298422][ T4530] EXT4-fs: Ignoring removed mblk_io_submit option
[   39.332750][ T4530] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   39.355710][ T4530] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   39.367615][ T4530] EXT4-fs error (device loop0): ext4_expand_extra_isize_ea:2749: inode #2: comm syz.0.31: corrupted in-inode xattr
[   39.385539][ T4530] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2819: Unable to expand inode 2. Delete some EAs or run e2fsck.
[   39.432455][ T4530] EXT4-fs error (device loop0): ext4_xattr_ibody_get:603: inode #2: comm syz.0.31: corrupted in-inode xattr
[   39.710906][ T4328] Bluetooth: hci0: command 0x0419 tx timeout
[   39.711328][ T4325] Bluetooth: hci1: command 0x0419 tx timeout
[   39.713307][ T4332] Bluetooth: hci4: command 0x0419 tx timeout
[   39.713329][ T4328] Bluetooth: hci2: command 0x0419 tx timeout
[   39.715251][ T4325] Bluetooth: hci3: command 0x0419 tx timeout
[   39.946706][ T4320] EXT4-fs (loop0): unmounting filesystem.
[   40.071837][ T4556] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   40.075028][ T4556] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   40.076395][ T4556] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   40.083622][ T4556] bond0: (slave netdevsim0): Releasing backup interface
[   40.883573][   T27] audit: type=1326 audit(40.870:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4563 comm="syz.4.41" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9555b9e8 code=0x0
[   40.906722][ T4564] team0: Mode changed to "loadbalance"
[   41.643623][ T4556] device vlan0 entered promiscuous mode
[   41.668800][ T4556] team0: Port device vlan0 added
[   41.682489][ T4556] tipc: Started in network mode
[   41.683510][ T4556] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[   41.684972][ T4556] tipc: Enabled bearer <eth:team0>, priority 0
[   41.877576][ T4596] loop1: detected capacity change from 0 to 128
[   41.885775][ T4596] FAT-fs (loop1): bogus number of FAT sectors
[   41.886901][ T4596] FAT-fs (loop1): Can't find a valid FAT filesystem
[   41.978988][ T4605] batman_adv: batadv0: Adding interface: dummy0
[   41.980497][ T4605] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   41.984609][ T4605] batman_adv: batadv0: Interface activated: dummy0
[   41.993151][ T4605] batadv0: mtu less than device minimum
[   41.997393][ T4605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   42.000760][ T4605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   42.003693][ T4605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   42.006544][ T4605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   42.009390][ T4605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   42.012248][ T4605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   42.015073][ T4605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   42.017971][ T4605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   42.021027][ T4605] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   42.407084][ T4618] netlink: 156 bytes leftover after parsing attributes in process `syz.4.57'.
[   42.412783][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   42.414885][ T4614] loop3: detected capacity change from 0 to 8192
[   42.415734][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   42.417269][ T4616] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   42.430250][ T4616] team0: Port device vlan0 removed
[   42.434799][ T4477] tipc: Resetting bearer <eth:team0>
[   42.476350][ T4614]  loop3: p3 < > p4
[   42.477025][ T4614] loop3: partition table partially beyond EOD, truncated
[   42.480921][ T4614] loop3: p4 start 49158 is beyond EOD, truncated
[   42.849635][ T3899] tipc: Node number set to 11578026
[   43.039026][ T4634] loop3: detected capacity change from 0 to 2048
[   43.039989][ T4629] loop2: detected capacity change from 0 to 32768
[   43.046024][ T4629] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz.2.61 (4629)
[   43.369493][ T4629] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[   43.372239][ T4629] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[   43.373729][ T4629] BTRFS info (device loop2): force clearing of disk cache
[   43.374765][ T4629] BTRFS info (device loop2): setting nodatasum
[   43.375665][ T4629] BTRFS info (device loop2): allowing degraded mounts
[   43.376637][ T4629] BTRFS info (device loop2): enabling disk space caching
[   43.377639][ T4629] BTRFS info (device loop2): disk space caching is enabled
[   43.386641][ T4637] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   43.491408][ T4650] netlink: 24 bytes leftover after parsing attributes in process `syz.3.65'.
[   43.843576][ T4659] netlink: 4 bytes leftover after parsing attributes in process `syz.1.67'.
[   43.845238][ T4659] device bridge_slave_1 left promiscuous mode
[   43.846402][ T4659] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.918876][ T4629] BTRFS info (device loop2): enabling ssd optimizations
[   44.449311][ T4629] BTRFS info (device loop2): rebuilding free space tree
[   44.767537][ T4629] BTRFS info (device loop2): disabling free space tree
[   44.772125][ T4629] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   44.775115][ T4629] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   46.359346][    C1] sched: RT throttling activated
[   46.374009][ T4685] loop0: detected capacity change from 0 to 16
[   46.377818][ T4685] erofs: (device loop0): z_erofs_load_lz4_config: too large lz4 pclusterblks 16832
[   46.378669][ T4659] device bridge_slave_0 left promiscuous mode
[   46.672111][ T4659] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.726158][ T4323] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[   47.722907][ T4713] infiniband syz1: set active
[   47.724242][ T4713] infiniband syz1: added syz_tun
[   47.740948][ T4713] RDS/IB: syz1: added
[   47.742407][ T4713] smc: adding ib device syz1 with port count 1
[   47.746034][ T4713] smc:    ib device syz1 port 1 has pnetid 
[   48.119316][ T4721] loop4: detected capacity change from 0 to 16
[   48.163199][ T4721] erofs: (device loop4): mounted with root inode @ nid 36.
[   49.033794][ T4732] netlink: 'syz.4.81': attribute type 4 has an invalid length.
[   49.051370][ T4737] Illegal XDP return value 65535 on prog  (id 14) dev N/A, expect packet loss!
[   49.076192][ T4732] netlink: 'syz.4.81': attribute type 4 has an invalid length.
[   49.129176][ T4715] infiniband syz1: set down
[   49.192180][   T11] smc: removing ib device syz1
[   49.208272][ T4413] infiniband syz1: ib_query_port failed (-19)
[   49.305550][ T4739] loop4: detected capacity change from 0 to 32768
[   49.319225][ T4739] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.82 (4739)
[   49.332537][ T4739] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   49.334226][ T4739] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm
[   49.335685][ T4739] BTRFS info (device loop4): max_inline at 0
[   49.339218][ T4739] BTRFS info (device loop4): turning on flush-on-commit
[   49.341101][ T4739] BTRFS info (device loop4): using free space tree
[   49.687866][ T4739] BTRFS info (device loop4): enabling ssd optimizations
[   49.833697][ T4771] loop0: detected capacity change from 0 to 256
[   49.837739][ T4771] =======================================================
[   49.837739][ T4771] WARNING: The mand mount option has been deprecated and
[   49.837739][ T4771]          and is ignored by this kernel. Remove the mand
[   49.837739][ T4771]          option from the mount to silence this warning.
[   49.837739][ T4771] =======================================================
[   49.882688][ T4771] FAT-fs (loop0): Directory bread(block 64) failed
[   49.883985][ T4771] FAT-fs (loop0): Directory bread(block 65) failed
[   49.885221][ T4771] FAT-fs (loop0): Directory bread(block 66) failed
[   49.886409][ T4771] FAT-fs (loop0): Directory bread(block 67) failed
[   49.887679][ T4771] FAT-fs (loop0): Directory bread(block 68) failed
[   49.888849][ T4771] FAT-fs (loop0): Directory bread(block 69) failed
[   49.890204][ T4771] FAT-fs (loop0): Directory bread(block 70) failed
[   49.891412][ T4771] FAT-fs (loop0): Directory bread(block 71) failed
[   49.892634][ T4771] FAT-fs (loop0): Directory bread(block 72) failed
[   49.893807][ T4771] FAT-fs (loop0): Directory bread(block 73) failed
[   49.989855][ T4771] wg1 speed is unknown, defaulting to 1000
[   49.991038][ T4771] wg1 speed is unknown, defaulting to 1000
[   49.994334][ T4771] wg1 speed is unknown, defaulting to 1000
[   49.999423][ T4771] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   50.008505][ T4771] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   50.032902][ T4771] wg1 speed is unknown, defaulting to 1000
[   50.036101][ T4771] wg1 speed is unknown, defaulting to 1000
[   50.038529][ T4771] wg1 speed is unknown, defaulting to 1000
[   50.040932][ T4771] wg1 speed is unknown, defaulting to 1000
[   50.043655][ T4771] wg1 speed is unknown, defaulting to 1000
[   50.698518][ T4324] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   50.980282][ T4766] loop2: detected capacity change from 0 to 1024
[   51.001127][ T4766] hfsplus: failed to load extents file
[   51.261251][ T4781] loop3: detected capacity change from 0 to 4096
[   51.578352][ T4781] NILFS (loop3): invalid segment: Checksum error in segment payload
[   51.585304][ T4781] NILFS (loop3): trying rollback from an earlier position
[   51.617363][ T4781] NILFS (loop3): recovery complete
[   51.628958][ T4786] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   52.476057][ T4806] netlink: 'syz.3.96': attribute type 1 has an invalid length.
[   52.801145][ T4808] netlink: 24 bytes leftover after parsing attributes in process `syz.0.97'.
[   52.899218][ T4819] netlink: 4 bytes leftover after parsing attributes in process `syz.1.102'.
[   54.249974][ T4842] capability: warning: `syz.0.107' uses 32-bit capabilities (legacy support in use)
[   54.302683][ T4846] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   54.304727][ T4846] batman_adv: batadv0: Interface deactivated: dummy0
[   54.305985][ T4846] batman_adv: batadv0: Removing interface: dummy0
[   54.307647][ T4846] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready
[   54.310856][ T4846] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   54.312266][ T4846] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   54.314549][ T4846] device bridge_slave_0 left promiscuous mode
[   54.315676][ T4846] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.340489][ T4846] device bridge_slave_1 left promiscuous mode
[   54.341740][ T4846] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.383444][ T4846] bond0: (slave bond_slave_0): Releasing backup interface
[   54.423428][ T4846] bond0: (slave bond_slave_1): Releasing backup interface
[   54.488380][ T4846] team0: Failed to send options change via netlink (err -105)
[   54.490407][ T4846] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[   54.492409][ T4846] team0: Port device team_slave_0 removed
[   54.502467][ T4846] team0: Failed to send options change via netlink (err -105)
[   54.504306][ T4846] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[   54.506472][ T4846] team0: Port device team_slave_1 removed
[   54.507882][ T4846] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   54.509146][ T4846] batman_adv: batadv0: Removing interface: batadv_slave_0
[   54.512140][ T4846] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   54.513640][ T4846] batman_adv: batadv0: Removing interface: batadv_slave_1
[   54.533761][ T4849] team0: Failed to send options change via netlink (err -105)
[   54.536704][ T4849] team0: Mode changed to "loadbalance"
[   54.576174][ T4853] loop3: detected capacity change from 0 to 128
[   54.578995][ T4853] FAT-fs (loop3): Unrecognized mount option "" or missing value
[   54.591959][ T4853] binder: 4852:4853 tried to acquire reference to desc 0, got 1 instead
[   54.593731][ T4853] binder: 4852:4853 got transaction to invalid handle, 2
[   54.595128][ T4853] binder: 4853:4852 cannot find target node
[   54.595975][ T4853] binder: 4852:4853 transaction async to 0:0 failed 5/29201/-22, size 0-0 line 3045
[   54.598354][   T24] binder: undelivered TRANSACTION_ERROR: 29201
[   56.047666][ T4857] loop3: detected capacity change from 0 to 32768
[   56.102046][ T4857] XFS (loop3): Mounting V5 Filesystem
[   56.404967][ T4857] XFS (loop3): Ending clean mount
[   56.412699][ T4857] XFS (loop3): Quotacheck needed: Please wait.
[   56.464701][ T4857] XFS (loop3): Quotacheck: Done.
[   56.557732][ T4321] XFS (loop3): Unmounting Filesystem
[   56.569936][ T4886] netlink: 'syz.2.118': attribute type 10 has an invalid length.
[   56.579231][ T4886] netlink: 40 bytes leftover after parsing attributes in process `syz.2.118'.
[   56.593481][ T4886] batman_adv: batadv0: Adding interface: virt_wifi0
[   56.602218][ T4886] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.644688][ T4886] batman_adv: batadv0: Interface activated: virt_wifi0
[   57.238818][ T4911] netlink: 4 bytes leftover after parsing attributes in process `syz.3.127'.
[   57.241142][ T4911] team1 (uninitialized): Failed to send options change via netlink (err -105)
[   57.246392][ T4911] device team1 entered promiscuous mode
[   57.289624][ T4704] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   57.494593][ T4704] usb 1-1: Using ep0 maxpacket: 32
[   57.505314][ T4704] usb 1-1: config 0 has no interfaces?
[   57.506445][ T4704] usb 1-1: New USB device found, idVendor=0408, idProduct=4030, bcdDevice=5c.8a
[   57.507900][ T4704] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   57.520309][ T4704] usb 1-1: config 0 descriptor??
[   57.575148][ T4929] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   57.577228][ T4929] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   57.586561][ T4929] netlink: 64 bytes leftover after parsing attributes in process `syz.1.135'.
[   58.351689][ T4939] binder: 4938:4939 tried to acquire reference to desc 0, got 1 instead
[   58.354090][ T4939] binder: 4938:4939 got transaction with invalid data ptr
[   58.355362][ T4939] binder: 4938:4939 transaction call to 4938:0 failed 10/29201/-14, size 12288-0 line 3565
[   58.686227][ T4939] syz.4.137 (4939): drop_caches: 2
[   58.717621][ T4700] binder: undelivered TRANSACTION_ERROR: 29201
[   59.382661][ T4955] loop1: detected capacity change from 0 to 512
[   59.386652][ T4955] FAT-fs (loop1): bogus number of FAT sectors
[   59.387864][ T4955] FAT-fs (loop1): Can't find a valid FAT filesystem
[   60.104000][ T4961] loop4: detected capacity change from 0 to 128
[   60.171060][ T4700] usb 1-1: USB disconnect, device number 2
[   60.864328][ T4992] device vlan2 entered promiscuous mode
[   61.242738][ T5001] process 'syz.4.158' launched './file1' with NULL argv: empty string added
[   61.693665][ T5011] device syzkaller0 entered promiscuous mode
[   61.743344][ T5015] netlink: 12 bytes leftover after parsing attributes in process `syz.4.163'.
[   61.835022][ T5015] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[   61.933734][ T5017] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface
[   61.984998][ T5017] bond1 (unregistering): Released all slaves
[   61.994791][ T5019] netlink: 'syz.1.164': attribute type 10 has an invalid length.
[   62.012447][ T5019] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.017112][ T5019] team0: Failed to send port change of device bond0 via netlink (err -105)
[   62.019568][ T5019] team0: Failed to send options change via netlink (err -105)
[   62.023022][ T5019] team0: Port device bond0 added
[   62.092354][ T5027] netlink: 'syz.1.168': attribute type 10 has an invalid length.
[   62.093515][ T5027] netlink: 40 bytes leftover after parsing attributes in process `syz.1.168'.
[   62.112329][ T5028] loop3: detected capacity change from 0 to 16
[   62.126402][ T5028] erofs: (device loop3): erofs_fc_fill_super: rootino(nid 36) is not a directory(i_mode 125300)
[   62.173628][ T5027] team0: Port device geneve0 added
[   62.303486][ T5040] loop4: detected capacity change from 0 to 16
[   62.306544][ T5040] erofs: Unknown parameter '0000000000000000000018446744073709551615ÿÿ'
[   62.419153][ T5041] net_ratelimit: 10 callbacks suppressed
[   62.419178][ T5041] netlink: set zone limit has 8 unknown bytes
[   62.970981][ T5048] netlink: 24 bytes leftover after parsing attributes in process `syz.3.174'.
[   63.445660][ T5054] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   63.451788][ T5054] tipc: Resetting bearer <eth:team0>
[   63.454910][ T5054] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   63.456858][ T5054] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   63.465739][ T5055] netlink: 4 bytes leftover after parsing attributes in process `syz.4.176'.
[   64.412201][ T5054] device bond_slave_1 entered promiscuous mode
[   64.500944][ T2061] ieee802154 phy0 wpan0: encryption failed: -22
[   64.505870][ T2061] ieee802154 phy1 wpan1: encryption failed: -22
[   64.744585][ T3431] cfg80211: failed to load regulatory.db
[   64.753894][ T5054] device bond_slave_1 left promiscuous mode
[   64.814770][ T5069] device syzkaller0 entered promiscuous mode
[   64.820812][ T5079] netlink: 24 bytes leftover after parsing attributes in process `syz.4.182'.
[   64.825972][ T5084] netlink: 'syz.2.183': attribute type 1 has an invalid length.
[   64.897530][ T5087] bond1: (slave veth3): Enslaving as an active interface with a down link
[   64.912302][ T5082] netlink: 4 bytes leftover after parsing attributes in process `syz.4.182'.
[   64.914571][ T5084] netlink: 4 bytes leftover after parsing attributes in process `syz.2.183'.
[   64.918226][ T5084] bond1 (unregistering): (slave veth3): Releasing active interface
[   64.952310][ T5091] loop4: detected capacity change from 0 to 2048
[   64.972156][ T5084] bond1 (unregistering): Released all slaves
[   64.999937][ T5091]  loop4: p1 p3 p4
[   65.303012][ T5091] loop4: p4 size 589824 extends beyond EOD, truncated
[   65.308705][ T5098] device bridge0 entered promiscuous mode
[   65.311656][ T5098] batman_adv: batadv0: Adding interface: macsec1
[   65.312769][ T5098] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.317265][ T5098] batman_adv: batadv0: Interface activated: macsec1
[   65.979988][ T5108] xt_CT: You must specify a L4 protocol and not use inversions on it
[   67.279694][ T5112] Injecting memory failure for pfn 0x13e678 at process virtual address 0x20ffd000
[   67.282742][ T5112] Memory failure: 0x13e678: recovery action for clean LRU page: Recovered
[   67.284089][ T5112] Injecting memory failure for pfn 0x1412bc at process virtual address 0x20ffe000
[   67.285639][ T5112] Memory failure: 0x1412bc: recovery action for clean LRU page: Recovered
[   67.287940][ T5112] Injecting memory failure for pfn 0x141c8f at process virtual address 0x20fff000
[   67.291800][ T5112] Memory failure: 0x141c8f: recovery action for clean LRU page: Recovered
[   67.315686][ T4327] udevd[4327]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[   67.319911][ T4314] udevd[4314]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[   67.358145][ T4641] udevd[4641]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[   67.376331][ T5102] loop4: detected capacity change from 0 to 32768
[   67.383915][ T5102] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.189 (5102)
[   67.394391][ T4312] udevd[4312]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[   67.399201][ T5102] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   67.402863][ T4641] udevd[4641]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[   67.407834][ T4314] udevd[4314]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[   67.412860][ T5102] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm
[   67.416357][ T5102] BTRFS info (device loop4): force clearing of disk cache
[   67.418067][ T5102] BTRFS warning (device loop4): the 'inode_cache' option is deprecated and has no effect since 5.11
[   67.425260][ T5102] BTRFS info (device loop4): force zlib compression, level 3
[   67.426108][ T5130] netlink: 'syz.1.196': attribute type 3 has an invalid length.
[   67.426579][ T5102] BTRFS info (device loop4): enabling auto defrag
[   67.428449][ T5130] netlink: 'syz.1.196': attribute type 3 has an invalid length.
[   67.434050][ T5102] BTRFS warning (device loop4): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[   67.439974][ T5102] BTRFS info (device loop4): trying to use backup root at mount time
[   67.442455][ T5102] BTRFS info (device loop4): enabling disk space caching
[   67.446870][ T5102] BTRFS info (device loop4): disk space caching is enabled
[   67.461117][ T5132] netlink: 12 bytes leftover after parsing attributes in process `syz.2.197'.
[   67.485362][ T5132] device veth5 entered promiscuous mode
[   67.488500][ T5132] bridge1: port 1(veth5) entered blocking state
[   67.492626][ T5132] bridge1: port 1(veth5) entered disabled state
[   67.495841][ T5132] bridge1: port 1(veth5) entered blocking state
[   67.496959][ T5132] bridge1: port 1(veth5) entered forwarding state
[   67.505634][   T11] bridge1: port 1(veth5) entered disabled state
[   67.597328][ T5132] device veth7 entered promiscuous mode
[   67.599124][ T5132] bridge1: port 2(veth7) entered blocking state
[   67.601053][ T5132] bridge1: port 2(veth7) entered disabled state
[   67.603048][ T5132] bridge1: port 2(veth7) entered blocking state
[   67.604057][ T5132] bridge1: port 2(veth7) entered forwarding state
[   67.606281][ T4772] bridge1: port 2(veth7) entered disabled state
[   67.955734][ T5102] BTRFS info (device loop4): enabling ssd optimizations
[   67.957452][ T5102] BTRFS info (device loop4): rebuilding free space tree
[   67.966963][ T5159] netlink: 24 bytes leftover after parsing attributes in process `syz.2.200'.
[   67.972812][ T5102] BTRFS info (device loop4): disabling free space tree
[   67.975175][ T5102] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   67.976678][ T5102] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   68.022030][ T4772] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared)
[   68.089486][ T4324] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   68.646725][ T5170] mmap: syz.3.203 (5170) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   70.392684][   T27] audit: type=1326 audit(70.380:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5180 comm="syz.2.207" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa475b9e8 code=0x0
[   70.926119][ T5225] loop1: detected capacity change from 0 to 128
[   71.035492][ T5225] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   71.501059][ T4322] EXT4-fs (loop1): unmounting filesystem.
[   72.415700][ T5251] loop3: detected capacity change from 0 to 2048
[   73.361871][ T4334] Bluetooth: hci0: command 0x0401 tx timeout
[   73.632724][ T5251] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   74.775868][ T5285] device vlan2 entered promiscuous mode
[   74.787902][ T5285] netlink: 4 bytes leftover after parsing attributes in process `syz.0.233'.
[   75.187347][ T5298] loop3: detected capacity change from 0 to 128
[   75.193422][ T5298] befs: (loop3): invalid magic header
[   75.194129][ T5299] loop1: detected capacity change from 0 to 16
[   75.197988][ T5299] erofs: (device loop1): mounted with root inode @ nid 36.
[   75.255075][ T5300] netlink: 168 bytes leftover after parsing attributes in process `syz.4.236'.
[   75.477856][ T4314] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   76.642851][ T5321] netlink: 12 bytes leftover after parsing attributes in process `syz.1.245'.
[   76.660818][ T5321] device gre1 entered promiscuous mode
[   76.662111][ T5321] bond1: (slave gre1): The slave device specified does not support setting the MAC address
[   76.664376][ T5321] bond1: (slave gre1): Error -95 calling set_mac_address
[   77.725483][ T5329] device macvlan2 entered promiscuous mode
[   77.726570][ T5329] bond1: (slave macvlan2): Error -99 calling set_mac_address
[   77.733875][ T5333] binder: 5330:5333 unknown command 0
[   77.734687][ T5333] binder: 5330:5333 ioctl c0306201 20000080 returned -22
[   77.764286][ T5333] binder: 5330:5333 tried to acquire reference to desc 0, got 1 instead
[   77.772223][ T5333] binder: 5330:5333 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[   77.777410][ T5333] binder: 5333 RLIMIT_NICE not set
[   77.789285][ T5333] binder: 5333 RLIMIT_NICE not set
[   77.791880][ T5333] binder: send failed reply for transaction 15 to 5330:5333
[   77.794681][ T5333] binder: 5330:5333 transaction 15 fd fixups failed 29201/-12, line 4666
[   77.798319][ T5333] binder: 5330:5333 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[   77.803049][ T5333] binder: 5333 RLIMIT_NICE not set
[   77.803864][ T5333] binder: 5330:5333 ioctl c0306201 20000300 returned -11
[   77.812014][ T4562] binder: undelivered TRANSACTION_COMPLETE
[   77.812983][ T4562] binder: undelivered TRANSACTION_ERROR: 29201
[   77.817593][ T5337] loop4: detected capacity change from 0 to 128
[   77.844020][ T5337] befs: (loop4): invalid magic header
[   78.466743][ T5349] device syzkaller0 entered promiscuous mode
[   78.928484][ T5357] loop1: detected capacity change from 0 to 512
[   78.961515][ T5357] EXT2-fs (loop1): error: revision level too high, forcing read-only mode
[   78.967153][ T5357] EXT2-fs (loop1): 0.5b, 95/08/09, bs=4096, gc=1, bpg=32768, ipg=32, mo=a00a8]
[   79.543686][   T27] audit: type=1326 audit(79.510:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5359 comm="syz.2.258" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffa475b9e8 code=0x0
[   80.122491][ T5377] loop2: detected capacity change from 0 to 7
[   80.393240][ T4314]  loop2:
[   80.393976][ T4314] loop2: partition table partially beyond EOD, truncated
[   80.429226][ T5377]  loop2:
[   80.435115][ T5377] loop2: partition table partially beyond EOD, truncated
[   80.462017][ T5386] netlink: 4 bytes leftover after parsing attributes in process `syz.0.267'.
[   80.464643][ T5386] netlink: 12 bytes leftover after parsing attributes in process `syz.0.267'.
[   80.550663][ T5385] tipc: Started in network mode
[   80.551530][ T5385] tipc: Node identity 4, cluster identity 4711
[   80.552406][ T5385] tipc: Node number set to 4
[   82.316863][ T5403] netlink: 'syz.0.272': attribute type 1 has an invalid length.
[   82.333521][ T5403] device bond1 entered promiscuous mode
[   82.334671][ T5403] 8021q: adding VLAN 0 to HW filter on device bond1
[   82.356743][ T5403] netlink: 28 bytes leftover after parsing attributes in process `syz.0.272'.
[   83.153800][ T5410] bond1: (slave bridge2): making interface the new active one
[   83.155018][ T5410] device bridge2 entered promiscuous mode
[   83.157618][ T5410] bond1: (slave bridge2): Enslaving as an active interface with an up link
[   83.165824][ T4578] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[   83.610656][ T5425] loop2: detected capacity change from 0 to 1024
[   83.922193][ T5422] netlink: 12 bytes leftover after parsing attributes in process `syz.0.278'.
[   83.932672][ T5426] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[   83.934267][ T5426] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[   83.935678][ T5426] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[   83.937034][ T5426] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[   83.939072][ T5426] bond2: (slave geneve2): Enslaving as an active interface with an up link
[   83.944749][ T5422] netlink: 4 bytes leftover after parsing attributes in process `syz.0.278'.
[   83.948179][ T5422] bond2 (unregistering): (slave geneve2): Releasing backup interface
[   83.991361][ T5422] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[   83.993006][ T5422] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[   83.994467][ T5422] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[   83.995776][ T5422] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[   84.951794][ T5422] bond2 (unregistering): Released all slaves
[   85.061058][ T4435] hfsplus: b-tree write err: -5, ino 4
[   88.107801][ T5483] loop4: detected capacity change from 0 to 4096
[   88.292766][ T4314] I/O error, dev loop4, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   89.137865][ T5490] loop2: detected capacity change from 0 to 32768
[   89.521332][ T4375] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   89.545948][ T5490] ERROR: (device loop2): diNewExt: no free extents
[   89.545948][ T5490] 
[   89.552307][ T5490] ERROR: (device loop2): remounting filesystem as read-only
[   89.553881][ T5490] ialloc: diAlloc returned -5!
[   89.559994][ T5509] netlink: 4 bytes leftover after parsing attributes in process `syz.1.302'.
[   89.562578][ T5509] netlink: 12 bytes leftover after parsing attributes in process `syz.1.302'.
[   89.699888][ T4375] usb 1-1: device descriptor read/64, error -71
[   90.077728][ T5514] sctp: [Deprecated]: syz.4.304 (pid 5514) Use of struct sctp_assoc_value in delayed_ack socket option.
[   90.077728][ T5514] Use struct sctp_sack_info instead
[   90.109657][ T4375] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   90.129208][ T5516] 8021q: adding VLAN 0 to HW filter on device bond2
[   90.131800][ T5519] loop3: detected capacity change from 0 to 512
[   90.154973][ T5519] EXT2-fs (loop3): warning: mounting ext3 filesystem as ext2
[   90.180543][ T5516] device veth0 entered promiscuous mode
[   90.182304][ T5516] bond2: (slave macvlan2): making interface the new active one
[   90.183815][ T5516] bond2: (slave macvlan2): Enslaving as an active interface with an up link
[   90.186158][ T5202] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[   90.237117][ T5527] bridge0: the hash_elasticity option has been deprecated and is always 16
[   90.238939][ T5527] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.240210][ T5527] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.259451][ T4375] usb 1-1: device descriptor read/64, error -71
[   90.808212][ T4375] usb usb1-port1: attempt power cycle
[   91.107609][ T5538] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   91.109181][ T5538] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   91.112272][ T5538] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   91.113549][ T5538] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   91.176236][ T5538] bond0: (slave vxlan0): Enslaving as an active interface with an up link
[   91.184400][ T5540] netlink: 12 bytes leftover after parsing attributes in process `syz.2.314'.
[   91.567894][   T27] audit: type=1326 audit(91.280:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5541 comm="syz.1.315" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb735b9e8 code=0x0
[   91.568445][ T5547] device gre1 entered promiscuous mode
[   91.574929][ T5547] bond1: (slave gre1): The slave device specified does not support setting the MAC address
[   91.577191][ T5547] bond1: (slave gre1): Error -95 calling set_mac_address
[   91.585229][ T5552] netlink: 4 bytes leftover after parsing attributes in process `syz.4.317'.
[   91.587064][ T5554] netlink: 12 bytes leftover after parsing attributes in process `syz.4.317'.
[   91.595530][ T5540] device macvlan2 entered promiscuous mode
[   91.596798][ T5540] bond1: (slave macvlan2): Error -99 calling set_mac_address
[   92.106050][ T5563] netlink: 12 bytes leftover after parsing attributes in process `syz.3.320'.
[   92.122926][ T5563] 8021q: adding VLAN 0 to HW filter on device bond1
[   92.827526][ T5563] bond1: (slave erspan0): Enslaving as an active interface with an up link
[   92.829112][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[   92.852855][ T5577] binder: 5576:5577 tried to acquire reference to desc 0, got 1 instead
[   92.855380][ T5577] binder: 5576:5577 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[   92.857517][ T5577] binder: 5577 RLIMIT_NICE not set
[   92.858309][ T5577] binder: 5577 RLIMIT_NICE not set
[   92.859763][ T5577] binder: 5577 RLIMIT_NICE not set
[   92.860746][ T5577] binder: 5576:5577 got transaction with invalid parent offset or type
[   92.862172][ T5577] binder: 5577:5576 failed to fixup parent
[   92.863280][ T5577] binder: 5576:5577 transaction reply to 5576:5577 failed 21/29201/-22, size 104-24 line 3540
[   92.868679][ T5577] binder: send failed reply for transaction 20 to 5576:5577
[   92.884710][ T4375] binder: undelivered TRANSACTION_ERROR: 29190
[   92.887849][ T4375] binder: undelivered TRANSACTION_COMPLETE
[   92.899438][ T4375] binder: undelivered TRANSACTION_ERROR: 29201
[   94.703444][ T5601] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   94.705133][ T5601] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   94.799306][ T5605] netlink: 'syz.2.329': attribute type 5 has an invalid length.
[   94.809721][ T5605] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   94.811148][ T5605] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   94.812548][ T5605] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   94.814090][ T5605] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   94.816322][ T5605] batman_adv: batadv0: Adding interface: vxlan0
[   94.817193][ T5605] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.832474][ T5605] batman_adv: batadv0: Interface activated: vxlan0
[   95.841489][   T27] audit: type=1326 audit(95.080:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5606 comm="syz.3.330" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9355b9e8 code=0x0
[   95.862328][ T5617] netlink: 12 bytes leftover after parsing attributes in process `syz.3.333'.
[   96.258666][ T5622] device gre1 entered promiscuous mode
[   96.262300][ T5622] bond2: (slave gre1): The slave device specified does not support setting the MAC address
[   96.264673][ T5622] bond2: (slave gre1): Error -95 calling set_mac_address
[   96.273550][ T5617] device macvlan2 entered promiscuous mode
[   96.274623][ T5617] bond2: (slave macvlan2): Error -99 calling set_mac_address
[   96.280319][ T5629] netlink: 24 bytes leftover after parsing attributes in process `syz.0.336'.
[   97.294899][ T5646] binder: 5644:5646 tried to acquire reference to desc 0, got 1 instead
[   97.316729][ T5646] binder: 5644:5646 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 30)
[   97.318745][ T5646] binder: 5646 RLIMIT_NICE not set
[   97.331478][ T5646] binder: 5646 RLIMIT_NICE not set
[   97.915465][ T5646] binder: send failed reply for transaction 26 to 5644:5646
[   97.944572][ T5646] binder: 5644:5646 ioctl c0306201 20000180 returned -14
[   98.185057][ T5662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   98.186591][ T5662] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   98.240975][ T5648] loop0: detected capacity change from 0 to 1764
[   98.260388][ T4375] binder: undelivered TRANSACTION_COMPLETE
[   98.261358][ T4375] binder: undelivered TRANSACTION_ERROR: 29201
[   98.851722][ T4314] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   99.171341][ T5672] netlink: 24 bytes leftover after parsing attributes in process `syz.1.349'.
[   99.251986][ T5672] netlink: 28 bytes leftover after parsing attributes in process `syz.1.349'.
[   99.914177][ T5684] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   99.926956][ T5684] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   99.957462][ T5688] device syzkaller0 entered promiscuous mode
[  101.371898][ T4332] Bluetooth: hci1: Malformed Event: 0x48
[  101.418268][ T5718] loop4: detected capacity change from 0 to 8
[  102.138539][ T5734] loop0: detected capacity change from 0 to 128
[  102.213053][ T5734] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; going on - but anything won't be destroyed because it's read-only
[  102.216615][ T5734] hpfs: filesystem error: improperly stopped
[  102.217576][ T5734] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  102.218837][ T5734] hpfs: Proceeding, but your filesystem could be corrupted if you delete files or directories
[  102.220525][ T5734] hpfs: filesystem error: sector(s) 'dir_band' badly placed at 7b318cc2
[  105.604819][ T5762] loop3: detected capacity change from 0 to 164
[  105.641973][ T4314] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  114.143019][ T5726] team0: Port device vlan2 added
[  114.144151][ T5727] netlink: 'syz.4.365': attribute type 10 has an invalid length.
[  114.167907][ T5727] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  114.321670][ T5777] loop4: detected capacity change from 0 to 128
[  114.766676][ T5777] syz.4.378: attempt to access beyond end of device
[  114.766676][ T5777] loop4: rw=1, sector=145, nr_sectors = 896 limit=128
[  114.943317][ T5774] netlink: 4 bytes leftover after parsing attributes in process `syz.0.380'.
[  114.975870][ T5779] netlink: 4 bytes leftover after parsing attributes in process `syz.0.380'.
[  115.112527][ T5787] loop2: detected capacity change from 0 to 256
[  115.135618][ T5787] exFAT-fs (loop2): bogus data start sector
[  115.137873][ T5787] exFAT-fs (loop2): failed to read boot sector
[  115.656822][ T5787] exFAT-fs (loop2): failed to recognize exfat type
[  117.809764][ T5833] loop4: detected capacity change from 0 to 1024
[  117.993659][ T5835] loop1: detected capacity change from 0 to 4096
[  118.963380][ T5844] 8021q: adding VLAN 0 to HW filter on device bond3
[  118.965305][ T5844] team0: Failed to send options change via netlink (err -105)
[  118.966563][ T5844] team0: Port device bond3 added
[  118.970374][ T4540] team0: Failed to send port change of device bond3 via netlink (err -105)
[  119.282998][ T5854] netlink: 4 bytes leftover after parsing attributes in process `syz.2.401'.
[  119.339486][ T5858] loop4: detected capacity change from 0 to 512
[  119.345294][ T5858] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  119.347957][ T5858] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  119.362333][ T5859] netlink: 'syz.2.401': attribute type 10 has an invalid length.
[  119.372881][ T5859] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  119.378396][ T5858] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.403: inode has both inline data and extents flags
[  119.382158][ T5858] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.403: couldn't read orphan inode 15 (err -117)
[  119.386471][ T5858] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  119.416385][ T5858] netlink: 8 bytes leftover after parsing attributes in process `syz.4.403'.
[  119.418864][ T5858] netlink: 'syz.4.403': attribute type 30 has an invalid length.
[  119.424624][ T5858] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  119.426140][ T5858] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  119.427616][ T5858] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  119.428987][ T5858] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  119.435021][ T5858] netlink: 8 bytes leftover after parsing attributes in process `syz.4.403'.
[  119.436435][ T5858] netlink: 'syz.4.403': attribute type 30 has an invalid length.
[  119.459288][ T4324] EXT4-fs (loop4): unmounting filesystem.
[  119.546712][ T5867] 8021q: adding VLAN 0 to HW filter on device bond0
[  119.549233][ T5867] team0: Port device bond0 added
[  119.573767][ T5867] team0: Failed to send port change of device bond0 via netlink (err -105)
[  119.582198][ T5867] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[  119.592959][ T5867] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[  119.602706][ T5867] team0: Failed to send port change of device vlan2 via netlink (err -105)
[  120.762575][ T5887] loop4: detected capacity change from 0 to 1024
[  120.764278][ T5887] hfsplus: unable to parse mount options
[  121.126484][ T5903] loop0: detected capacity change from 0 to 512
[  121.137458][ T5903] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  121.142968][ T5903] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  121.157688][ T5903] EXT4-fs error (device loop0): ext4_orphan_get:1400: inode #15: comm syz.0.418: inode has both inline data and extents flags
[  121.161964][ T5903] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.418: couldn't read orphan inode 15 (err -117)
[  121.187410][ T5903] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  121.262032][ T5906] loop1: detected capacity change from 0 to 512
[  121.263429][ T5906] EXT4-fs: Ignoring removed orlov option
[  121.274182][ T5903] netlink: 8 bytes leftover after parsing attributes in process `syz.0.418'.
[  121.279809][ T5906] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  121.281459][ T5903] netlink: 'syz.0.418': attribute type 30 has an invalid length.
[  121.288546][ T5903] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  121.290225][ T5903] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  121.291565][ T5903] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  121.293047][ T5903] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  121.310689][ T5903] netlink: 8 bytes leftover after parsing attributes in process `syz.0.418'.
[  121.312091][ T5903] netlink: 'syz.0.418': attribute type 30 has an invalid length.
[  121.323284][ T5906] EXT4-fs (loop1): orphan cleanup on readonly fs
[  121.330874][ T5906] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.419: bg 0: block 248: padding at end of block bitmap is not set
[  121.355423][ T5906] Quota error (device loop1): write_blk: dquota write failed
[  121.356697][ T5906] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  121.358084][ T5906] EXT4-fs error (device loop1): ext4_acquire_dquot:6809: comm syz.1.419: Failed to acquire dquot type 1
[  121.670035][ T5906] EXT4-fs (loop1): 1 truncate cleaned up
[  121.679259][ T5906] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  121.692211][ T4320] EXT4-fs (loop0): unmounting filesystem.
[  121.753275][ T5919] 8021q: adding VLAN 0 to HW filter on device bond0
[  121.755095][ T5919] team0: Failed to send options change via netlink (err -105)
[  121.756274][ T5919] team0: Port device bond0 added
[  121.764066][   T27] audit: type=1326 audit(121.740:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5905 comm="syz.1.419" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb735b9e8 code=0x0
[  121.811326][ T5919] team0: Failed to send port change of device bond0 via netlink (err -105)
[  122.236399][ T5929] netlink: 8 bytes leftover after parsing attributes in process `syz.3.426'.
[  122.240556][ T5929] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  122.243340][ T5931] binder: 5930:5931 tried to acquire reference to desc 0, got 1 instead
[  122.245149][ T5931] binder: 5930:5931 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  122.247403][ T5931] binder: 5931 RLIMIT_NICE not set
[  122.248189][ T5931] binder: 5931 RLIMIT_NICE not set
[  122.251959][ T4390] binder: release 5930:5931 transaction 31 out, still active
[  122.253305][ T4390] binder: undelivered TRANSACTION_COMPLETE
[  122.259311][ T4436] binder: release 5930:5931 transaction 31 in, still active
[  122.260931][ T4436] binder: send failed reply for transaction 31, target dead
[  122.290266][ T5929] netlink: 1032 bytes leftover after parsing attributes in process `syz.3.426'.
[  122.296422][ T5933] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  122.298158][ T5933] device syzkaller0 entered promiscuous mode
[  122.366016][ T5936] tipc: Resetting bearer <eth:syzkaller0>
[  122.369806][ T5932] tipc: Resetting bearer <eth:syzkaller0>
[  122.412062][ T5932] tipc: Disabling bearer <eth:syzkaller0>
[  122.740430][ T4322] EXT4-fs (loop1): unmounting filesystem.
[  123.100617][ T4332] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  123.102620][ T4332] Bluetooth: hci3: Injecting HCI hardware error event
[  123.107177][ T4334] Bluetooth: hci3: hardware error 0x00
[  123.378516][ T5949] loop1: detected capacity change from 0 to 1024
[  123.380166][ T5949] hfsplus: unable to parse mount options
[  123.551671][ T5966] loop4: detected capacity change from 0 to 8192
[  123.803360][ T5966] FAT-fs (loop4): Unrecognized mount option "./file0" or missing value
[  125.450112][ T4334] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  126.032818][ T2061] ieee802154 phy0 wpan0: encryption failed: -22
[  126.035149][ T2061] ieee802154 phy1 wpan1: encryption failed: -22
[  126.209267][ T6013] loop2: detected capacity change from 0 to 1024
[  126.210786][ T6013] hfsplus: unable to parse mount options
[  126.225414][ T6016] netlink: 8 bytes leftover after parsing attributes in process `syz.0.453'.
[  126.708852][ T5780] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  127.055750][ T6027] team0: Failed to send port change of device geneve0 via netlink (err -105)
[  128.332486][ T6056] loop3: detected capacity change from 0 to 128
[  128.701316][ T6056] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; going on - but anything won't be destroyed because it's read-only
[  128.703746][ T6056] hpfs: filesystem error: improperly stopped
[  128.704618][ T6056] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  128.705744][ T6056] hpfs: Proceeding, but your filesystem could be corrupted if you delete files or directories
[  128.707144][ T6056] hpfs: filesystem error: sector(s) 'dir_band' badly placed at 7b318cc2
[  128.776709][ T6061] netlink: 'syz.0.464': attribute type 1 has an invalid length.
[  128.791569][ T6061] 8021q: adding VLAN 0 to HW filter on device bond2
[  128.807696][ T6061] device macvlan2 entered promiscuous mode
[  128.809965][ T6061] device bond2 entered promiscuous mode
[  128.811217][ T6061] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  129.122412][ T6061] device bond2 left promiscuous mode
[  130.104207][ T6067] bond2: (slave ip6gretap1): making interface the new active one
[  130.106147][ T6067] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link
[  130.107698][ T1772] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  131.825853][ T6110] loop0: detected capacity change from 0 to 8
[  131.950779][ T6110] SQUASHFS error: lzo decompression failed, data probably corrupt
[  131.952479][ T6110] SQUASHFS error: Failed to read block 0x62b: -5
[  131.953440][ T6110] SQUASHFS error: Unable to read metadata cache entry [629]
[  132.163157][ T6115] loop2: detected capacity change from 0 to 128
[  132.526056][ T6115] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; going on - but anything won't be destroyed because it's read-only
[  132.528439][ T6115] hpfs: filesystem error: improperly stopped
[  132.530381][ T6115] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  132.531540][ T6115] hpfs: Proceeding, but your filesystem could be corrupted if you delete files or directories
[  132.533080][ T6115] hpfs: filesystem error: sector(s) 'dir_band' badly placed at 7b318cc2
[  132.540891][ T6110] SQUASHFS error: Unable to read inode 0x11f
[  133.369096][ T6130] device wg1 entered promiscuous mode
[  133.642677][ T6135] netlink: 72 bytes leftover after parsing attributes in process `syz.4.484'.
[  134.038916][ T6146] netlink: 'syz.1.485': attribute type 1 has an invalid length.
[  134.065725][ T6146] 8021q: adding VLAN 0 to HW filter on device bond3
[  134.961641][ T6146] device macvlan3 entered promiscuous mode
[  134.963361][ T6146] device bond3 entered promiscuous mode
[  134.965256][ T6146] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  135.060141][ T6146] device bond3 left promiscuous mode
[  135.415884][ T6168] bond3: (slave ip6gretap1): making interface the new active one
[  135.424074][ T6168] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link
[  135.432652][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[  135.443523][ T6174] netlink: 'syz.2.494': attribute type 1 has an invalid length.
[  135.454667][ T6174] 8021q: adding VLAN 0 to HW filter on device bond2
[  135.520806][ T6174] bond2: (slave ip6gretap1): making interface the new active one
[  135.526943][ T6174] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link
[  135.543047][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[  135.678596][ T6183] wg1 speed is unknown, defaulting to 1000
[  135.819379][ T6187] netlink: 300 bytes leftover after parsing attributes in process `syz.0.497'.
[  135.879506][ T6187] wg1 speed is unknown, defaulting to 1000
[  136.788220][ T6183] loop3: detected capacity change from 0 to 32768
[  136.830736][ T6198] binder: BINDER_SET_CONTEXT_MGR already set
[  136.846755][ T6198] binder: 6193:6198 ioctl 4018620d 20000040 returned -16
[  136.848790][ T6198] binder: 6193:6198 got transaction to invalid handle, 1
[  136.850239][ T6198] binder: 6198:6193 cannot find target node
[  136.851184][ T6198] binder: 6193:6198 transaction async to 0:0 failed 34/29201/-22, size 0-0 line 3045
[  136.852846][ T6198] binder: 6193:6198 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  136.854748][ T6198] binder: 6198 RLIMIT_NICE not set
[  136.855522][ T6198] binder: 6193:6198 ioctl c0306201 20000300 returned -11
[  136.856714][ T6198] binder: 6193:6198 BC_FREE_BUFFER u0000000020ffd000 no match
[  136.858464][ T4436] binder: undelivered TRANSACTION_ERROR: 29201
[  136.859834][ T5780] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  137.875850][ T6208] sctp: [Deprecated]: syz.0.506 (pid 6208) Use of int in max_burst socket option.
[  137.875850][ T6208] Use struct sctp_assoc_value instead
[  137.890638][ T6212] binder: BINDER_SET_CONTEXT_MGR already set
[  137.891639][ T6212] binder: 6209:6212 ioctl 4018620d 20000040 returned -16
[  137.913726][ T6212] binder: tried to use weak ref as strong ref
[  137.914683][ T6212] binder: 6209:6212 Acquire 1 refcount change on invalid ref 0 ret -22
[  137.916122][ T6212] binder: 6209:6212 got transaction to invalid handle, 1
[  137.917261][ T6212] binder: 6212:6209 cannot find target node
[  137.918135][ T6212] binder: 6209:6212 transaction async to 0:0 failed 37/29201/-22, size 0-0 line 3045
[  137.921063][ T4436] binder: undelivered TRANSACTION_ERROR: 29201
[  138.007914][ T6218] netlink: 'syz.4.507': attribute type 1 has an invalid length.
[  138.281579][ T6218] 8021q: adding VLAN 0 to HW filter on device bond1
[  138.302241][ T6222] device macvlan2 entered promiscuous mode
[  138.316094][ T6222] device bond1 entered promiscuous mode
[  138.392125][ T6222] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  138.406254][ T6223] loop1: detected capacity change from 0 to 8192
[  138.425999][ T6223] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  138.428261][ T6223] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal
[  138.433981][ T6223] REISERFS (device loop1): using ordered data mode
[  138.435238][ T6223] reiserfs: using flush barriers
[  138.472097][ T6222] device bond1 left promiscuous mode
[  138.518586][ T6223] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  138.785407][ T6223] REISERFS (device loop1): checking transaction log (loop1)
[  138.820319][ T6223] REISERFS (device loop1): Using r5 hash to sort names
[  138.822533][ T6223] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  138.885539][ T6223] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "ÿÿ184467440737095516150xffffffffffffffff18446744073709551615±ñV?Œù³ßCp~'~8pٻ젌|ž^½Ö(
cŸoö—ÈêM ) Çÿÿÿÿÿÿÿÿÿ"
[  138.907796][ T6218] bond1: (slave ip6gretap2): making interface the new active one
[  138.910122][ T6218] bond1: (slave ip6gretap2): Enslaving as an active interface with an up link
[  138.922441][ T6232] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  140.384509][ T6254] loop4: detected capacity change from 0 to 8192
[  140.408434][ T6254] FAT-fs (loop4): Unrecognized mount option "./file0" or missing value
[  141.513008][ T6274] loop2: detected capacity change from 0 to 256
[  141.516723][ T6273] netlink: 'syz.4.523': attribute type 1 has an invalid length.
[  141.552886][ T6274] FAT-fs (loop2): bogus logical sector size 128
[  141.553963][ T6274] FAT-fs (loop2): Can't find a valid FAT filesystem
[  141.588457][ T5917] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  141.593991][ T6273] 8021q: adding VLAN 0 to HW filter on device bond2
[  141.876233][ T6274] loop2: detected capacity change from 0 to 1024
[  141.877867][ T6274] EXT4-fs: Ignoring removed nobh option
[  141.887415][ T6274] EXT4-fs: Ignoring removed bh option
[  141.900926][ T6274] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  141.955892][ T6274] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  142.524537][ T6291] loop4: detected capacity change from 0 to 4096
[  142.551490][ T4323] EXT4-fs (loop2): unmounting filesystem.
[  142.570705][ T6275] nfs: Unknown parameter 'ntext'
[  143.282240][ T4324] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22.
[  143.283419][ T4324] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  143.448653][ T6308] netlink: 8 bytes leftover after parsing attributes in process `syz.4.531'.
[  144.078603][ T6322] ERROR: device name not specified.
[  144.968072][ T6335] device syzkaller0 entered promiscuous mode
[  145.813769][ T6350] loop2: detected capacity change from 0 to 512
[  145.818888][ T6351] tipc: Failed to remove unknown binding: 66,1,1/0:35141986/35141988
[  145.827610][ T6350] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  145.836301][ T6350] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  145.838841][ T6351] tipc: Failed to remove unknown binding: 66,1,1/0:35141986/35141988
[  145.844122][ T6351] tipc: Failed to remove unknown binding: 66,1,1/0:35141986/35141988
[  145.881380][ T6350] EXT4-fs (loop2): 1 orphan inode deleted
[  145.882447][ T6350] EXT4-fs (loop2): 1 truncate cleaned up
[  145.883393][ T6350] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  146.662172][ T4323] EXT4-fs (loop2): unmounting filesystem.
[  153.609593][ T4334] Bluetooth: hci1: command 0x0406 tx timeout
[  153.609681][ T4332] Bluetooth: hci2: command 0x0406 tx timeout
[  153.622364][ T4328] Bluetooth: hci0: command 0x0406 tx timeout
[  153.623348][ T4328] Bluetooth: hci4: command 0x0406 tx timeout
[  157.556262][ T6360] netlink: 'syz.1.554': attribute type 3 has an invalid length.
[  157.557630][ T6360] netlink: 'syz.1.554': attribute type 3 has an invalid length.
[  157.559769][ T6362] bond0: (slave netdevsim0): Error: Slave device does not support XDP
[  157.699279][ T6381] binder: 6377:6381 tried to acquire reference to desc 0, got 1 instead
[  157.712614][ T4375] binder: release 6377:6381 transaction 44 out, still active
[  157.713916][ T4375] binder: undelivered TRANSACTION_COMPLETE
[  157.714792][ T4375] binder: undelivered TRANSACTION_COMPLETE
[  157.729076][ T4375] binder: undelivered transaction 43, process died.
[  157.731551][ T4375] binder: send failed reply for transaction 44, target dead
[  163.556916][ T6456] tipc: Started in network mode
[  163.558008][ T6456] tipc: Node identity ac1414aa, cluster identity 4711
[  163.561850][ T6456] tipc: Enabled bearer <udp:syz2>, priority 10
[  163.572273][ T6456] tipc: Enabled bearer <eth:team0>, priority 0
[  164.253089][ T6472] netlink: 76 bytes leftover after parsing attributes in process `syz.3.581'.
[  164.855515][ T4703] tipc: Node number set to 2886997162
[  165.387316][ T6495] tipc: Enabled bearer <udp:syz2>, priority 10
[  165.390830][ T6495] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  165.896136][ T6508] netlink: 28 bytes leftover after parsing attributes in process `syz.3.592'.
[  165.945237][ T6513] netlink: 12 bytes leftover after parsing attributes in process `syz.3.594'.
[  165.975366][ T6513] 8021q: adding VLAN 0 to HW filter on device bond5
[  165.978699][ T6513] bond4: (slave bond5): Enslaving as an active interface with an up link
[  165.993202][ T6513] netlink: 28 bytes leftover after parsing attributes in process `syz.3.594'.
[  165.995532][ T6513] 8021q: adding VLAN 0 to HW filter on device bond4
[  167.164124][ T6538] netlink: 'syz.4.600': attribute type 1 has an invalid length.
[  167.194098][ T6538] 8021q: adding VLAN 0 to HW filter on device bond3
[  167.203026][ T6541] netlink: 4 bytes leftover after parsing attributes in process `syz.0.601'.
[  167.217584][ T6538] 8021q: adding VLAN 0 to HW filter on device bond3
[  167.219103][ T6538] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  167.221935][ T6538] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  167.508955][ T6547] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  167.508955][ T6547] The task syz.2.597 (6547) triggered the difference, watch for misbehavior.
[  167.516128][ T6544] device gretap1 entered promiscuous mode
[  167.518488][ T6544] bond3: (slave gretap1): making interface the new active one
[  167.521937][ T6544] bond3: (slave gretap1): Enslaving as an active interface with an up link
[  167.537773][ T6544] device macvlan2 entered promiscuous mode
[  167.539296][ T6544] device bond3 entered promiscuous mode
[  167.541410][ T6544] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  167.590716][ T6544] bond3: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1
[  167.640842][ T6544] device bond3 left promiscuous mode
[  167.835758][ T6555] tipc: Started in network mode
[  167.836701][ T6555] tipc: Node identity ac1414aa, cluster identity 4711
[  167.839785][ T6555] tipc: Enabled bearer <udp:syz2>, priority 10
[  167.843670][ T6555] tipc: Enabled bearer <eth:team0>, priority 0
[  167.897933][ T6558] netlink: 4 bytes leftover after parsing attributes in process `syz.4.604'.
[  168.002936][ T6561] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  168.983444][ T6573] netlink: 16 bytes leftover after parsing attributes in process `syz.4.610'.
[  169.005271][ T4390] tipc: Node number set to 2886997162
[  169.019183][ T6573] netlink: 16 bytes leftover after parsing attributes in process `syz.4.610'.
[  169.027778][ T6575] netlink: 8 bytes leftover after parsing attributes in process `syz.2.611'.
[  169.033578][ T6575] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  170.150721][ T6610] netlink: 8 bytes leftover after parsing attributes in process `syz.3.620'.
[  170.154385][ T6610] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready
[  170.157602][ T6604] netlink: 12 bytes leftover after parsing attributes in process `syz.0.621'.
[  170.172250][ T6604] tipc: Enabled bearer <udp:syz0>, priority 10
[  170.176497][ T6610] netlink: 36 bytes leftover after parsing attributes in process `syz.3.620'.
[  170.178180][ T6610] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready
[  172.465741][   T27] audit: type=1326 audit(172.450:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.2.631" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa475b9e8 code=0x7fc00000
[  172.472667][   T27] audit: type=1326 audit(172.460:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.2.631" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffa475b9e8 code=0x7fc00000
[  172.486670][   T27] audit: type=1326 audit(172.470:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.2.631" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa475b9e8 code=0x7fc00000
[  172.526339][ T6662] loop2: detected capacity change from 0 to 256
[  172.528768][ T6662] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  172.533596][ T6662] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  172.834119][ T6662] netlink: 12 bytes leftover after parsing attributes in process `syz.2.634'.
[  174.938612][ T6707] loop1: detected capacity change from 0 to 2048
[  174.986849][ T6707] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  175.827574][ T6720] netlink: 'syz.0.649': attribute type 1 has an invalid length.
[  175.863867][ T6720] 8021q: adding VLAN 0 to HW filter on device bond3
[  175.914646][ T6720] 8021q: adding VLAN 0 to HW filter on device bond3
[  175.915915][ T6720] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  175.920744][ T6720] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  175.941557][ T4322] EXT4-fs (loop1): unmounting filesystem.
[  175.952847][ T6730] device batadv_slave_1 entered promiscuous mode
[  176.882421][ T6730] bond3: (slave batadv_slave_1): making interface the new active one
[  176.884357][ T6730] bond3: (slave batadv_slave_1): Enslaving as an active interface with an up link
[  176.968589][ T6720] netlink: 28 bytes leftover after parsing attributes in process `syz.0.649'.
[  177.286732][ T6720] 8021q: adding VLAN 0 to HW filter on device bond3
[  177.313363][ T6749] netlink: 28 bytes leftover after parsing attributes in process `syz.2.657'.
[  177.349278][ T6751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  177.352070][ T6751] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  177.773779][ T6761] xt_hashlimit: overflow, try lower: 18446744073709551615/255
[  178.064010][ T6769] netlink: 12 bytes leftover after parsing attributes in process `syz.2.663'.
[  178.185227][ T6773] netlink: 'syz.1.665': attribute type 11 has an invalid length.
[  178.217063][ T6777] loop2: detected capacity change from 0 to 2048
[  178.940040][ T6777] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  178.968089][ T6791] netlink: 12 bytes leftover after parsing attributes in process `syz.4.670'.
[  179.011424][ T6791] tipc: Enabled bearer <udp:syz0>, priority 10
[  180.664383][ T4578] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm kworker/u4:10: bg 0: block 234: padding at end of block bitmap is not set
[  180.744894][ T4578] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 28
[  180.747230][ T4578] EXT4-fs (loop2): This should not happen!! Data will be lost
[  180.747230][ T4578] 
[  180.748614][ T4578] EXT4-fs (loop2): Total free blocks count 0
[  180.754220][ T4578] EXT4-fs (loop2): Free/Dirty block details
[  180.755205][ T4578] EXT4-fs (loop2): free_blocks=0
[  180.756047][ T4578] EXT4-fs (loop2): dirty_blocks=8192
[  180.756926][ T4578] EXT4-fs (loop2): Block reservation details
[  180.757858][ T4578] EXT4-fs (loop2): i_reserved_data_blocks=512
[  180.789410][ T4578] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 2048 with error 28
[  181.354147][ T6835] loop4: detected capacity change from 0 to 128
[  181.627611][ T6835] EXT4-fs (loop4): Test dummy encryption mode enabled
[  181.643294][ T6835] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  181.650466][ T6835] netlink: 4 bytes leftover after parsing attributes in process `syz.4.682'.
[  181.654160][ T6835] netlink: 4 bytes leftover after parsing attributes in process `syz.4.682'.
[  181.684439][ T6841] loop1: detected capacity change from 0 to 16
[  181.697616][ T6841] erofs: (device loop1): mounted with root inode @ nid 36.
[  181.697621][ T4324] EXT4-fs (loop4): unmounting filesystem.
[  181.778487][ T6844] loop4: detected capacity change from 0 to 1024
[  181.794940][ T6844] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  181.805724][ T6844] EXT4-fs error (device loop4): ext4_search_dir:1549: inode #12: block 7: comm syz.4.684: bad entry in directory: inode out of bounds - offset=0, inode=150994957, rec_len=16, size=56 fake=0
[  182.144381][ T4324] EXT4-fs (loop4): unmounting filesystem.
[  182.541590][ T6859] netlink: 12 bytes leftover after parsing attributes in process `syz.2.689'.
[  182.623660][ T6862] bridge4: port 1(veth9) entered blocking state
[  182.624916][ T6862] bridge4: port 1(veth9) entered disabled state
[  182.626966][ T6862] device veth9 entered promiscuous mode
[  182.641872][ T6864] bridge4: port 2(veth0_to_bond) entered blocking state
[  182.649739][ T6864] bridge4: port 2(veth0_to_bond) entered disabled state
[  182.653439][ T6864] device veth0_to_bond entered promiscuous mode
[  182.660486][ T6869] loop0: detected capacity change from 0 to 512
[  182.664793][ T6859] bridge4: port 3(veth11) entered blocking state
[  182.665607][ T6869] EXT4-fs: Ignoring removed nobh option
[  182.666068][ T6859] bridge4: port 3(veth11) entered disabled state
[  182.668665][ T6859] device veth11 entered promiscuous mode
[  182.671704][ T6869] EXT4-fs (loop0): Test dummy encryption mode enabled
[  182.914466][ T6869] EXT4-fs error (device loop0): __ext4_iget:5091: inode #11: block 1: comm syz.0.691: invalid block
[  182.924394][ T6869] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.691: couldn't read orphan inode 11 (err -117)
[  182.973422][ T6869] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  183.590059][ T4320] EXT4-fs (loop0): unmounting filesystem.
[  183.640764][ T6892] netlink: 'syz.0.696': attribute type 10 has an invalid length.
[  183.642261][ T6892] tipc: Resetting bearer <eth:team0>
[  183.673485][ T6892] tipc: Resetting bearer <eth:team0>
[  183.680337][ T6892] 8021q: adding VLAN 0 to HW filter on device team0
[  183.682487][ T6892] bond0: (slave team0): Enslaving as an active interface with an up link
[  183.735287][ T6892] 8021q: adding VLAN 0 to HW filter on device bond4
[  183.767525][ T6892] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  183.775014][ T6892] bond4: (slave macvlan2): Enslaving as a backup interface with an up link
[  183.921668][ T5280] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  183.931910][ T4578] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready
[  184.049949][ T1772] bond4: (slave macvlan2): link status up again after 0 ms
[  184.051599][ T6897] netlink: 24 bytes leftover after parsing attributes in process `syz.0.698'.
[  184.052427][ T1772] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  184.069948][ T1772] bond4: (slave macvlan2): link status up again after 0 ms
[  184.086207][ T1772] bond4: (slave macvlan2): failed to get link speed/duplex
[  184.177202][ T6900] netlink: 'syz.3.701': attribute type 1 has an invalid length.
[  184.189802][ T6900] 8021q: adding VLAN 0 to HW filter on device bond6
[  184.200066][ T1772] bond4: (slave macvlan2): failed to get link speed/duplex
[  184.315862][ T1771] bond4: (slave macvlan2): failed to get link speed/duplex
[  184.540654][ T4578] bond4: (slave macvlan2): failed to get link speed/duplex
[  184.597026][ T6900] bond6: (slave veth5): Enslaving as an active interface with a down link
[  184.611140][ T6908] binder: 6907:6908 ioctl c00c620f 0 returned -14
[  184.628270][ T6900] device veth0_to_bond entered promiscuous mode
[  184.634976][ T6900] device veth0_to_bond left promiscuous mode
[  184.642606][ T6900] bond6: (slave vlan2): Enslaving as an active interface with a down link
[  184.649992][ T1771] bond4: (slave macvlan2): failed to get link speed/duplex
[  184.721231][ T6914] netlink: 12 bytes leftover after parsing attributes in process `syz.4.705'.
[  184.752949][ T6914] bridge2: port 1(veth5) entered blocking state
[  184.754363][ T6914] bridge2: port 1(veth5) entered disabled state
[  184.758151][ T6914] device veth5 entered promiscuous mode
[  185.137172][ T6914] bridge2: port 2(veth0_to_bond) entered blocking state
[  185.141403][ T6914] bridge2: port 2(veth0_to_bond) entered disabled state
[  185.143029][ T6914] device veth0_to_bond entered promiscuous mode
[  185.163788][ T6923] loop2: detected capacity change from 0 to 512
[  185.171776][ T6923] EXT4-fs: Ignoring removed nobh option
[  185.175240][ T6914] bridge2: port 3(veth7) entered blocking state
[  185.176790][ T6914] bridge2: port 3(veth7) entered disabled state
[  185.178595][ T6914] device veth7 entered promiscuous mode
[  185.181516][    T9] bond4: (slave macvlan2): failed to get link speed/duplex
[  185.190021][ T6923] EXT4-fs (loop2): Test dummy encryption mode enabled
[  185.203244][ T6923] EXT4-fs error (device loop2): __ext4_iget:5091: inode #11: block 1: comm syz.2.707: invalid block
[  185.205341][ T6923] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.707: couldn't read orphan inode 11 (err -117)
[  185.207379][ T6923] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  185.289452][    T9] bond4: (slave macvlan2): failed to get link speed/duplex
[  185.777103][ T1771] bond4: (slave macvlan2): failed to get link speed/duplex
[  185.799300][ T4323] EXT4-fs (loop2): unmounting filesystem.
[  186.442552][ T6948] loop4: detected capacity change from 0 to 8192
[  186.817748][ T6952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.715'.
[  186.822479][ T6952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.715'.
[  187.342119][ T6964] netlink: 28 bytes leftover after parsing attributes in process `syz.4.719'.
[  187.351005][ T6968] netlink: 28 bytes leftover after parsing attributes in process `syz.3.722'.
[  187.370980][ T2061] ieee802154 phy0 wpan0: encryption failed: -22
[  187.372076][ T2061] ieee802154 phy1 wpan1: encryption failed: -22
[  188.441687][ T6980] I/O error, dev loop4, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  188.444041][ T6980] isofs_fill_super: bread failed, dev=loop4, iso_blknum=16, block=32
[  188.511769][ T6978] netlink: 'syz.3.725': attribute type 1 has an invalid length.
[  188.519650][ T6978] 8021q: adding VLAN 0 to HW filter on device bond7
[  188.544596][ T6986] 8021q: adding VLAN 0 to HW filter on device bond7
[  188.547172][ T6986] bond7: (slave vxcan3): The slave device specified does not support setting the MAC address
[  188.551017][ T6986] bond7: (slave vxcan3): Error -95 calling set_mac_address
[  188.575327][ T6978] device batadv_slave_1 entered promiscuous mode
[  188.579523][ T4332] Bluetooth: hci4: command 0x0406 tx timeout
[  188.618422][ T6978] bond7: (slave batadv_slave_1): making interface the new active one
[  188.626145][ T6978] bond7: (slave batadv_slave_1): Enslaving as an active interface with an up link
[  188.996808][ T6978] netlink: 28 bytes leftover after parsing attributes in process `syz.3.725'.
[  188.999192][ T6978] 8021q: adding VLAN 0 to HW filter on device bond7
[  189.012797][ T6997] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  189.033321][ T5280] net_ratelimit: 10 callbacks suppressed
[  189.033336][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  189.174751][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  189.343865][   T11] bond4: (slave macvlan2): failed to get link speed/duplex
[  189.543268][  T887] bond4: (slave macvlan2): failed to get link speed/duplex
[  189.649744][   T39] bond4: (slave macvlan2): failed to get link speed/duplex
[  189.770594][   T11] bond4: (slave macvlan2): failed to get link speed/duplex
[  189.880540][ T4772] bond4: (slave macvlan2): failed to get link speed/duplex
[  189.989744][ T4772] bond4: (slave macvlan2): failed to get link speed/duplex
[  190.044515][ T7020] netlink: 28 bytes leftover after parsing attributes in process `syz.3.735'.
[  190.100402][   T11] bond4: (slave macvlan2): failed to get link speed/duplex
[  190.131862][ T7017] serio: Serial port pts0
[  190.210225][  T887] bond4: (slave macvlan2): failed to get link speed/duplex
[  190.881034][ T7057] netlink: 'syz.2.746': attribute type 10 has an invalid length.
[  191.371484][ T7057] 8021q: adding VLAN 0 to HW filter on device team0
[  191.373434][ T7057] bond0: (slave team0): Enslaving as an active interface with an up link
[  191.473172][ T7057] 8021q: adding VLAN 0 to HW filter on device bond3
[  191.476892][ T7062] device bond_slave_0 entered promiscuous mode
[  191.478013][ T7062] device bond_slave_1 entered promiscuous mode
[  191.478970][ T7062] device netdevsim0 entered promiscuous mode
[  191.480947][ T7062] device team_slave_0 entered promiscuous mode
[  191.481969][ T7062] device team_slave_1 entered promiscuous mode
[  191.483920][ T7062] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  191.485484][ T7062] bond3: (slave macvlan2): unknown ethtool speed (30000) for port 1 (set it to 0)
[  191.487097][ T7062] bond3: (slave macvlan2): speed changed to 0 on port 1
[  191.489166][ T7062] bond3: (slave macvlan2): Enslaving as a backup interface with an up link
[  191.665329][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[  191.918512][ T7074] device syzkaller0 entered promiscuous mode
[  192.154409][ T7084] netlink: 'syz.2.755': attribute type 1 has an invalid length.
[  192.170901][ T7084] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  192.172322][ T7084] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  192.173814][ T7084] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  192.175149][ T7084] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  192.178901][ T7084] bond4: (slave geneve2): making interface the new active one
[  192.182911][ T7084] bond4: (slave geneve2): Enslaving as an active interface with an up link
[  192.194250][ T7084] netlink: 28 bytes leftover after parsing attributes in process `syz.2.755'.
[  192.198801][ T7084] 8021q: adding VLAN 0 to HW filter on device bond4
[  192.408758][ T7099] loop1: detected capacity change from 0 to 2048
[  192.456085][ T7099] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  194.069525][ T4829] net_ratelimit: 15 callbacks suppressed
[  194.069556][ T4829] bond4: (slave macvlan2): failed to get link speed/duplex
[  194.135469][ T4829] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm kworker/u4:14: bg 0: block 234: padding at end of block bitmap is not set
[  194.139007][ T4829] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 28
[  194.141330][ T4829] EXT4-fs (loop1): This should not happen!! Data will be lost
[  194.141330][ T4829] 
[  194.142728][ T4829] EXT4-fs (loop1): Total free blocks count 0
[  194.143602][ T4829] EXT4-fs (loop1): Free/Dirty block details
[  194.172633][ T4829] EXT4-fs (loop1): free_blocks=0
[  194.173423][ T4829] EXT4-fs (loop1): dirty_blocks=6432
[  194.174281][ T4829] EXT4-fs (loop1): Block reservation details
[  194.179579][ T4477] bond4: (slave macvlan2): failed to get link speed/duplex
[  194.256283][ T4829] EXT4-fs (loop1): i_reserved_data_blocks=402
[  194.352303][ T7115] IPv6: NLM_F_REPLACE set, but no existing node found!
[  194.360323][ T4477] bond4: (slave macvlan2): failed to get link speed/duplex
[  194.496545][ T5202] bond4: (slave macvlan2): failed to get link speed/duplex
[  194.575403][ T4829] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 2048 with error 28
[  194.599892][   T39] bond4: (slave macvlan2): failed to get link speed/duplex
[  194.719980][ T4772] bond4: (slave macvlan2): failed to get link speed/duplex
[  194.850606][ T5202] bond4: (slave macvlan2): failed to get link speed/duplex
[  194.959768][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  195.069665][   T11] bond4: (slave macvlan2): failed to get link speed/duplex
[  195.110664][ T7127] netlink: 'syz.1.760': attribute type 10 has an invalid length.
[  195.112155][ T7127] tipc: Resetting bearer <eth:team0>
[  195.136271][ T7127] tipc: Resetting bearer <eth:team0>
[  195.153083][ T7127] 8021q: adding VLAN 0 to HW filter on device team0
[  195.209650][ T7127] tipc: Resetting bearer <eth:team0>
[  195.512732][ T7127] tipc: Resetting bearer <eth:team0>
[  195.516621][ T7129] bond2: option mode: unable to set because the bond device has slaves
[  195.518180][ T7131] netlink: 'syz.4.768': attribute type 1 has an invalid length.
[  196.331198][ T7137] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  196.339080][ T7137] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  196.346048][ T7137] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  196.347703][ T7137] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  196.356588][ T7137] bond4: (slave geneve2): making interface the new active one
[  196.363136][ T7137] bond4: (slave geneve2): Enslaving as an active interface with an up link
[  196.446526][ T7131] netlink: 28 bytes leftover after parsing attributes in process `syz.4.768'.
[  196.463476][ T7131] 8021q: adding VLAN 0 to HW filter on device bond4
[  196.485521][ T7152] Bluetooth: MGMT ver 1.22
[  196.488164][ T7152] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes
[  196.510559][    T9] bond4: (slave macvlan2): failed to get link speed/duplex
[  196.937313][ T7160] loop1: detected capacity change from 0 to 512
[  198.012251][ T7183] wg1 speed is unknown, defaulting to 1000
[  198.134034][ T7183] loop2: detected capacity change from 0 to 512
[  198.135461][ T7183] EXT4-fs: Ignoring removed mblk_io_submit option
[  198.136526][ T7183] EXT4-fs: Ignoring removed bh option
[  198.140250][ T7183] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  198.142061][ T7183] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  198.481745][ T7183] EXT4-fs (loop2): 1 truncate cleaned up
[  198.482709][ T7183] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  198.544265][ T7196] netlink: 28 bytes leftover after parsing attributes in process `syz.0.783'.
[  198.544364][ T4323] EXT4-fs (loop2): unmounting filesystem.
[  198.545699][ T7196] netlink: 8 bytes leftover after parsing attributes in process `syz.0.783'.
[  198.561744][ T7196] netlink: 'syz.0.783': attribute type 10 has an invalid length.
[  198.563670][ T7196] tipc: Resetting bearer <eth:team0>
[  198.565167][ T7196] bond0: (slave team0): Releasing backup interface
[  198.662083][ T7196] tipc: Resetting bearer <eth:team0>
[  198.666610][ T7196] tipc: Resetting bearer <eth:team0>
[  198.667849][ T7196] bridge0: port 1(team0) entered blocking state
[  198.668909][ T7196] bridge0: port 1(team0) entered disabled state
[  198.937182][    T9] bond4: (slave macvlan2): link status definitely down, disabling slave
[  198.983303][ T7209] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes
[  199.577308][ T7222] loop2: detected capacity change from 0 to 512
[  200.356860][ T7231] wg1 speed is unknown, defaulting to 1000
[  200.376659][ T7236] loop1: detected capacity change from 0 to 1764
[  200.556667][ T7239] overlayfs: failed to clone lowerpath
[  200.574371][ T7239] fuse: Bad value for 'fd'
[  202.005197][ T7267] loop0: detected capacity change from 0 to 8
[  202.145033][ T7272] dns_resolver: Unsupported server list version (0)
[  205.400839][ T7329] netlink: 165 bytes leftover after parsing attributes in process `syz.0.817'.
[  207.179234][ T7354] loop0: detected capacity change from 0 to 512
[  209.150013][ T7369] loop4: detected capacity change from 0 to 8
[  209.537373][ T7375] netlink: 24 bytes leftover after parsing attributes in process `syz.2.827'.
[  209.675193][ T7375] netlink: 4 bytes leftover after parsing attributes in process `syz.2.827'.
[  210.720907][ T7395] loop0: detected capacity change from 0 to 1024
[  210.725299][ T7395] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only.
[  212.649302][ T7435] loop2: detected capacity change from 0 to 8
[  212.820972][ T7437] loop0: detected capacity change from 0 to 32768
[  212.828736][ T7437] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  212.830281][ T7437] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  212.840300][ T7437] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  212.846403][   T24] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  212.848764][   T24] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  212.872393][   T24] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 23ms
[  212.876990][   T24] gfs2: fsid=syz:syz.0: jid=0: Done
[  212.879298][ T7437] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  213.031431][ T7437] gfs2: fsid=syz:syz.0: found 1 quota changes
[  213.035783][ T7444] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  213.035783][ T7444]   inode = 11 2339
[  213.035783][ T7444]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 464
[  213.048848][ T7444] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[  213.051368][ T7444] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:7444 [gfs2_quotad] gfs2_quota_sync+0x2e0/0x528
[  213.893840][ T7444] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0
[  213.895168][ T7444] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  213.925784][ T7444] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  213.942977][ T7444] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  213.960013][ T7444] gfs2: fsid=syz:syz.0: File system withdrawn
[  213.961042][ T7444] CPU: 0 PID: 7444 Comm: gfs2_quotad Not tainted syzkaller #0
[  213.962236][ T7444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[  213.963817][ T7444] Call trace:
[  213.964386][ T7444]  dump_backtrace+0x1c8/0x1f4
[  213.965093][ T7444]  show_stack+0x2c/0x3c
[  213.965697][ T7444]  __dump_stack+0x30/0x40
[  213.966363][ T7444]  dump_stack_lvl+0xf8/0x160
[  213.967087][ T7444]  dump_stack+0x1c/0x5c
[  213.967711][ T7444]  gfs2_withdraw+0xf9c/0x13a8
[  213.968405][ T7444]  gfs2_consist_inode_i+0xf0/0x10c
[  213.969121][ T7444]  gfs2_inode_refresh+0x920/0xd54
[  213.969852][ T7444]  inode_go_instantiate+0x4c/0x68
[  213.970555][ T7444]  gfs2_instantiate+0x17c/0x2c4
[  213.971241][ T7444]  gfs2_glock_wait+0x1b4/0x298
[  213.971942][ T7444]  gfs2_glock_nq+0x8bc/0x11d4
[  213.972680][ T7444]  do_sync+0x40c/0xa94
[  213.973276][ T7444]  gfs2_quota_sync+0x2e0/0x528
[  213.973986][ T7444]  gfs2_quotad+0x2d8/0x4fc
[  213.974635][ T7444]  kthread+0x250/0x2d8
[  213.975234][ T7444]  ret_from_fork+0x10/0x20
[  214.530811][ T4320] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[  214.536141][ T4320] CPU: 0 PID: 4320 Comm: syz-executor Not tainted syzkaller #0
[  214.537340][ T4320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[  214.538820][ T4320] Call trace:
[  214.539313][ T4320]  dump_backtrace+0x1c8/0x1f4
[  214.540011][ T4320]  show_stack+0x2c/0x3c
[  214.540654][ T4320]  __dump_stack+0x30/0x40
[  214.541300][ T4320]  dump_stack_lvl+0xf8/0x160
[  214.541994][ T4320]  dump_stack+0x1c/0x5c
[  214.542613][ T4320]  gfs2_assert_warn_i+0x16c/0x26c
[  214.543376][ T4320]  gfs2_quota_cleanup+0x454/0x65c
[  214.544139][ T4320]  gfs2_put_super+0x1f0/0x764
[  214.544879][ T4320]  generic_shutdown_super+0x130/0x324
[  214.545654][ T4320]  kill_block_super+0x70/0xdc
[  214.546331][ T4320]  gfs2_kill_sb+0xc0/0xd4
[  214.546970][ T4320]  deactivate_locked_super+0xac/0x124
[  214.547751][ T4320]  deactivate_super+0xe8/0x108
[  214.548442][ T4320]  cleanup_mnt+0x37c/0x404
[  214.549093][ T4320]  __cleanup_mnt+0x20/0x30
[  214.549745][ T4320]  task_work_run+0x1ec/0x270
[  214.550411][ T4320]  do_notify_resume+0x2038/0x2b28
[  214.551100][ T4320]  el0_svc+0x98/0x138
[  214.551644][ T4320]  el0t_64_sync_handler+0x84/0xf0
[  214.552348][ T4320]  el0t_64_sync+0x18c/0x190
[  214.639199][   T27] audit: type=1326 audit(215.612:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7461 comm="syz.4.852" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9555b9e8 code=0x0
[  215.012297][ T7471] netlink: 'syz.0.856': attribute type 10 has an invalid length.
[  215.019851][ T7471] device wlan1 entered promiscuous mode
[  215.022103][ T7471] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  215.081574][ T4435] bond4: (slave macvlan2): link status up again after 0 ms
[  215.082697][ T4435] net_ratelimit: 9 callbacks suppressed
[  215.082709][ T4435] bond4: (slave macvlan2): failed to get link speed/duplex
[  215.189747][    T9] bond4: (slave macvlan2): failed to get link speed/duplex
[  215.705136][    T9] bond4: (slave macvlan2): failed to get link speed/duplex
[  215.820327][ T6232] bond4: (slave macvlan2): failed to get link speed/duplex
[  215.997399][    T9] bond4: (slave macvlan2): failed to get link speed/duplex
[  216.396997][    T9] bond4: (slave macvlan2): failed to get link speed/duplex
[  216.521062][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  216.640012][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  217.244684][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  217.435459][ T6232] bond4: (slave macvlan2): failed to get link speed/duplex
[  217.817516][ T7513] loop1: detected capacity change from 0 to 8
[  219.210717][ T7536] netlink: 24 bytes leftover after parsing attributes in process `syz.1.870'.
[  220.153211][ T4772] net_ratelimit: 11 callbacks suppressed
[  220.153226][ T4772] bond4: (slave macvlan2): failed to get link speed/duplex
[  220.592324][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  221.026091][ T6232] bond4: (slave macvlan2): failed to get link speed/duplex
[  221.149700][ T6232] bond4: (slave macvlan2): failed to get link speed/duplex
[  221.259498][ T1772] bond4: (slave macvlan2): failed to get link speed/duplex
[  221.362042][ T7569] loop0: detected capacity change from 0 to 8
[  221.371761][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  221.489528][ T5367] bond4: (slave macvlan2): failed to get link speed/duplex
[  221.611556][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  221.968447][ T1772] bond4: (slave macvlan2): failed to get link speed/duplex
[  222.114113][ T6232] bond4: (slave macvlan2): failed to get link speed/duplex
[  222.543146][ T7592] netlink: 24 bytes leftover after parsing attributes in process `syz.1.887'.
[  223.183901][ T7592] netlink: 4 bytes leftover after parsing attributes in process `syz.1.887'.
[  223.495334][ T7610] device geneve3 entered promiscuous mode
[  225.321823][    T9] net_ratelimit: 7 callbacks suppressed
[  225.321837][    T9] bond4: (slave macvlan2): failed to get link speed/duplex
[  225.349837][ T7623] set match dimension is over the limit!
[  225.389744][ T7638] loop4: detected capacity change from 0 to 8
[  225.438472][   T39] bond4: (slave macvlan2): failed to get link speed/duplex
[  225.593592][ T7352] bond4: (slave macvlan2): failed to get link speed/duplex
[  225.789189][ T4540] bond4: (slave macvlan2): failed to get link speed/duplex
[  225.929731][ T6232] bond4: (slave macvlan2): failed to get link speed/duplex
[  226.093346][ T7365] bond4: (slave macvlan2): failed to get link speed/duplex
[  226.421612][ T7365] bond4: (slave macvlan2): failed to get link speed/duplex
[  227.304892][ T7365] bond4: (slave macvlan2): failed to get link speed/duplex
[  227.382705][ T7663] netlink: 'syz.1.909': attribute type 10 has an invalid length.
[  228.212875][ T7663] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  228.223865][ T7672] device geneve3 entered promiscuous mode
[  228.263517][ T6232] bond4: (slave macvlan2): failed to get link speed/duplex
[  228.376040][ T6232] bond4: (slave macvlan2): failed to get link speed/duplex
[  229.074147][ T7699] syz.4.918 uses obsolete (PF_INET,SOCK_PACKET)
[  229.766717][ T7708] binder: 7707:7708 tried to acquire reference to desc 0, got 1 instead
[  229.771012][ T7708] binder: 7707:7708 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  229.773230][ T7708] binder: 7708 RLIMIT_NICE not set
[  229.774039][ T7708] binder: 7708 RLIMIT_NICE not set
[  229.775274][ T7708] binder: 7708 RLIMIT_NICE not set
[  229.783502][ T4703] binder: undelivered TRANSACTION_COMPLETE
[  230.560293][ T5367] net_ratelimit: 11 callbacks suppressed
[  230.561839][ T5367] bond4: (slave macvlan2): failed to get link speed/duplex
[  230.680332][ T7365] bond4: (slave macvlan2): failed to get link speed/duplex
[  230.789569][ T5367] bond4: (slave macvlan2): failed to get link speed/duplex
[  230.981778][ T7735] syz.1.927 sent an empty control message without MSG_MORE.
[  231.294326][ T1772] bond4: (slave macvlan2): failed to get link speed/duplex
[  231.411168][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  231.529773][ T4772] bond4: (slave macvlan2): failed to get link speed/duplex
[  231.589031][ T7739] loop0: detected capacity change from 0 to 2048
[  231.681446][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  232.058513][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  232.071748][ T7739] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  232.381995][ T5367] bond4: (slave macvlan2): failed to get link speed/duplex
[  232.464285][ T7757] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  232.471780][ T7757] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1638 with error 28
[  232.474387][ T7757] EXT4-fs (loop0): This should not happen!! Data will be lost
[  232.474387][ T7757] 
[  232.476394][ T7757] EXT4-fs (loop0): Total free blocks count 0
[  232.477497][ T7757] EXT4-fs (loop0): Free/Dirty block details
[  232.478381][ T7757] EXT4-fs (loop0): free_blocks=2415919104
[  232.479560][ T7757] EXT4-fs (loop0): dirty_blocks=1648
[  232.480386][ T7757] EXT4-fs (loop0): Block reservation details
[  232.481766][ T7757] EXT4-fs (loop0): i_reserved_data_blocks=103
[  232.485512][ T7760] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28
[  232.525118][ T5367] bond4: (slave macvlan2): failed to get link speed/duplex
[  233.544535][   T27] audit: type=1326 audit(234.522:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7770 comm="syz.1.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb735b9e8 code=0x7ffc0000
[  233.554153][   T27] audit: type=1326 audit(234.532:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7770 comm="syz.1.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=230 compat=0 ip=0xffffb735b9e8 code=0x7ffc0000
[  233.568401][   T27] audit: type=1326 audit(234.542:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7770 comm="syz.1.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb735b9e8 code=0x7ffc0000
[  233.591257][   T27] audit: type=1326 audit(234.572:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7770 comm="syz.1.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb735b9e8 code=0x7ffc0000
[  233.813538][   T27] audit: type=1326 audit(234.792:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7770 comm="syz.1.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb735b9e8 code=0x7fc00000
[  233.827603][   T27] audit: type=1326 audit(234.792:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7770 comm="syz.1.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffffb735b9e8 code=0x7fc00000
[  234.129439][   T27] audit: type=1326 audit(234.792:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7770 comm="syz.1.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb735b9e8 code=0x7fc00000
[  234.132665][   T27] audit: type=1326 audit(234.792:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7770 comm="syz.1.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb735b9e8 code=0x7fc00000
[  234.135897][   T27] audit: type=1326 audit(234.792:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7770 comm="syz.1.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb735b9e8 code=0x7fc00000
[  234.139077][   T27] audit: type=1326 audit(234.792:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7770 comm="syz.1.938" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb735b9e8 code=0x7fc00000
[  234.225208][ T7796] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  234.233935][ T7796] netlink: 104 bytes leftover after parsing attributes in process `syz.1.955'.
[  234.297490][ T7796] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  234.301586][ T7796] tipc: Enabled bearer <udp:syz0>, priority 10
[  235.629959][ T7365] net_ratelimit: 14 callbacks suppressed
[  235.632108][ T7365] bond4: (slave macvlan2): failed to get link speed/duplex
[  236.059977][ T5367] bond4: (slave macvlan2): failed to get link speed/duplex
[  236.190028][    T9] bond4: (slave macvlan2): failed to get link speed/duplex
[  236.393654][ T1772] bond4: (slave macvlan2): failed to get link speed/duplex
[  236.411454][ T7828] binder: 7827:7828 tried to acquire reference to desc 0, got 1 instead
[  236.421275][ T7828] binder: 7827:7828 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  236.451722][ T7828] binder: 7828 RLIMIT_NICE not set
[  236.452918][ T7828] binder: 7828 RLIMIT_NICE not set
[  236.784141][ T7352] bond4: (slave macvlan2): failed to get link speed/duplex
[  236.890916][ T4435] bond4: (slave macvlan2): failed to get link speed/duplex
[  237.006224][ T7842] bond4: (slave macvlan2): failed to get link speed/duplex
[  237.093073][ T7828] binder: release 7827:7828 transaction 55 in, still active
[  237.094734][ T7828] binder: send failed reply for transaction 55 to 7827:7828
[  237.116848][ T4704] binder: undelivered TRANSACTION_COMPLETE
[  237.118029][ T4704] binder: undelivered TRANSACTION_ERROR: 29189
[  237.119169][ T4704] binder: send failed reply for transaction 62 to 7827:7844
[  237.120954][ T4704] binder: undelivered TRANSACTION_COMPLETE
[  237.121959][ T4704] binder: undelivered TRANSACTION_ERROR: 29189
[  237.165369][ T7842] bond4: (slave macvlan2): failed to get link speed/duplex
[  237.275119][ T4435] bond4: (slave macvlan2): failed to get link speed/duplex
[  237.662347][ T7842] bond4: (slave macvlan2): failed to get link speed/duplex
[  239.096200][ T7843] loop1: detected capacity change from 0 to 32768
[  239.097681][ T7843] XFS: ikeep mount option is deprecated.
[  239.098554][ T7843] XFS: attr2 mount option is deprecated.
[  239.135797][   T27] kauditd_printk_skb: 62 callbacks suppressed
[  239.135805][   T27] audit: type=1326 audit(240.112:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7871 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9355b9e8 code=0x7ffc0000
[  239.141947][   T27] audit: type=1326 audit(240.122:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7871 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9355b9e8 code=0x7ffc0000
[  239.149447][   T27] audit: type=1326 audit(240.122:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7871 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=211 compat=0 ip=0xffff9355b9e8 code=0x7ffc0000
[  239.154015][   T27] audit: type=1326 audit(240.122:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7871 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9355b9e8 code=0x7ffc0000
[  239.169168][   T27] audit: type=1326 audit(240.122:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7871 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9355b9e8 code=0x7ffc0000
[  239.172589][   T27] audit: type=1326 audit(240.122:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7871 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff93559dd4 code=0x7ffc0000
[  239.175894][   T27] audit: type=1326 audit(240.122:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7871 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9355b9e8 code=0x7ffc0000
[  239.179263][   T27] audit: type=1326 audit(240.122:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7871 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9355b9e8 code=0x7ffc0000
[  239.182636][   T27] audit: type=1326 audit(240.122:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7871 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=29 compat=0 ip=0xffff9355b9e8 code=0x7ffc0000
[  239.185784][   T27] audit: type=1326 audit(240.122:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7871 comm="syz.3.964" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9355b9e8 code=0x7ffc0000
[  239.226838][ T7843] XFS (loop1): Mounting V5 Filesystem
[  239.242872][ T7881] netlink: 'syz.2.965': attribute type 1 has an invalid length.
[  239.264775][ T7881] bond5: (slave vxcan1): The slave device specified does not support setting the MAC address
[  239.267135][ T7881] bond5: (slave vxcan1): Error -95 calling set_mac_address
[  239.289333][ T7843] XFS (loop1): Ending clean mount
[  239.292495][ T7843] XFS (loop1): Quotacheck needed: Please wait.
[  239.315788][ T7843] XFS (loop1): Quotacheck: Done.
[  239.332157][ T7887] bond5: (slave bridge5): Enslaving as an active interface with a down link
[  239.342626][ T7887] device macvlan3 entered promiscuous mode
[  239.345333][ T7887] device bond5 entered promiscuous mode
[  239.346545][ T7887] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  239.370203][ T7887] device bond5 left promiscuous mode
[  239.434223][ T4322] XFS (loop1): Unmounting Filesystem
[  240.719677][ T4829] net_ratelimit: 24 callbacks suppressed
[  240.719703][ T4829] bond4: (slave macvlan2): failed to get link speed/duplex
[  240.829667][   T11] bond4: (slave macvlan2): failed to get link speed/duplex
[  240.960000][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  241.259817][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  241.303826][ T4703] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  241.381600][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  241.500187][ T4829] bond4: (slave macvlan2): failed to get link speed/duplex
[  241.610303][   T11] bond4: (slave macvlan2): failed to get link speed/duplex
[  241.727511][ T4829] bond4: (slave macvlan2): failed to get link speed/duplex
[  241.899632][ T5280] bond4: (slave macvlan2): failed to get link speed/duplex
[  242.121078][ T7935] netlink: 12 bytes leftover after parsing attributes in process `syz.2.979'.
[  242.170560][ T7935] HTB: quantum of class 800D0008 is small. Consider r2q change.
[  242.698085][ T7949] binder: 7948:7949 tried to acquire reference to desc 0, got 1 instead
[  242.754431][ T7950] set match dimension is over the limit!
[  243.192313][ T7949] binder: 7948:7949 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  243.201193][ T7949] binder: 7949 RLIMIT_NICE not set
[  243.202113][ T7949] binder: 7949 RLIMIT_NICE not set
[  243.205953][ T7949] binder: release 7948:7949 transaction 74 out, still active
[  243.207189][ T7949] binder: release 7948:7949 transaction 67 in, still active
[  243.208442][ T7949] binder: undelivered TRANSACTION_COMPLETE
[  243.226103][ T4436] binder: release 7948:7949 transaction 67 out, still active
[  243.227432][ T4436] binder: undelivered TRANSACTION_COMPLETE
[  243.228289][ T4436] binder: send failed reply for transaction 74, target dead
[  243.229849][ T4436] binder: send failed reply for transaction 67, target dead
[  243.335387][ T7964] loop4: detected capacity change from 0 to 2048
[  243.680867][ T7964] Alternate GPT is invalid, using primary GPT.
[  243.683427][ T7964]  loop4: p2 p3 p7
[  244.297298][ T6382] udevd[6382]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  244.315508][ T6371] udevd[6371]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[  244.327420][ T6857] udevd[6857]: inotify_add_watch(7, /dev/loop4p7, 10) failed: No such file or directory
[  244.414174][ T6857] udevd[6857]: inotify_add_watch(7, /dev/loop4p7, 10) failed: No such file or directory
[  244.414351][ T6382] udevd[6382]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  244.447072][ T6371] udevd[6371]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[  244.796602][ T7990] device syzkaller0 entered promiscuous mode
[  244.972306][ T7444] ==================================================================
[  244.973647][ T7444] BUG: KASAN: use-after-free in __lock_acquire+0xf0/0x6544
[  244.974704][ T7444] Read of size 8 at addr ffff000103760bb0 by task gfs2_quotad/7444
[  244.975729][ T7444] 
[  244.976049][ T7444] CPU: 1 PID: 7444 Comm: gfs2_quotad Not tainted syzkaller #0
[  244.977108][ T7444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[  244.978649][ T7444] Call trace:
[  244.979133][ T7444]  dump_backtrace+0x1c8/0x1f4
[  244.979864][ T7444]  show_stack+0x2c/0x3c
[  244.980511][ T7444]  __dump_stack+0x30/0x40
[  244.981139][ T7444]  dump_stack_lvl+0xf8/0x160
[  244.981800][ T7444]  print_address_description+0x88/0x218
[  244.982638][ T7444]  print_report+0x50/0x68
[  244.983294][ T7444]  kasan_report+0xa8/0x100
[  244.983931][ T7444]  __asan_report_load8_noabort+0x2c/0x38
[  244.984701][ T7444]  __lock_acquire+0xf0/0x6544
[  244.985336][ T7444]  lock_acquire+0x20c/0x644
[  244.986018][ T7444]  _raw_spin_lock_irqsave+0x6c/0xb4
[  244.986782][ T7444]  finish_wait+0xc8/0x1ac
[  244.987439][ T7444]  gfs2_quotad+0x390/0x4fc
[  244.988141][ T7444]  kthread+0x250/0x2d8
[  244.988797][ T7444]  ret_from_fork+0x10/0x20
[  244.989492][ T7444] 
[  244.989816][ T7444] Allocated by task 7780:
[  244.990431][ T7444]  kasan_set_track+0x4c/0x80
[  244.991093][ T7444]  kasan_save_alloc_info+0x28/0x34
[  244.991851][ T7444]  __kasan_kmalloc+0xa0/0xb8
[  244.992458][ T7444]  __kmalloc_node_track_caller+0xe0/0x16c
[  244.993237][ T7444]  krealloc+0xa0/0x154
[  244.993860][ T7444]  copy_verifier_state+0x55c/0x978
[  244.994656][ T7444]  do_check_common+0x2e68/0x9bfc
[  244.995411][ T7444]  bpf_check+0x3170/0xd4d4
[  244.996057][ T7444]  bpf_prog_load+0xe08/0x1284
[  244.996740][ T7444]  __sys_bpf+0x47c/0x634
[  244.997335][ T7444]  __arm64_sys_bpf+0x80/0x98
[  244.998081][ T7444]  invoke_syscall+0x98/0x2bc
[  244.998798][ T7444]  el0_svc_common+0x138/0x258
[  244.999588][ T7444]  do_el0_svc+0x58/0x13c
[  245.000263][ T7444]  el0_svc+0x58/0x138
[  245.000884][ T7444]  el0t_64_sync_handler+0x84/0xf0
[  245.001619][ T7444]  el0t_64_sync+0x18c/0x190
[  245.002307][ T7444] 
[  245.002679][ T7444] Freed by task 7780:
[  245.003277][ T7444]  kasan_set_track+0x4c/0x80
[  245.003960][ T7444]  kasan_save_free_info+0x3c/0x60
[  245.004687][ T7444]  ____kasan_slab_free+0x148/0x1b0
[  245.005443][ T7444]  __kasan_slab_free+0x18/0x28
[  245.006228][ T7444]  slab_free_freelist_hook+0x16c/0x1ec
[  245.007006][ T7444]  __kmem_cache_free+0xc0/0x224
[  245.007708][ T7444]  kfree+0xd0/0x1ac
[  245.008300][ T7444]  free_verifier_state+0xc0/0x200
[  245.009062][ T7444]  do_check_common+0x94c4/0x9bfc
[  245.009852][ T7444]  bpf_check+0x3170/0xd4d4
[  245.010504][ T7444]  bpf_prog_load+0xe08/0x1284
[  245.011206][ T7444]  __sys_bpf+0x47c/0x634
[  245.011824][ T7444]  __arm64_sys_bpf+0x80/0x98
[  245.012474][ T7444]  invoke_syscall+0x98/0x2bc
[  245.013166][ T7444]  el0_svc_common+0x138/0x258
[  245.013878][ T7444]  do_el0_svc+0x58/0x13c
[  245.014503][ T7444]  el0_svc+0x58/0x138
[  245.015076][ T7444]  el0t_64_sync_handler+0x84/0xf0
[  245.015776][ T7444]  el0t_64_sync+0x18c/0x190
[  245.016489][ T7444] 
[  245.016837][ T7444] The buggy address belongs to the object at ffff000103760000
[  245.016837][ T7444]  which belongs to the cache kmalloc-8k of size 8192
[  245.018820][ T7444] The buggy address is located 2992 bytes inside of
[  245.018820][ T7444]  8192-byte region [ffff000103760000, ffff000103762000)
[  245.020915][ T7444] 
[  245.021273][ T7444] The buggy address belongs to the physical page:
[  245.022245][ T7444] page:0000000005bacb51 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x143760
[  245.023735][ T7444] head:0000000005bacb51 order:3 compound_mapcount:0 compound_pincount:0
[  245.024961][ T7444] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[  245.026135][ T7444] raw: 05ffc00000010200 fffffc00037abc00 dead000000000003 ffff0000c0002c00
[  245.027448][ T7444] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[  245.028732][ T7444] page dumped because: kasan: bad access detected
[  245.029675][ T7444] 
[  245.030075][ T7444] Memory state around the buggy address:
[  245.030889][ T7444]  ffff000103760a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  245.032138][ T7444]  ffff000103760b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  245.033384][ T7444] >ffff000103760b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  245.034594][ T7444]                                      ^
[  245.035388][ T7444]  ffff000103760c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  245.036527][ T7444]  ffff000103760c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  245.037711][ T7444] ==================================================================
[  245.038866][ T7444] Disabling lock debugging due to kernel taint
[  245.039766][ T7444] INFO: trying to register non-static key.
[  245.040617][ T7444] The code is fine but needs lockdep annotation, or maybe
[  245.041645][ T7444] you didn't initialize this object before use?
[  245.042554][ T7444] turning off the locking correctness validator.
[  245.043480][ T7444] CPU: 1 PID: 7444 Comm: gfs2_quotad Tainted: G    B              syzkaller #0
[  245.044820][ T7444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[  245.046309][ T7444] Call trace:
[  245.046784][ T7444]  dump_backtrace+0x1c8/0x1f4
[  245.047460][ T7444]  show_stack+0x2c/0x3c
[  245.048138][ T7444]  __dump_stack+0x30/0x40
[  245.048828][ T7444]  dump_stack_lvl+0xf8/0x160
[  245.049520][ T7444]  dump_stack+0x1c/0x5c
[  245.050185][ T7444]  assign_lock_key+0x224/0x258
[  245.050946][ T7444]  register_lock_class+0x1ac/0x694
[  245.051789][ T7444]  __lock_acquire+0x150/0x6544
[  245.052548][ T7444]  lock_acquire+0x20c/0x644
[  245.053250][ T7444]  _raw_spin_lock_irqsave+0x6c/0xb4
[  245.054079][ T7444]  finish_wait+0xc8/0x1ac
[  245.054771][ T7444]  gfs2_quotad+0x390/0x4fc
[  245.055467][ T7444]  kthread+0x250/0x2d8
[  245.056080][ T7444]  ret_from_fork+0x10/0x20
[  245.056849][ T7444] list_del corruption. prev->next should be ffff800023407d98, but was 0000000000000000. (prev=ffff000103760bd8)
[  245.058703][ T7444] ------------[ cut here ]------------
[  245.059512][ T7444] kernel BUG at lib/list_debug.c:61!
[  245.060290][ T7444] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
[  245.061390][ T7444] Modules linked in:
[  245.061981][ T7444] CPU: 1 PID: 7444 Comm: gfs2_quotad Tainted: G    B              syzkaller #0
[  245.063344][ T7444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[  245.064916][ T7444] pstate: 624000c5 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
[  245.066091][ T7444] pc : __list_del_entry_valid+0x13c/0x158
[  245.066976][ T7444] lr : __list_del_entry_valid+0x13c/0x158
[  245.067851][ T7444] sp : ffff800023407c70
[  245.068484][ T7444] x29: ffff800023407c70 x28: 0000000000000000 x27: 0000000000000bb8
[  245.069710][ T7444] x26: 0000000000001770 x25: dfff800000000000 x24: dfff800000000000
[  245.070951][ T7444] x23: ffff0001037607c0 x22: dfff800000000000 x21: ffff000103760bd8
[  245.072248][ T7444] x20: ffff000103760bd8 x19: ffff800023407d98 x18: ffff800011abbcc0
[  245.073583][ T7444] x17: 20747562202c3839 x16: ffff8000082e7de8 x15: 0000000000000000
[  245.074786][ T7444] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100
[  245.076022][ T7444] x11: ff0080000830a28c x10: 0000000000000000 x9 : c03efeec36988000
[  245.077283][ T7444] x8 : c03efeec36988000 x7 : 0000000000000001 x6 : 0000000000000001
[  245.078537][ T7444] x5 : ffff800023407738 x4 : ffff8000151a4920 x3 : ffff80000852e538
[  245.079795][ T7444] x2 : 0000000000000001 x1 : 0000000100000001 x0 : 000000000000006d
[  245.081003][ T7444] Call trace:
[  245.081456][ T7444]  __list_del_entry_valid+0x13c/0x158
[  245.082250][ T7444]  finish_wait+0xd4/0x1ac
[  245.082969][ T7444]  gfs2_quotad+0x390/0x4fc
[  245.083608][ T7444]  kthread+0x250/0x2d8
[  245.084267][ T7444]  ret_from_fork+0x10/0x20
[  245.084978][ T7444] Code: 91028000 aa1303e1 aa1503e3 95bfbbe3 (d4210000) 
[  245.086041][ T7444] ---[ end trace 0000000000000000 ]---
[  245.427205][ T7444] Kernel panic - not syncing: Oops - BUG: Fatal exception
[  245.428173][ T7444] SMP: stopping secondary CPUs
[  245.428856][ T7444] Kernel Offset: disabled
[  245.429492][ T7444] CPU features: 0x080000,000f0097,a65bfea7
[  245.430324][ T7444] Memory Limit: none
[  245.754431][ T7444] Rebooting in 86400 seconds..