[  234.539879][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  234.575263][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  250.485100][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:20964' (ECDSA) to the list of known hosts.
1970/01/01 00:04:42 fuzzer started
1970/01/01 00:04:55 dialing manager at localhost:45091
1970/01/01 00:04:56 checking machine...
1970/01/01 00:04:56 checking revisions...
executing program
1970/01/01 00:05:01 testing simple program...
executing program
[  303.196353][ T2042] cgroup: Unknown subsys name 'net'
[  304.079881][ T2042] cgroup: Unknown subsys name 'rlimit'
executing program
executing program
executing program
executing program
executing program
executing program
[  322.476253][ T2044] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  322.553950][ T2044] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
executing program
executing program
executing program
[  331.401316][ T2044] device hsr_slave_0 entered promiscuous mode
[  331.434499][ T2044] device hsr_slave_1 entered promiscuous mode
executing program
[  335.960096][ T2044] netdevsim netdevsim0 netdevsim0: renamed from eth0
executing program
[  336.154756][ T2044] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  336.271838][ T2044] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  336.391295][ T2044] netdevsim netdevsim0 netdevsim3: renamed from eth3
executing program
executing program
[  343.233487][ T2044] 8021q: adding VLAN 0 to HW filter on device bond0
[  343.669479][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  343.786186][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
executing program
[  347.911829][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  347.936004][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
executing program
[  348.070218][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  348.100149][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  348.222537][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  348.414206][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  348.836220][ T2237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  348.885640][ T2237] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  349.078904][  T832] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  349.130178][  T832] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  349.292869][ T2044] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  350.092825][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  350.096935][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
executing program
executing program
executing program
executing program
[  362.364831][  T832] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  362.395609][  T832] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
executing program
executing program
[  366.736041][  T832] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  366.776119][  T832] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  366.902631][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  366.920101][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  366.975056][ T2044] device veth0_vlan entered promiscuous mode
[  367.229385][ T2044] device veth1_vlan entered promiscuous mode
[  368.001324][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  368.034122][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  368.185795][ T2044] device veth0_macvtap entered promiscuous mode
[  368.324947][ T2044] device veth1_macvtap entered promiscuous mode
[  368.861519][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  368.902900][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
executing program
[  369.083359][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  369.121932][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  369.385735][ T2237] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  369.403151][ T2237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  369.592401][ T2044] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  369.595682][ T2044] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  369.599561][ T2044] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  369.601258][ T2044] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
executing program
1970/01/01 00:06:15 building call list...
executing program
executing program
[  383.270384][   T27] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
executing program
[  384.366026][   T27] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  385.138695][   T27] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  386.281135][   T27] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
executing program
executing program
executing program
[  396.603266][   T27] device hsr_slave_0 left promiscuous mode
[  396.679781][   T27] device hsr_slave_1 left promiscuous mode
executing program
[  397.846470][   T27] device veth1_macvtap left promiscuous mode
[  397.895650][   T27] device veth0_macvtap left promiscuous mode
[  397.944772][   T27] device veth1_vlan left promiscuous mode
[  397.966283][   T27] device veth0_vlan left promiscuous mode
executing program
executing program
executing program
executing program
executing program
[  412.039454][   T27] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  412.384678][   T27] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
executing program
[  415.656569][   T27] bond0 (unregistering): Released all slaves
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  473.386776][ T2037] can: request_module (can-proto-0) failed.
executing program
[  474.521690][ T2037] can: request_module (can-proto-0) failed.
[  475.664938][ T2037] can: request_module (can-proto-0) failed.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  509.161119][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  509.194468][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  509.222188][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  509.256572][ T1861] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
1970/01/01 00:08:55 syscalls: 2853
1970/01/01 00:08:55 code coverage: enabled
1970/01/01 00:08:55 comparison tracing: enabled
1970/01/01 00:08:55 extra coverage: enabled
1970/01/01 00:08:55 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:08:55 setuid sandbox: enabled
1970/01/01 00:08:55 namespace sandbox: enabled
1970/01/01 00:08:55 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:08:55 fault injection: enabled
1970/01/01 00:08:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:08:55 net packet injection: enabled
1970/01/01 00:08:55 net device setup: enabled
1970/01/01 00:08:55 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:08:55 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:08:55 USB emulation: enabled
1970/01/01 00:08:55 hci packet injection: /dev/vhci does not exist
1970/01/01 00:08:55 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:08:55 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:08:55 fetching corpus: 0, signal 0/0 (executing program)
1970/01/01 00:08:55 fetching corpus: 0, signal 0/0 (executing program)
1970/01/01 00:10:02 starting 2 fuzzer processes
00:10:03 executing program 0:
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1000, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4c000000, 0x0, 0x0, 0x23a2430, &(0x7f0000000240))

00:10:03 executing program 1:
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000990000/0x1000)=nil, 0x0, 0x0)
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/clear_refs\x00', 0x1, 0x0)
write$sysctl(r0, &(0x7f0000000000)='3\x00', 0x2)

[  628.924491][ T2565] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  629.026298][ T2565] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  632.046320][ T2564] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  632.168950][ T2564] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  641.166020][ T2565] device hsr_slave_0 entered promiscuous mode
[  641.223633][ T2565] device hsr_slave_1 entered promiscuous mode
[  644.699865][ T2564] device hsr_slave_0 entered promiscuous mode
[  644.725112][ T2564] device hsr_slave_1 entered promiscuous mode
[  644.752491][ T2564] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  644.760166][ T2564] Cannot create hsr debugfs directory
[  649.904677][ T2565] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  650.384538][ T2565] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  650.686744][ T2565] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  650.848879][ T2565] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  659.603164][ T2565] 8021q: adding VLAN 0 to HW filter on device bond0
[  660.464493][ T2209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  660.494498][ T2209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  660.902254][ T2564] 8021q: adding VLAN 0 to HW filter on device bond0
[  661.324068][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  661.383368][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  666.350172][  T832] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  666.406418][  T832] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  666.443763][  T832] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  666.466783][  T832] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  666.505879][  T832] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  666.635428][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  667.146366][ T2209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  667.168276][ T2209] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  667.374358][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  667.396824][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  667.611130][ T2209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  667.663616][ T2209] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  667.901464][ T2237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  667.985235][ T2237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  668.083243][ T2565] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  668.431954][  T832] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  668.953495][ T2209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  669.108715][ T2388] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  669.111674][ T2388] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  670.168540][ T2388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  670.225459][ T2388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  670.265638][ T2388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  670.304710][ T2388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  670.676136][ T2564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  671.751924][ T2389] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  671.755577][ T2389] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  688.799990][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  688.836565][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  694.501039][ T2388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  694.593174][ T2388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  694.700736][ T2565] device veth0_vlan entered promiscuous mode
[  694.793030][ T2388] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  694.824758][ T2388] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  695.334108][ T2565] device veth1_vlan entered promiscuous mode
[  695.670858][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  695.695283][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  696.774230][ T2209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  696.812891][ T2209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  696.922171][ T2565] device veth0_macvtap entered promiscuous mode
[  697.183521][ T2565] device veth1_macvtap entered promiscuous mode
[  697.822576][ T2209] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  697.860812][ T2209] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  697.895297][ T2209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  698.093210][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  698.115997][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  698.271191][ T2565] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  698.287044][ T2565] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  698.292838][ T2565] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  698.294453][ T2565] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  704.142146][ T2209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  704.206968][ T2209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  704.334066][ T3237] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  704.382625][ T3237] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  704.486287][ T2564] device veth0_vlan entered promiscuous mode
[  704.896026][ T2564] device veth1_vlan entered promiscuous mode
00:11:44 executing program 1:
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000990000/0x1000)=nil, 0x0, 0x0)
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/clear_refs\x00', 0x1, 0x0)
write$sysctl(r0, &(0x7f0000000000)='3\x00', 0x2)

[  705.919254][ T3237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  705.961022][ T3237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  706.201487][ T2564] device veth0_macvtap entered promiscuous mode
[  706.249518][ T3237] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  706.490183][ T2564] device veth1_macvtap entered promiscuous mode
[  707.490473][ T3237] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  707.534597][ T3237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  707.796413][ T3237] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  707.823773][ T3237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
00:11:48 executing program 1:
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000990000/0x1000)=nil, 0x0, 0x0)
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/clear_refs\x00', 0x1, 0x0)
write$sysctl(r0, &(0x7f0000000000)='3\x00', 0x2)

[  713.362770][ T3249] EXT4-fs (vda): re-mounted. Quota mode: none.
00:11:53 executing program 1:
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000990000/0x1000)=nil, 0x0, 0x0)
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/clear_refs\x00', 0x1, 0x0)
write$sysctl(r0, &(0x7f0000000000)='3\x00', 0x2)

00:11:54 executing program 0:
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1000, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4c000000, 0x0, 0x0, 0x23a2430, &(0x7f0000000240))

00:11:57 executing program 1:
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1000, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4c000000, 0x0, 0x0, 0x23a2430, &(0x7f0000000240))

[  718.764031][ T3254] EXT4-fs (vda): re-mounted. Quota mode: none.
00:11:59 executing program 0:
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1000, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4c000000, 0x0, 0x0, 0x23a2430, &(0x7f0000000240))

[  720.518194][ T3257] EXT4-fs (vda): re-mounted. Quota mode: none.
00:12:02 executing program 1:
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1000, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4c000000, 0x0, 0x0, 0x23a2430, &(0x7f0000000240))

[  724.876112][ T3260] EXT4-fs (vda): re-mounted. Quota mode: none.
00:12:06 executing program 0:
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1000, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4c000000, 0x0, 0x0, 0x23a2430, &(0x7f0000000240))

[  728.353836][ T3263] EXT4-fs (vda): re-mounted. Quota mode: none.
00:12:09 executing program 1:
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1000, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4c000000, 0x0, 0x0, 0x23a2430, &(0x7f0000000240))

[  731.114945][ T3266] EXT4-fs (vda): re-mounted. Quota mode: none.
00:12:13 executing program 0:
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1000, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4c000000, 0x0, 0x0, 0x23a2430, &(0x7f0000000240))

[  735.460534][ T3269] EXT4-fs (vda): re-mounted. Quota mode: none.
00:12:17 executing program 1:
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000990000/0x1000)=nil, 0x0, 0x0)
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/clear_refs\x00', 0x1, 0x0)
write$sysctl(r0, &(0x7f0000000000)='3\x00', 0x2)

[  738.432030][ T3272] EXT4-fs (vda): re-mounted. Quota mode: none.
00:12:19 executing program 0:
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1000, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4c000000, 0x0, 0x0, 0x23a2430, &(0x7f0000000240))

00:12:22 executing program 1:
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000990000/0x1000)=nil, 0x0, 0x0)
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/clear_refs\x00', 0x1, 0x0)
write$sysctl(r0, &(0x7f0000000000)='3\x00', 0x2)

[  744.162619][ T3277] EXT4-fs (vda): re-mounted. Quota mode: none.
00:12:24 executing program 0:
syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1000, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4c000000, 0x0, 0x0, 0x23a2430, &(0x7f0000000240))

00:12:27 executing program 1:
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000990000/0x1000)=nil, 0x0, 0x0)
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/clear_refs\x00', 0x1, 0x0)
write$sysctl(r0, &(0x7f0000000000)='3\x00', 0x2)

[  749.826354][ T3282] EXT4-fs (vda): re-mounted. Quota mode: none.
00:12:34 executing program 0:
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000990000/0x1000)=nil, 0x0, 0x0)
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/clear_refs\x00', 0x1, 0x0)
write$sysctl(r0, &(0x7f0000000000)='3\x00', 0x2)

00:12:35 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000300), r1)
sendmsg$NLBL_CIPSOV4_C_REMOVE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, r2, 0x1}, 0x14}}, 0x0)

00:12:38 executing program 0:
syz_io_uring_setup(0x884, &(0x7f0000000080), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000990000/0x1000)=nil, 0x0, 0x0)
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/clear_refs\x00', 0x1, 0x0)
write$sysctl(r0, &(0x7f0000000000)='3\x00', 0x2)

00:12:39 executing program 1:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000300), r1)
sendmsg$NLBL_CIPSOV4_C_REMOVE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, r2, 0x1}, 0x14}}, 0x0)

[  762.455316][ T3292] ==================================================================
[  762.459772][ T3292] BUG: KASAN: null-ptr-deref in futex_wake+0x1ce/0x2f4
[  762.461129][ T3292] Read of size 8 at addr 0000000000000000 by task syz-executor.1/3292
[  762.462348][ T3292] 
[  762.463841][ T3292] CPU: 1 PID: 3292 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  762.465852][ T3292] Hardware name: riscv-virtio,qemu (DT)
[  762.467754][ T3292] Call Trace:
[  762.469159][ T3292] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  762.470431][ T3292] [<ffffffff831668cc>] show_stack+0x34/0x40
[  762.471900][ T3292] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  762.473176][ T3292] [<ffffffff80474da6>] kasan_report+0x1de/0x1e0
[  762.474549][ T3292] [<ffffffff80475b20>] __asan_load8+0x6e/0x96
[  762.476232][ T3292] [<ffffffff80198b2e>] futex_wake+0x1ce/0x2f4
[  762.477894][ T3292] [<ffffffff80194dbc>] do_futex+0x21a/0x284
[  762.479678][ T3292] [<ffffffff80194f1e>] sys_futex+0xf8/0x310
[  762.480878][ T3292] [<ffffffff80005716>] ret_from_syscall+0x0/0x2
[  762.482316][ T3292] ==================================================================
[  762.483494][ T3292] Disabling lock debugging due to kernel taint
[  762.486419][ T3292] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[  762.490127][ T3292] Oops [#1]
[  762.490839][ T3292] Modules linked in:
[  762.491926][ T3292] CPU: 1 PID: 3292 Comm: syz-executor.1 Tainted: G    B             5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  762.493296][ T3292] Hardware name: riscv-virtio,qemu (DT)
[  762.494840][ T3292] epc : futex_wake+0x1ce/0x2f4
[  762.495870][ T3292]  ra : futex_wake+0x1ce/0x2f4
[  762.496710][ T3292] epc : ffffffff80198b2e ra : ffffffff80198b2e sp : ffffaf800734fb70
[  762.498894][ T3292]  gp : ffffffff85863ac0 tp : ffffaf8009c0e100 t0 : ffffffff86bcb657
[  762.500268][ T3292]  t1 : fffff5ef0b53c90c t2 : 0000000000000000 s0 : ffffaf800734fcc0
[  762.501230][ T3292]  s1 : ffffaf801063bd48 a0 : 0000000000000001 a1 : 0000000000000003
[  762.502128][ T3292]  a2 : 1ffff5f001381c21 a3 : ffffffff831afd3a a4 : 0000000000000000
[  762.503069][ T3292]  a5 : ffffaf8009c0f100 a6 : 0000000000f00000 a7 : ffffaf805a9e4863
[  762.504006][ T3292]  s2 : ffffffffffffffe8 s3 : ffffaf800734fc40 s4 : 0000000000000000
[  762.504993][ T3292]  s5 : 0000000000000000 s6 : ffffffffffffffff s7 : ffffaf80093fc5c8
[  762.505918][ T3292]  s8 : 00000000000f4240 s9 : ffffaf800734fbc0 s10: 000000000011b000
[  762.506900][ T3292]  s11: ffffaf800db0d3c8 t3 : 0000000061736944 t4 : fffff5ef0b53c90c
[  762.509042][ T3292]  t5 : fffff5ef0b53c90d t6 : ffffaf800734f5b8
[  762.509833][ T3292] status: 0000000000000120 badaddr: 0000000000000000 cause: 000000000000000d
[  762.510900][ T3292] [<ffffffff80194dbc>] do_futex+0x21a/0x284
[  762.512542][ T3292] [<ffffffff80194f1e>] sys_futex+0xf8/0x310
[  762.513589][ T3292] [<ffffffff80005716>] ret_from_syscall+0x0/0x2
[  762.516146][ T3292] ---[ end trace 0000000000000000 ]---
[  762.518597][ T3292] Kernel panic - not syncing: Fatal exception
[  762.519531][ T3292] SMP: stopping secondary CPUs
[  762.521103][ T3292] Rebooting in 86400 seconds..

VM DIAGNOSIS:
08:41:01  Registers:
info registers vcpu 0
 pc       ffffffff8011dae0
 mhartid  0000000000000000
 mstatus  00000000000000a0
 mip      00000000000000a2
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8011dbdc
 sepc     000000000003a530
 mcause   8000000000000003
 scause   0000000000000008
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff8011dac4 x2/sp ffffaf800734fa80 x3/gp ffffffff85863ac0
 x4/tp ffffaf8009c0e100 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0b0caa0 x7/t2 0000000000000000
 x8/s0 ffffaf800734fac0 x9/s1 0000000000000001 x10/a0 0000000000000001 x11/a1 0000000000000004
 x12/a2 0000000000000001 x13/a3 ffffffff8011dac4 x14/a4 0000000000000000 x15/a5 ffffffff85865500
 x16/a6 ffffffff85865500 x17/a7 ffffffff85865503 x18/s2 ffffffffffffffff x19/s3 ffffffffffffffff
 x20/s4 0000000000000000 x21/s5 0000000000000001 x22/s6 ffffffffffffffff x23/s7 ffffaf80093fc5c8
 x24/s8 00000000000f4240 x25/s9 ffffaf800734fbc0 x26/s10 000000000011b000 x27/s11 ffffaf800db0d3c8
 x28/t3 fffffffff3f3f300 x29/t4 fffffffef0b0caa0 x30/t5 fffffffef0b0caa1 x31/t6 ffffaf800734f5f8
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff80119e9a
 mhartid  0000000000000001
 mstatus  00000000000000a2
 mip      0000000000000000
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000ff08
 sepc     0000000000039214
 mcause   0000000000000009
 scause   0000000000000008
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff8005c49c x2/sp ffffaf801c857b60 x3/gp ffffffff85863ac0
 x4/tp ffffaf800eacb080 x5/t0 0000000000000820 x6/t1 c2c3b9517172bb00 x7/t2 00007ffff15481b7
 x8/s0 ffffaf801c857a00 x9/s1 ffffaf800eacb080 x10/a0 ffffffff84b782f0 x11/a1 ffffffffffffffff
 x12/a2 0000000000000002 x13/a3 ffffffff831a24bc x14/a4 0000000000000000 x15/a5 ffffaf805a9c8840
 x16/a6 0000000000f00000 x17/a7 ffffffff8005c1fc x18/s2 0000000000000001 x19/s3 ffffaf800eacb080
 x20/s4 ffffffff838a0620 x21/s5 ffffffffffffffff x22/s6 ffffaf801c857c70 x23/s7 0000000000001000
 x24/s8 ffffaf801c857c28 x25/s9 ffffaf801c857c48 x26/s10 0000000000000000 x27/s11 ffffaf800eacb688
 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f00390af18 x31/t6 002cb41780000000
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000