last executing test programs:

2.492320581s ago: executing program 1 (id=4579):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVex:Di', 0x0)

2.384351293s ago: executing program 1 (id=4581):
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40004}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001100)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x0, 0x1}}]}}]}, 0x40}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2.355834726s ago: executing program 2 (id=4582):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x5, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r1}, 0x10)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0xffffffffffffffb6)

2.260000128s ago: executing program 2 (id=4583):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000c"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000080021850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$tipc(0x1e, 0x5, 0x0)
r3 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f0000000280)={&(0x7f0000000040), 0x10, 0x0}, 0x0)

2.246932009s ago: executing program 3 (id=4584):
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @rand_addr=0x64010105}, {0x0, @remote}, 0x1c, {0x2, 0x4e1f, @remote}, 'veth0\x00'})
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
preadv(r1, &(0x7f0000000040)=[{&(0x7f0000000200)=""/218, 0xda}], 0x1, 0xffff, 0x0)
r2 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsmount(r2, 0x0, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
setrlimit(0x40000000000008, &(0x7f0000000000))
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket(0x40000000015, 0x5, 0x0)
connect$inet6(r4, &(0x7f0000002a00)={0xa, 0x0, 0x0, @private2}, 0x35)
getsockname$packet(r4, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0x4, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r5, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0xf401, {}, {}, @raw32={[0x2600]}}], 0xffc8)
syz_clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0], 0x1}, 0x58)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x40086602, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)

2.15162216s ago: executing program 1 (id=4586):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="190000000400000008000000ff"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
r2 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r2, &(0x7f0000000380)={&(0x7f0000000080)={0x2, 0x4e23, @multicast2=0xe0000001}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000000)='&', 0xffe3}], 0x1, &(0x7f00000003c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xd}, @broadcast}}}], 0x20}, 0x0)

2.119168244s ago: executing program 2 (id=4587):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x7, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)='%-5lx  \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
epoll_create1(0x0)

1.900603509s ago: executing program 1 (id=4588):
syz_io_uring_setup(0x5c23, &(0x7f0000000240)={0x0, 0xfffffffd, 0x13290, 0x0, 0xfffffffd}, &(0x7f0000000440)=<r0=>0x0, &(0x7f0000000080)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000140)=@IORING_OP_RENAMEAT={0x23, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000050000000200"], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000002000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB="000000000000000000000000000060a158644279", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000500)={{r3}, &(0x7f0000000580), &(0x7f00000004c0)='%-5lx  \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r4, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
ppoll(&(0x7f0000000280)=[{r5}], 0x1, 0x0, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f0000000200)={'tunl0\x00', @local})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = syz_open_dev$loop(&(0x7f00000005c0), 0x10000, 0x10d480)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r7, &(0x7f0000001000), 0xe09)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r7, 0x1000, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac00", "90be8b1c559265406c09306003d8002000", [0x0, 0x2]}})

1.900083129s ago: executing program 2 (id=4589):
clock_gettime(0x0, &(0x7f00000000c0))
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0xb8}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b800000019000100"/28, @ANYRES32], 0xb8}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000300000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0x0, '.\x00'}})
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000340)={0x2, {0x2, 0x1, 0x0, 0x6, 0x8001, 0x2}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000001c0)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r7, 0x4c81, 0xb)

1.862306194s ago: executing program 3 (id=4590):
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$rds(0x15, 0x5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
socket(0xa, 0x3, 0x3a)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x18, 0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c25000000000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = syz_io_uring_setup(0x24f9, &(0x7f0000000180)={0x0, 0x0, 0x10100, 0x0, 0x1000000}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='rdma.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

1.542627871s ago: executing program 3 (id=4592):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000002100)={0x1, 'ip6gre0\x00'}, 0x18)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000000)={0x1, 'dummy0\x00'}, 0x18)

848.105101ms ago: executing program 3 (id=4593):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
syz_usbip_server_init(0x1)

828.135013ms ago: executing program 2 (id=4594):
syz_mount_image$vfat(&(0x7f0000000580), &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00faffffff"], 0x1, 0x576, &(0x7f0000000640)="$eJzs2sFqE10YBuDvb/u3xc1kYTfiYsCNq5L2ChykhWJAqGShKwebQsmEwgQCycK6c+XC2/ByvACvo4tCJJkQE41ubBk1zwPhvHDyhm82mbM4rx/2umeX/fOPH77E7pM0NiJi4zqiMU2V/2brxjRvx6J3AQD8bU5P86zuGbhbZZnlkzPczg877U+1DAQAAAAAAAAAAMBvc/8fANaP+///vrLM8u3Z+W2Z+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAfa7H42T8i0/d8wEAt8/7HwDWz4uXr55lrdbRaZruRhTvB+1Bu1qr/ew8LqKITjQjiZuI8VyVj09aR810qhF7vauqP1k3l/sHkURjdf+g6qfL/f/j3mL/MJK4v7p/uLK/HY8fLfT3I4nPb+IyijiLSfdb/+1Bmj593vquvzP9HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKyT/XSuEXu9q0F70I6YrJvV/v7P9qt+dh4XUUQnmpHETcR4rsrHJ62j5uwHlvtb8WCr3mcHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlvWHo25eFJ1SEARhHur+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOrSH466eVF0yn7dkwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf4r+cNTNi6JT3mGo+xkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuH1fAwAA//9JmLyV")
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000000))
r0 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r0, 0x1)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
pread64(r1, &(0x7f0000000300)=""/246, 0xf6, 0x0)

781.647729ms ago: executing program 1 (id=4595):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000000)=0x7ffffffd, 0x4)
write$binfmt_script(r1, 0x0, 0x6f4000)

639.085115ms ago: executing program 1 (id=4598):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newtclass={0x454, 0x28, 0x0, 0x0, 0x0, {}, [@tclass_kind_options=@c_netem={0xa}, @tclass_kind_options=@c_cake={0x9}, @TCA_RATE={0x6}, @tclass_kind_options=@c_htb={{0x8}, {0x408, 0x2, [@TCA_HTB_CTAB={0x404, 0x3, [0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x846e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}]}}]}, 0x454}}, 0x0)
pipe2$9p(&(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r3 = dup(r2)
write$P9_RLERRORu(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r3, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}}}, 0x30)
write$binfmt_elf64(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="7f450700000053c407cd"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
chdir(&(0x7f0000000100)='./file0\x00')
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)

535.169317ms ago: executing program 0 (id=4600):
socket(0x1e, 0x4, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000340), 0x0)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x1c, 0x52, 0x1, 0x0, 0x0, {0xa}, [@typed={0x8, 0x7, 0x0, 0x0, @uid}]}, 0x1c}}, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, <r2=>0x0}, 0x0)
setresuid(0x0, r2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x85, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

529.407898ms ago: executing program 2 (id=4601):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.u'}, 0x15)
pipe2$9p(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x30)
write$binfmt_elf64(r2, 0x0, 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000001440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_none}, {@access_client}], [], 0x6b}})

466.844185ms ago: executing program 4 (id=4603):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000002100)={0x1, 'ip6gre0\x00'}, 0x18)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000000)={0x1, 'dummy0\x00'}, 0x18)

444.442308ms ago: executing program 0 (id=4604):
r0 = socket(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e)
mount$9p_tcp(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=t'])

374.868726ms ago: executing program 4 (id=4605):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x0)

280.989337ms ago: executing program 4 (id=4606):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000d00)='kfree\x00', r0}, 0x10)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f0000000100)="01000000020000000000006bb55a2a630b00c145f94cd977", 0x18, 0xffffffffffffffff)

280.868957ms ago: executing program 0 (id=4607):
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x10, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x80000000}]}}]}, 0x40}}, 0x0)

254.82284ms ago: executing program 4 (id=4608):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
rt_sigsuspend(0x0, 0x0)

254.28541ms ago: executing program 0 (id=4609):
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40004}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001100)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x0, 0x1}}]}}]}, 0x40}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

208.129536ms ago: executing program 0 (id=4610):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYRES32=r1], 0x48}}, 0x0)
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$team(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010600000000000000000300000008000100", @ANYRES32=r3], 0x60}}, 0x0)

207.965765ms ago: executing program 4 (id=4611):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$lock(r0, 0x26, &(0x7f0000000000))
r1 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r1, 0x1)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
pread64(r2, &(0x7f0000000300)=""/246, 0xf6, 0x0)

152.499802ms ago: executing program 4 (id=4612):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000010000400000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r2}, 0x18)
r3 = openat(0xffffffffffffff9c, 0x0, 0x143042, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x99, 0xb, 0x0, r3, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='btrfs_sync_file\x00', 0xffffffffffffffff, 0x0, 0x7}, 0x18)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x2, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYRESDEC=r4, @ANYRESHEX=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
r6 = socket(0x28, 0x80000, 0x0)
connect$vsock_stream(r6, &(0x7f00000003c0)={0x28, 0x0, 0xffffffff, @hyper}, 0x10)
connect$vsock_stream(r6, &(0x7f0000000000)={0x28, 0x0, 0x2711, @host}, 0x10)
syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000300)='./file1\x00', 0x10, &(0x7f0000000580)={[], [{@fowner_gt}, {@dont_appraise}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@dont_measure}, {@func={'func', 0x3d, 'FILE_CHECK'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'ext4\x00'}}, {@context={'context', 0x3d, 'user_u'}}, {@permit_directio}]}, 0x1, 0x254, &(0x7f00000006c0)="$eJzs3T1oJGUcBvBnZnc9c7fIqY0gfoCIaCCcnWBzNgoHchwiggonojbKRYgJdomVjYXWKqlsgtgZLSVNsFEEq6gpYiNosDBYaLGyOxvJx+qqm+zIze8HszPvzsd/Zneed7bY2Q3QWOeTXEzSSjKbpJOkOLjA3dVwfthcndm8mvR6T/xcDJar2pX99c4lWUnyUJKNssjL7WRp/ZmdX7ceu++txc69H6w/PTPVgxza3dl+fO/9y29+fOnBpS+//vFykYvpHjquk1eMeK5dJLecRrH/iaJd9x7wT1x5/aNv+rm/Nck9g/x3UqZ6895euGGjkwfe+6t13/npq9unua/Ayev1Ov1r4EoPaJwySTdFOZekmi7LubnqM/y3rbPlK/MLr82+NL947YW6eyrgpHST7Uc/PfPJuSP5/6FV5X+oVetOAqein/8nr6x915/ek3JohjuqUT//s88t3x/5h8aRf2iQFw+1SvmH5hqf/1q+ogNMges/NJf8Q3PJP1zHOn8/W/6hueQfmkv+obkO5h8AaJbembrvQAbqUnf/AwAAAAAAAAAAAAAAAAAAHLc6s3l1f5hWzc/fTXYfSdIeVb81+D/i5MbB49lfiv5ifyqq1Sby7F0TbmBCH9Z89/VN30/8Ek7kizvrrJ4sX0tW3khyod0+fv4Vw/Pvv7t5zPzO8xMW+JeKI+2Hn5pu/aN+X6u3/qWt5LN+/3NhVP9T5rbBeHT/0x3/E8tjvfrbhBsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgav4IAAD//7ANbcM=")
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000800), 0xffffffffffffffff)
r10 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000e80)='ns/net\x00')
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r8, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000ec0)={0x24, r9, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_NETNS_FD={0x8, 0x1d, r10}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r7, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r9, 0x200, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0xc000)
r11 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r11, 0x114, 0x8, &(0x7f0000000080), 0x4)
bind$inet(r11, &(0x7f0000000340)={0x2, 0x4e20, @local}, 0x10)
fcntl$dupfd(r1, 0x0, r1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

89.139549ms ago: executing program 3 (id=4613):
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000000)=ANY=[@ANYBLOB="000202"], 0x18)

88.405869ms ago: executing program 0 (id=4614):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f0000000000)={[{@orlov}]}, 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x6, 0x1008, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
r3 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
fallocate(r3, 0x0, 0x7, 0x2)
fallocate(r2, 0x0, 0x0, 0x10fff9)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xc, r3})

0s ago: executing program 3 (id=4615):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000025c0)=@newtfilter={0x458, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x3}, {}, {0xb}}, [@filter_kind_options=@f_bpf={{0x8}, {0x42c, 0x2, [@TCA_BPF_CLASSID={0x8, 0x3, {0xd, 0xfff1}}, @TCA_BPF_POLICE={0x408, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0xca, 0xfff, 0x6, 0x1, 0x5, 0x5, 0xfffffa91, 0x7, 0x6, 0x9, 0x3, 0x7, 0x9, 0xb63, 0x2, 0x7fffffff, 0x2, 0x0, 0x16332219, 0x6, 0x5, 0x9, 0x4, 0x892, 0x76d2, 0x5, 0x1, 0x5, 0x4, 0x1000, 0x3, 0x6399, 0x2, 0x9, 0xffff, 0x6, 0x6, 0x2, 0x9, 0x963f, 0x7, 0x2, 0x9, 0x7, 0x5, 0x401, 0xa, 0x5, 0x10000, 0xa, 0x2, 0x400, 0x7, 0x8, 0x8, 0x4, 0x1, 0x6, 0x5, 0x3, 0x10000, 0x1ff, 0x3, 0x555f699e, 0x6733, 0x9, 0x8, 0x3, 0x1, 0x7ff, 0xff, 0xe58, 0x4, 0x1, 0x35ae4f7a, 0xe66, 0xac0c, 0x9, 0x1, 0x101, 0x5, 0xc, 0x0, 0x4, 0x4, 0x9, 0x199, 0xe, 0x7, 0x2, 0x2, 0x6, 0x9, 0x0, 0xb, 0x9, 0xffffffff, 0x3, 0xfff, 0x12000, 0x3, 0x8, 0x800, 0x1, 0x0, 0x2, 0x591, 0x7f, 0x6586, 0xa6, 0x1, 0x7, 0x9, 0x2, 0xfffffff8, 0x4, 0x2, 0x21, 0x2, 0x9, 0xc, 0x80000000, 0xffffff7f, 0xa, 0x4, 0x3, 0x3, 0x0, 0x25, 0x101, 0x1ff, 0x4, 0x7, 0x4, 0xf, 0x1, 0x8, 0x8, 0x9, 0xffffc115, 0xffffffff, 0x75fe, 0x0, 0x400, 0x0, 0x200, 0x6, 0x3, 0x5, 0x4, 0x0, 0x20b4, 0x43, 0x0, 0x5d0, 0x8, 0x6, 0x7, 0x0, 0x4dd, 0x1, 0xa46d, 0xac2c, 0x7d8, 0x2, 0x8000, 0x5, 0x8, 0x8, 0x8, 0x9, 0xffff, 0x9, 0x9, 0x49, 0x7fff, 0x5, 0xbe, 0x5e58e91d, 0x4, 0x8, 0x4, 0x13, 0x9db00, 0x976a, 0x4, 0x24, 0x2, 0xfffffffd, 0x4, 0x80000001, 0x0, 0x1, 0x6, 0x0, 0x0, 0xffffff01, 0xffff, 0x1, 0x7ff, 0x0, 0x0, 0x6, 0x1ff, 0xf, 0x3ee8, 0x10, 0x4, 0x0, 0x8, 0xfffffff9, 0x0, 0x2, 0x0, 0x0, 0xef5, 0x7f, 0x3, 0x6, 0x5, 0x5, 0x44, 0x0, 0x9, 0x10, 0x9, 0x4, 0xecd, 0x0, 0x4dc93154, 0x9, 0x9, 0x4, 0x1, 0x42e9, 0x5, 0x280, 0x4a, 0xffffffff, 0x2, 0xfffffffd, 0x7, 0x1e8c, 0xfffffffa, 0x10001, 0x7, 0x101, 0x6, 0x4, 0x80000000, 0x80000000, 0x2, 0xc, 0x8, 0x8000, 0x32d]}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}, @TCA_BPF_POLICE={0x4}, @TCA_BPF_OPS={{0x6}, {0x4}}]}}]}, 0x458}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

kernel console output (not intermixed with test programs):

28] device geneve0 entered promiscuous mode
[  820.850067][   T26] audit: type=1326 audit(2000000135.260:3713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16718 comm="syz.1.4034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb42f97dff9 code=0x7ffc0000
[  820.913256][   T26] audit: type=1326 audit(2000000135.260:3714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16718 comm="syz.1.4034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb42f97dff9 code=0x7ffc0000
[  820.941230][T16732] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4036'.
[  820.949944][T16728] bond0: (slave geneve0): Enslaving as an active interface with an up link
[  821.136521][T16593] 8021q: adding VLAN 0 to HW filter on device bond0
[  821.165895][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  821.183346][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  821.206627][T16593] 8021q: adding VLAN 0 to HW filter on device team0
[  821.241856][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  821.261354][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  821.285722][ T3704] bridge0: port 1(bridge_slave_0) entered blocking state
[  821.293014][ T3704] bridge0: port 1(bridge_slave_0) entered forwarding state
[  821.306960][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  821.332097][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  821.342334][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  821.356869][T16748] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4044'.
[  821.357113][T16746] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  821.375196][T10242] bridge0: port 2(bridge_slave_1) entered blocking state
[  821.382355][T10242] bridge0: port 2(bridge_slave_1) entered forwarding state
[  821.391587][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  821.410376][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  821.422348][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  821.435530][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  821.462005][T16746] loop1: detected capacity change from 0 to 256
[  821.483781][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  821.498212][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  821.510113][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  821.519779][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  821.528841][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  821.545780][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  821.561230][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  821.575750][T16593] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  821.613814][T16746] device syzkaller1 entered promiscuous mode
[  822.048172][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  822.056367][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  822.077802][T16593] 8021q: adding VLAN 0 to HW filter on device batadv0
[  822.117999][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  822.127093][T16784] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  822.148025][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  822.206724][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  822.249326][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  822.271310][T16593] device veth0_vlan entered promiscuous mode
[  822.290231][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  822.310008][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  822.337895][T16593] device veth1_vlan entered promiscuous mode
[  822.404073][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  822.420099][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  822.441082][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  822.458186][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  822.478466][T16593] device veth0_macvtap entered promiscuous mode
[  822.508284][T16593] device veth1_macvtap entered promiscuous mode
[  822.552046][T16593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  822.574710][T16593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  822.591432][T16593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  822.606910][T16593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  822.617052][T16593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  822.627732][T16593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  822.637872][T16593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  822.649166][T16593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  822.668049][T16593] batman_adv: batadv0: Interface activated: batadv_slave_0
[  822.678370][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  822.690340][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  822.698747][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  822.708327][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  822.722102][T16593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  822.733704][T16593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  822.748510][T16593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  822.776432][T16593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  822.789866][T16593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  822.800666][T16593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  822.800972][T16806] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4064'.
[  822.810548][T16593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  822.810567][T16593] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  822.812211][T16593] batman_adv: batadv0: Interface activated: batadv_slave_1
[  822.851130][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  822.874618][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  822.892750][T16593] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  822.911219][T16593] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  822.926170][T16593] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  822.939844][T16808] syz.0.4065[16808] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  822.939934][T16808] syz.0.4065[16808] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  822.951533][T16593] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  823.082064][ T3870] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  823.106368][ T3870] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  823.144276][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  823.158294][T10242] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  823.170419][T10242] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  823.184913][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  823.486225][T16830] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4074'.
[  823.527494][T16832] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4075'.
[  823.553006][T16832] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4075'.
[  824.122128][T16857] loop2: detected capacity change from 0 to 128
[  824.162933][T16857] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  824.297484][T10242] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  824.369882][T16867] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4089'.
[  824.543137][T16878] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4091'.
[  824.848216][T16895] loop4: detected capacity change from 0 to 1024
[  824.876315][T16895] EXT4-fs: Ignoring removed orlov option
[  824.885152][T16899] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4103'.
[  824.901860][T16895] EXT4-fs (loop4): Test dummy encryption mode enabled
[  824.971606][T16895] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  825.049690][   T26] kauditd_printk_skb: 28 callbacks suppressed
[  825.049706][   T26] audit: type=1326 audit(2000000140.640:3743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16904 comm="syz.3.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  825.234851][   T26] audit: type=1326 audit(2000000140.640:3744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16904 comm="syz.3.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  825.298566][   T26] audit: type=1326 audit(2000000140.690:3745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16904 comm="syz.3.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  825.726375][   T26] audit: type=1326 audit(2000000140.690:3746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16904 comm="syz.3.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  826.025563][   T26] audit: type=1326 audit(2000000140.690:3747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16904 comm="syz.3.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  826.093394][   T26] audit: type=1326 audit(2000000140.690:3748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16904 comm="syz.3.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  826.280990][   T26] audit: type=1326 audit(2000000140.690:3749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16904 comm="syz.3.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  826.299448][T16925] loop0: detected capacity change from 0 to 512
[  826.339169][   T26] audit: type=1326 audit(2000000140.690:3750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16904 comm="syz.3.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  826.389083][T16925] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  826.403549][   T26] audit: type=1326 audit(2000000140.690:3751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16904 comm="syz.3.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  826.445583][T16925] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #16: comm syz.0.4112: invalid indirect mapped block 512 (level 0)
[  826.490422][T16925] EXT4-fs (loop0): Remounting filesystem read-only
[  826.497261][T16925] EXT4-fs (loop0): 1 orphan inode deleted
[  826.507376][T16925] EXT4-fs (loop0): 1 truncate cleaned up
[  826.510005][T16158] EXT4-fs (loop4): unmounting filesystem.
[  826.514065][T16925] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  826.519743][   T26] audit: type=1326 audit(2000000140.690:3752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16904 comm="syz.3.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  826.630043][T14678] EXT4-fs (loop0): unmounting filesystem.
[  826.753047][T16942] loop2: detected capacity change from 0 to 512
[  826.818738][T16942] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  826.829180][T16942] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  826.862153][T16942] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 3: comm syz.2.4120: path /12/file1: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[  826.902665][T16942] EXT4-fs (loop2): Remounting filesystem read-only
[  827.058380][T16593] EXT4-fs (loop2): unmounting filesystem.
[  828.109304][T16977] syz.4.4134[16977] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  828.109401][T16977] syz.4.4134[16977] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  828.192364][T16981] program syz.2.4137 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  828.250283][T16985] device ip_vti0 entered promiscuous mode
[  828.256806][T16985] device vlan2 entered promiscuous mode
[  828.916645][T17012] loop2: detected capacity change from 0 to 1024
[  828.966855][T17012] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  829.183388][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.200166][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.215381][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.229002][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.238473][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.249861][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.264332][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.272145][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.279834][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.287428][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.295112][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.306234][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.313996][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.321799][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.329394][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.336997][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.349943][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.357614][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.365304][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.373001][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.380556][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.387971][ T6381] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  829.396202][ T6381] hid-generic 0000:0000:0000.000A: hidraw0: <UNKNOWN> HID vffffff.fe Device [syz0] on syz1
[  829.572089][T17029] loop3: detected capacity change from 2048 to 64
[  829.702551][T10242] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  829.723255][T10242] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1956 with error 28
[  829.735933][T10242] EXT4-fs (loop2): This should not happen!! Data will be lost
[  829.735933][T10242] 
[  829.745643][T10242] EXT4-fs (loop2): Total free blocks count 0
[  829.752778][T10242] EXT4-fs (loop2): Free/Dirty block details
[  829.758697][T10242] EXT4-fs (loop2): free_blocks=68451041280
[  829.764563][T10242] EXT4-fs (loop2): dirty_blocks=1968
[  829.770013][T10242] EXT4-fs (loop2): Block reservation details
[  829.776099][T10242] EXT4-fs (loop2): i_reserved_data_blocks=123
[  829.853846][T16593] EXT4-fs (loop2): unmounting filesystem.
[  830.046125][T17039] EXT4-fs warning (device sda1): ext4_resize_fs:2028: can't read last block, resize aborted
[  830.375393][T17046] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4161'.
[  830.920065][ T3646] Bluetooth: hci4: command 0x0406 tx timeout
[  831.807104][T17059] loop4: detected capacity change from 0 to 512
[  831.839757][T17059] EXT4-fs: Ignoring removed bh option
[  831.858567][T17060] loop0: detected capacity change from 0 to 512
[  831.861882][T17059] EXT4-fs error (device loop4): __ext4_iget:5055: inode #15: block 1803188595: comm syz.4.4166: invalid block
[  831.898834][T17059] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.4166: couldn't read orphan inode 15 (err -117)
[  831.922530][T17059] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  831.953654][T17060] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  831.975324][   T26] kauditd_printk_skb: 79 callbacks suppressed
[  831.975351][   T26] audit: type=1800 audit(2000000147.560:3832): pid=17059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4166" name="bus" dev="loop4" ino=18 res=0 errno=0
[  832.025628][T17060] ext4 filesystem being mounted at /250/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  832.065839][T17059] loop4: detected capacity change from 512 to 64
[  832.109845][T14678] EXT4-fs (loop0): unmounting filesystem.
[  832.226727][   T26] audit: type=1326 audit(2000000147.810:3833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17068 comm="syz.3.4170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  832.290987][   T26] audit: type=1326 audit(2000000147.840:3834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17068 comm="syz.3.4170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  832.363032][   T26] audit: type=1326 audit(2000000147.850:3835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17068 comm="syz.3.4170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  832.414518][T17073] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4172'.
[  832.422242][   T26] audit: type=1326 audit(2000000147.850:3836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17068 comm="syz.3.4170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  832.474124][   T26] audit: type=1326 audit(2000000147.850:3837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17068 comm="syz.3.4170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  832.519973][T16318] kmmpd-loop3: attempt to access beyond end of device
[  832.519973][T16318] loop3: rw=14337, sector=256, nr_sectors = 4 limit=64
[  832.549091][   T26] audit: type=1326 audit(2000000147.850:3838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17068 comm="syz.3.4170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  832.579179][T16318] Buffer I/O error on dev loop3, logical block 64, lost sync page write
[  832.609182][T16318] EXT4-fs error (device loop3): kmmpd:186: comm kmmpd-loop3: Error writing to MMP block
[  832.640221][   T26] audit: type=1326 audit(2000000147.850:3839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17068 comm="syz.3.4170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  832.708967][   T26] audit: type=1326 audit(2000000147.850:3840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17068 comm="syz.3.4170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  832.759064][   T26] audit: type=1326 audit(2000000147.850:3841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17068 comm="syz.3.4170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  832.871052][T17084] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  832.883832][T16445] EXT4-fs (loop4): unmounting filesystem.
[  833.190143][T17098] loop0: detected capacity change from 0 to 512
[  833.228105][T17098] EXT4-fs: Ignoring removed bh option
[  833.255926][T10242] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  833.302676][T17098] EXT4-fs error (device loop0): __ext4_iget:5055: inode #15: block 1803188595: comm syz.0.4182: invalid block
[  833.321543][T17098] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.4182: couldn't read orphan inode 15 (err -117)
[  833.339052][T17103] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4186'.
[  833.349645][T17098] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  833.396599][T10242] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  833.434223][T17098] loop0: detected capacity change from 512 to 64
[  833.458768][T10242] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  833.588693][T10242] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  833.890306][ T3653] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  833.901286][ T3653] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  833.911339][ T3653] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  833.920912][ T3653] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  833.928354][ T3653] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  833.935630][ T3653] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  834.153716][T16188] EXT4-fs (loop0): unmounting filesystem.
[  834.260646][T16188] bridge0: port 3(syz_tun) entered disabled state
[  834.372096][T16188] device syz_tun left promiscuous mode
[  834.392306][T16188] bridge0: port 3(syz_tun) entered disabled state
[  834.576483][T17117] chnl_net:caif_netlink_parms(): no params data found
[  834.937667][T17117] bridge0: port 1(bridge_slave_0) entered blocking state
[  834.956257][T17117] bridge0: port 1(bridge_slave_0) entered disabled state
[  834.980109][T17117] device bridge_slave_0 entered promiscuous mode
[  835.052449][T17117] bridge0: port 2(bridge_slave_1) entered blocking state
[  835.074670][T17117] bridge0: port 2(bridge_slave_1) entered disabled state
[  835.085791][T17117] device bridge_slave_1 entered promiscuous mode
[  835.276882][T17139] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4200'.
[  835.286696][ T3653] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  835.300758][T17117] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  835.303067][ T3653] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  835.322591][T17117] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  835.331881][ T3653] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  835.347848][ T3653] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  835.359663][ T3653] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  835.367019][ T3653] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  835.501882][T17117] team0: Port device team_slave_0 added
[  835.541712][T17117] team0: Port device team_slave_1 added
[  835.645677][T17153] syz.2.4205 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  835.764353][T10242] device hsr_slave_0 left promiscuous mode
[  835.776702][T10242] device hsr_slave_1 left promiscuous mode
[  835.783932][T10242] batman_adv: batadv0: Interface deactivated: dummy0
[  835.799056][T10242] batman_adv: batadv0: Removing interface: dummy0
[  835.806159][T10242] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  835.820802][T10242] batman_adv: batadv0: Removing interface: batadv_slave_0
[  835.828722][T10242] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  835.841642][T10242] batman_adv: batadv0: Removing interface: batadv_slave_1
[  835.852928][T10242] device bridge_slave_1 left promiscuous mode
[  835.865229][T10242] bridge0: port 2(bridge_slave_1) entered disabled state
[  835.871967][T17162] loop2: detected capacity change from 0 to 512
[  835.879722][T17162] EXT4-fs: Ignoring removed bh option
[  835.889804][T10242] device bridge_slave_0 left promiscuous mode
[  835.896052][T17162] EXT4-fs error (device loop2): __ext4_iget:5055: inode #15: block 1803188595: comm syz.2.4208: invalid block
[  835.896091][T10242] bridge0: port 1(bridge_slave_0) entered disabled state
[  835.919823][T17162] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.4208: couldn't read orphan inode 15 (err -117)
[  835.952942][T17162] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  835.962694][T10242] device veth1_macvtap left promiscuous mode
[  835.968777][T10242] device veth0_macvtap left promiscuous mode
[  835.975117][T10242] device veth1_vlan left promiscuous mode
[  835.983125][T10242] device veth0_vlan left promiscuous mode
[  835.994530][T17166] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4210'.
[  836.029018][T17162] loop2: detected capacity change from 512 to 64
[  836.039173][ T3657] Bluetooth: hci1: command tx timeout
[  837.132597][T16839] EXT4-fs (loop2): unmounting filesystem.
[  837.328228][T10242] team0 (unregistering): Port device team_slave_1 removed
[  837.373740][T10242] team0 (unregistering): Port device team_slave_0 removed
[  837.422237][T10242] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  837.466931][T10242] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  837.485694][ T3657] Bluetooth: hci4: command tx timeout
[  837.564825][T16318] kmmpd-loop3: attempt to access beyond end of device
[  837.564825][T16318] loop3: rw=14337, sector=256, nr_sectors = 4 limit=64
[  837.579776][T16318] Buffer I/O error on dev loop3, logical block 64, lost sync page write
[  837.971423][T10242] bond0 (unregistering): Released all slaves
[  838.057546][T17117] batman_adv: batadv0: Adding interface: batadv_slave_0
[  838.067038][T17117] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  838.101131][T17117] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  838.120345][ T3657] Bluetooth: hci1: command tx timeout
[  838.143565][T17171] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  838.151853][T17171] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  838.160391][T17171] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[  838.257989][T17117] batman_adv: batadv0: Adding interface: batadv_slave_1
[  838.272143][T17117] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  838.323643][T17117] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  838.348936][ T3646] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  838.358382][ T3646] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  838.368616][ T3646] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  838.383424][ T3646] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  838.391775][ T3646] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  838.404990][ T3646] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  838.592595][T17117] device hsr_slave_0 entered promiscuous mode
[  838.625772][T17117] device hsr_slave_1 entered promiscuous mode
[  838.632609][T17117] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  838.659115][T17117] Cannot create hsr debugfs directory
[  838.786602][ T3653] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  838.796204][ T3653] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  838.804837][ T3653] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  838.813786][ T3653] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  838.823357][ T3653] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  838.837799][ T3653] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  838.968276][T17141] chnl_net:caif_netlink_parms(): no params data found
[  839.135410][T17191] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4219'.
[  839.305943][T17176] chnl_net:caif_netlink_parms(): no params data found
[  839.316484][T17141] bridge0: port 1(bridge_slave_0) entered blocking state
[  839.324033][T17141] bridge0: port 1(bridge_slave_0) entered disabled state
[  839.334253][T17141] device bridge_slave_0 entered promiscuous mode
[  839.344109][T17141] bridge0: port 2(bridge_slave_1) entered blocking state
[  839.351407][T17141] bridge0: port 2(bridge_slave_1) entered disabled state
[  839.361813][T17141] device bridge_slave_1 entered promiscuous mode
[  839.390710][T17199] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4221'.
[  839.400114][T17199] netlink: 84 bytes leftover after parsing attributes in process `syz.3.4221'.
[  839.511569][T10242] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  839.530121][T17141] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  839.551960][T17202] netlink: 'syz.3.4222': attribute type 4 has an invalid length.
[  839.559931][ T3657] Bluetooth: hci4: command tx timeout
[  839.580204][T17141] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  839.599903][T17202] netlink: 'syz.3.4222': attribute type 4 has an invalid length.
[  839.611163][T17181] chnl_net:caif_netlink_parms(): no params data found
[  839.658484][T10242] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  839.706689][T17141] team0: Port device team_slave_0 added
[  839.735507][T17176] bridge0: port 1(bridge_slave_0) entered blocking state
[  839.744763][T17176] bridge0: port 1(bridge_slave_0) entered disabled state
[  839.753860][T17176] device bridge_slave_0 entered promiscuous mode
[  839.762064][T17176] bridge0: port 2(bridge_slave_1) entered blocking state
[  839.769208][T17176] bridge0: port 2(bridge_slave_1) entered disabled state
[  839.777124][T17176] device bridge_slave_1 entered promiscuous mode
[  839.787403][T17141] team0: Port device team_slave_1 added
[  839.876348][T10242] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  839.902950][T17141] batman_adv: batadv0: Adding interface: batadv_slave_0
[  839.910660][T17141] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  839.936859][T17141] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  839.998067][T17176] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  840.020196][T17141] batman_adv: batadv0: Adding interface: batadv_slave_1
[  840.027247][T17141] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  840.059304][T17141] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  840.071255][T17181] bridge0: port 1(bridge_slave_0) entered blocking state
[  840.078349][T17181] bridge0: port 1(bridge_slave_0) entered disabled state
[  840.087561][T17181] device bridge_slave_0 entered promiscuous mode
[  840.122610][T10242] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  840.137932][T17176] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  840.160353][T17181] bridge0: port 2(bridge_slave_1) entered blocking state
[  840.167440][T17181] bridge0: port 2(bridge_slave_1) entered disabled state
[  840.176586][T17181] device bridge_slave_1 entered promiscuous mode
[  840.199174][ T3657] Bluetooth: hci1: command tx timeout
[  840.257250][T17176] team0: Port device team_slave_0 added
[  840.295540][T17117] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  840.339464][T17219] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4227'.
[  840.355035][T17176] team0: Port device team_slave_1 added
[  840.366912][T17141] device hsr_slave_0 entered promiscuous mode
[  840.375652][T17141] device hsr_slave_1 entered promiscuous mode
[  840.382331][T17141] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  840.390720][T17141] Cannot create hsr debugfs directory
[  840.404274][T17117] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  840.416511][T17181] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  840.427670][T17221] syz.3.4228[17221] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  840.427760][T17221] syz.3.4228[17221] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  840.449133][ T3657] Bluetooth: hci5: command tx timeout
[  840.483600][T17117] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  840.494763][T17181] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  840.536870][T17117] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  840.555006][T17223] batman_adv: batadv0: Adding interface: dummy0
[  840.561453][T17223] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  840.588002][T17223] batman_adv: batadv0: Interface activated: dummy0
[  840.621049][T17176] batman_adv: batadv0: Adding interface: batadv_slave_0
[  840.628135][T17176] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  840.677317][T17176] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  840.706207][T17227] syz.3.4231[17227] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  840.706304][T17227] syz.3.4231[17227] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  840.743508][T10242] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  840.780572][T17176] batman_adv: batadv0: Adding interface: batadv_slave_1
[  840.787544][T17176] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  840.814767][T17176] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  840.833041][T17181] team0: Port device team_slave_0 added
[  840.870249][T17181] team0: Port device team_slave_1 added
[  840.896972][T10242] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  840.919714][ T3657] Bluetooth: hci7: command tx timeout
[  841.001883][T10242] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  841.014560][T17227] infiniband syz1: set active
[  841.019416][T17227] infiniband syz1: added veth0_virt_wifi
[  841.038979][T17176] device hsr_slave_0 entered promiscuous mode
[  841.045842][T17176] device hsr_slave_1 entered promiscuous mode
[  841.059218][T17176] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  841.066835][T17176] Cannot create hsr debugfs directory
[  841.082334][T17181] batman_adv: batadv0: Adding interface: batadv_slave_0
[  841.094768][T17227] RDS/IB: syz1: added
[  841.098303][T17181] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  841.099160][T17227] smc: adding ib device syz1 with port count 1
[  841.131698][T17227] smc:    ib device syz1 port 1 has pnetid 
[  841.141147][T17181] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  841.183153][T10242] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  841.196197][T17181] batman_adv: batadv0: Adding interface: batadv_slave_1
[  841.203594][T17181] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  841.229973][T17181] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  841.329846][T17181] device hsr_slave_0 entered promiscuous mode
[  841.336858][T17181] device hsr_slave_1 entered promiscuous mode
[  841.343914][T17181] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  841.351759][T17181] Cannot create hsr debugfs directory
[  841.639608][ T3657] Bluetooth: hci4: command tx timeout
[  841.663028][T17117] 8021q: adding VLAN 0 to HW filter on device bond0
[  841.684371][T17117] 8021q: adding VLAN 0 to HW filter on device team0
[  841.828097][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  841.836906][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  841.845286][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  841.853905][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  841.863034][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  841.870129][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  841.877954][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  841.886708][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  841.895457][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  841.902551][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  841.912060][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  841.987657][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  842.007736][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  842.064904][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  842.077103][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  842.093654][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  842.102941][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  842.158995][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  842.171499][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  842.180071][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  842.188423][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  842.197469][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  842.212198][T17117] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  842.280664][ T3657] Bluetooth: hci1: command tx timeout
[  842.519887][ T3657] Bluetooth: hci5: command tx timeout
[  842.592219][T17176] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.603384][T16318] kmmpd-loop3: attempt to access beyond end of device
[  842.603384][T16318] loop3: rw=14337, sector=256, nr_sectors = 4 limit=64
[  842.625565][T17141] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  842.667632][T16318] Buffer I/O error on dev loop3, logical block 64, lost sync page write
[  842.700112][T17141] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  842.710198][T17141] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  842.752025][T17176] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.767118][T17141] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  842.869856][T17176] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.896439][T17117] 8021q: adding VLAN 0 to HW filter on device batadv0
[  842.962587][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  842.973371][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  842.999565][ T3657] Bluetooth: hci7: command tx timeout
[  843.070452][T17176] team0: Port device netdevsim0 removed
[  843.078416][T17176] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  843.457871][T17141] 8021q: adding VLAN 0 to HW filter on device bond0
[  843.525406][T17141] 8021q: adding VLAN 0 to HW filter on device team0
[  843.555045][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  843.569732][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  843.718017][T17176] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  843.725047][ T3657] Bluetooth: hci4: command tx timeout
[  843.737605][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  843.748305][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  843.757261][ T3870] bridge0: port 1(bridge_slave_0) entered blocking state
[  843.764358][ T3870] bridge0: port 1(bridge_slave_0) entered forwarding state
[  843.773429][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  843.782620][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  843.791179][ T3870] bridge0: port 2(bridge_slave_1) entered blocking state
[  843.798248][ T3870] bridge0: port 2(bridge_slave_1) entered forwarding state
[  843.806434][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  843.816925][T17245] bridge0: port 3(syz_tun) entered blocking state
[  843.825670][T17245] bridge0: port 3(syz_tun) entered disabled state
[  843.834397][T17245] device syz_tun entered promiscuous mode
[  843.840771][T17245] bridge0: port 3(syz_tun) entered blocking state
[  843.848204][T17245] bridge0: port 3(syz_tun) entered forwarding state
[  843.856020][T17176] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  843.895267][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  843.910309][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  843.929874][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  844.025142][T17176] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  844.059868][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  844.069587][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  844.078548][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  844.088207][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  844.098373][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  844.116475][T17141] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  844.127415][T17141] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  844.139246][T17176] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  844.179243][T17117] device veth0_vlan entered promiscuous mode
[  844.223886][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  844.248066][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  844.267669][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  844.278277][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  844.297754][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  844.307028][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  844.324278][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  844.338078][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  844.349521][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  844.357608][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  844.381350][T17117] device veth1_vlan entered promiscuous mode
[  844.397335][T10242] device hsr_slave_0 left promiscuous mode
[  844.403817][T10242] device hsr_slave_1 left promiscuous mode
[  844.417935][T10242] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  844.425515][T10242] batman_adv: batadv0: Removing interface: batadv_slave_0
[  844.435592][T10242] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  844.444232][T10242] batman_adv: batadv0: Removing interface: batadv_slave_1
[  844.454050][T10242] device bridge_slave_1 left promiscuous mode
[  844.460786][T10242] bridge0: port 2(bridge_slave_1) entered disabled state
[  844.469818][T10242] device bridge_slave_0 left promiscuous mode
[  844.476002][T10242] bridge0: port 1(bridge_slave_0) entered disabled state
[  844.489485][T10242] device hsr_slave_0 left promiscuous mode
[  844.495734][T10242] device hsr_slave_1 left promiscuous mode
[  844.502705][T10242] device bridge_slave_1 left promiscuous mode
[  844.508864][T10242] bridge0: port 2(bridge_slave_1) entered disabled state
[  844.517038][T10242] device bridge_slave_0 left promiscuous mode
[  844.524412][T10242] bridge0: port 1(bridge_slave_0) entered disabled state
[  844.570508][T10242] device veth1_macvtap left promiscuous mode
[  844.576563][T10242] device veth0_macvtap left promiscuous mode
[  844.583330][T10242] device veth1_vlan left promiscuous mode
[  844.589856][T10242] device veth0_vlan left promiscuous mode
[  844.596693][T10242] device veth1_macvtap left promiscuous mode
[  844.603201][ T3657] Bluetooth: hci5: command tx timeout
[  844.609853][T10242] device veth0_macvtap left promiscuous mode
[  844.616051][T10242] device veth1_vlan left promiscuous mode
[  844.622042][T10242] device veth0_vlan left promiscuous mode
[  845.079266][ T3657] Bluetooth: hci7: command tx timeout
[  845.230890][   T26] kauditd_printk_skb: 46 callbacks suppressed
[  845.230907][   T26] audit: type=1326 audit(2000000160.820:3888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17257 comm="syz.3.4239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  845.298262][   T26] audit: type=1326 audit(2000000160.860:3889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17257 comm="syz.3.4239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  845.340026][   T26] audit: type=1326 audit(2000000160.860:3890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17257 comm="syz.3.4239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  845.370338][T10242] team0 (unregistering): Port device team_slave_1 removed
[  845.464062][T10242] team0 (unregistering): Port device team_slave_0 removed
[  845.533794][T10242] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  845.596803][T17266] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  845.622350][T10242] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  846.144940][T10242] bond0 (unregistering): Released all slaves
[  846.265775][T10242] bond0 (unregistering): (slave geneve0): Releasing backup interface
[  846.643619][T10242] team0 (unregistering): Port device team_slave_1 removed
[  846.686276][T10242] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  846.689320][ T3657] Bluetooth: hci5: command tx timeout
[  846.740036][T10242] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  847.163233][ T3657] Bluetooth: hci7: command tx timeout
[  847.207229][T10242] bond0 (unregistering): Released all slaves
[  847.305213][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  847.451266][T17117] device veth0_macvtap entered promiscuous mode
[  847.471388][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  847.481049][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  847.503595][T17117] device veth1_macvtap entered promiscuous mode
[  847.512311][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  847.520995][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  847.594502][T17117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  847.605995][T17117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  847.616208][T17117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  847.635324][T17117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  847.645590][T16318] kmmpd-loop3: attempt to access beyond end of device
[  847.645590][T16318] loop3: rw=14337, sector=256, nr_sectors = 4 limit=64
[  847.647506][T17117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  847.661264][T16318] Buffer I/O error on dev loop3, logical block 64, lost sync page write
[  847.679098][T17117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  847.690596][T17117] batman_adv: batadv0: Interface activated: batadv_slave_0
[  847.708162][T17176] 8021q: adding VLAN 0 to HW filter on device bond0
[  847.731009][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  847.750455][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  847.767244][T17117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  847.787985][T17117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  847.800997][T17117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  847.811672][T17117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  847.821532][T17117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  847.831974][T17117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  847.843448][T17117] batman_adv: batadv0: Interface activated: batadv_slave_1
[  847.862782][ T3857] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  847.882302][ T3857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  847.891861][ T3857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  847.900596][ T3857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  847.910727][T17117] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  847.927340][T17117] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  847.936219][T17117] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  847.951357][T17117] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  847.977519][   T26] audit: type=1326 audit(2000000163.560:3891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17277 comm="syz.3.4246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  847.978299][T17176] 8021q: adding VLAN 0 to HW filter on device team0
[  848.007303][   T26] audit: type=1326 audit(2000000163.590:3892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17277 comm="syz.3.4246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  848.063436][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  848.075172][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  848.083355][   T26] audit: type=1326 audit(2000000163.590:3893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17277 comm="syz.3.4246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  848.107571][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  848.114715][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  848.122658][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  848.130854][   T26] audit: type=1326 audit(2000000163.590:3894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17277 comm="syz.3.4246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  848.154296][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  848.166491][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  848.173729][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  848.183302][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  848.191388][   T26] audit: type=1326 audit(2000000163.590:3895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17277 comm="syz.3.4246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  848.193194][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  848.226863][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  848.234685][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  848.242378][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  848.259981][T17181] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  848.285894][T17181] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  848.299928][T17181] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  848.331418][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  848.352890][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  848.370771][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  848.390739][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  848.420305][T17141] 8021q: adding VLAN 0 to HW filter on device batadv0
[  848.427855][T17181] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  848.449675][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  848.464256][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  848.476279][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  848.485786][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  848.497300][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  848.508733][T17176] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  848.592431][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  848.608941][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  848.669906][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  848.679974][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  848.690417][T17287] loop3: detected capacity change from 64 to 11
[  848.712574][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  848.739331][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  848.748612][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  848.775649][T17141] device veth0_vlan entered promiscuous mode
[  848.782924][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  848.805566][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  848.817664][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  848.830875][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  848.840083][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  848.865153][T17141] device veth1_vlan entered promiscuous mode
[  848.973119][T17141] device veth0_macvtap entered promiscuous mode
[  848.990076][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  849.010464][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  849.028299][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  849.044501][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  849.053387][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  849.065508][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  849.079909][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  849.096403][T17141] device veth1_macvtap entered promiscuous mode
[  849.143196][T17181] 8021q: adding VLAN 0 to HW filter on device bond0
[  849.155343][T17176] 8021q: adding VLAN 0 to HW filter on device batadv0
[  849.177926][T17141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  849.196828][T17141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  849.207549][T17141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  849.218151][T17141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  849.229726][T17141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  849.241973][T17141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  849.251939][T17141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  849.262483][T17141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  849.274539][T17141] batman_adv: batadv0: Interface activated: batadv_slave_0
[  849.279499][T17298] loop3: detected capacity change from 11 to 64
[  849.295669][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  849.310208][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  849.329954][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  849.349658][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  849.369397][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  849.385397][T17181] 8021q: adding VLAN 0 to HW filter on device team0
[  849.399249][T17141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  849.412526][T17141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  849.422727][T17141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  849.433790][T17141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  849.444816][T17141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  849.456308][T17141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  849.466310][T17141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  849.481939][T17141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  849.493458][T17141] batman_adv: batadv0: Interface activated: batadv_slave_1
[  849.505401][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  849.515457][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  849.545117][T17141] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  849.562704][T17141] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  849.581047][T17141] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  849.595664][T17141] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  849.636945][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  849.650436][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  849.670028][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  849.689707][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  849.709071][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  849.716176][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  849.730180][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  849.741991][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  849.755423][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  849.762553][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  849.782538][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  849.836390][T17313] loop4: detected capacity change from 0 to 2048
[  849.840060][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  849.862455][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  849.877699][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  849.895129][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  849.913649][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  849.925607][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  849.935879][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  849.955854][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  849.976028][T17176] device veth0_vlan entered promiscuous mode
[  849.996124][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  850.011122][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  850.024997][T17315] loop4: detected capacity change from 0 to 1024
[  850.029427][T10242] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  850.091971][T17181] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  850.103943][T17181] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  850.118298][T17176] device veth1_vlan entered promiscuous mode
[  850.136033][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  850.140093][T17315] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  850.152833][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  850.166489][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  850.199852][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  850.220036][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  850.228673][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  850.300776][ T3704] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  850.320941][ T3704] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  850.342225][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  850.358547][T17117] EXT4-fs (loop4): unmounting filesystem.
[  850.365812][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  850.392383][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  850.402620][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  850.427913][T17176] device veth0_macvtap entered promiscuous mode
[  850.487800][T17176] device veth1_macvtap entered promiscuous mode
[  850.510825][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  850.518787][T10242] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  850.528506][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  850.532129][T10242] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  850.557315][T17176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  850.577857][T17333] syz.3.4264[17333] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  850.577967][T17333] syz.3.4264[17333] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  850.578257][T17176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  850.628852][T17176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  850.641628][T17176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  850.651644][T17176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  850.662972][T17176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  850.672965][T17176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  850.683985][T17176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  850.694075][T17176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  850.709758][T17176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  850.721831][T17176] batman_adv: batadv0: Interface activated: batadv_slave_0
[  850.729586][T17330] bridge0: port 3(syz_tun) entered blocking state
[  850.736733][T17330] bridge0: port 3(syz_tun) entered disabled state
[  850.744669][T17330] device syz_tun entered promiscuous mode
[  850.752380][T17330] bridge0: port 3(syz_tun) entered blocking state
[  850.758930][T17330] bridge0: port 3(syz_tun) entered forwarding state
[  850.771398][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  850.781408][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  850.791143][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  850.806407][T17333] bridge0: port 3(syz_tun) entered disabled state
[  850.850580][T17333] device syz_tun left promiscuous mode
[  850.856147][T17333] bridge0: port 3(syz_tun) entered disabled state
[  850.868721][T17176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  850.880289][T17176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  850.890684][T17176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  850.901284][T17176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  850.912810][T17176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  850.924121][T17176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  850.934618][T17176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  850.945351][T17176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  850.955244][T17176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  850.965832][T17176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  850.977320][T17176] batman_adv: batadv0: Interface activated: batadv_slave_1
[  851.009351][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  851.027281][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  851.052126][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  851.065042][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  851.077065][T17176] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  851.086504][T17176] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  851.095350][T17176] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  851.104216][T17176] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  851.124736][T17181] 8021q: adding VLAN 0 to HW filter on device batadv0
[  851.148936][   T26] audit: type=1326 audit(2000000166.730:3896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17338 comm="syz.4.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49cb17dff9 code=0x7ffc0000
[  851.203779][   T26] audit: type=1326 audit(2000000166.760:3897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17338 comm="syz.4.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f49cb17dff9 code=0x7ffc0000
[  851.231188][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  851.255412][   T26] audit: type=1326 audit(2000000166.760:3898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17338 comm="syz.4.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49cb17dff9 code=0x7ffc0000
[  851.264053][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  851.289042][   T26] audit: type=1326 audit(2000000166.760:3899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17338 comm="syz.4.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f49cb17dff9 code=0x7ffc0000
[  851.325795][   T26] audit: type=1326 audit(2000000166.760:3900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17338 comm="syz.4.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49cb17dff9 code=0x7ffc0000
[  851.371080][   T26] audit: type=1326 audit(2000000166.760:3901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17338 comm="syz.4.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f49cb17dff9 code=0x7ffc0000
[  851.377019][T17181] device veth0_vlan entered promiscuous mode
[  851.400512][   T26] audit: type=1326 audit(2000000166.760:3902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17338 comm="syz.4.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49cb17dff9 code=0x7ffc0000
[  851.434307][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  851.444451][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  851.458692][T17181] device veth1_vlan entered promiscuous mode
[  851.480880][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  851.489040][   T26] audit: type=1326 audit(2000000166.760:3903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17338 comm="syz.4.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f49cb17dff9 code=0x7ffc0000
[  851.496009][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  851.524739][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  851.538190][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  851.550153][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  851.558428][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  851.573074][   T26] audit: type=1326 audit(2000000166.760:3904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17338 comm="syz.4.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49cb17dff9 code=0x7ffc0000
[  851.610644][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  851.628298][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  851.648780][ T3880] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  851.651737][T17181] device veth0_macvtap entered promiscuous mode
[  851.668990][   T26] audit: type=1326 audit(2000000166.760:3905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17338 comm="syz.4.4265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f49cb17dff9 code=0x7ffc0000
[  851.674908][T17181] device veth1_macvtap entered promiscuous mode
[  851.699582][ T3880] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  851.736196][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  851.746325][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  851.759357][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  851.787875][T17181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  851.803689][T17181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  851.818749][T17181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  851.829547][T17181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  851.841168][T17181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  851.852627][T17181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  851.863472][T17181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  851.874386][T17181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  851.885175][T17181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  851.896325][T17181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  851.906676][T17181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  851.917575][T17181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  851.930656][T17181] batman_adv: batadv0: Interface activated: batadv_slave_0
[  851.939574][T17353] batman_adv: batadv0: Interface deactivated: dummy0
[  851.946861][T17353] batman_adv: batadv0: Removing interface: dummy0
[  851.975106][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  851.995565][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  852.018244][T17181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  852.044713][T17181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  852.068047][T17181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  852.081917][T17181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  852.092106][T17361] tmpfs: Bad value for 'mpol'
[  852.097641][T17181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  852.115301][T17181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  852.127633][T17181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  852.150561][T17181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  852.165845][T17181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  852.178251][T17181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  852.188684][T17181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  852.202512][T17181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  852.223153][T17181] batman_adv: batadv0: Interface activated: batadv_slave_1
[  852.254271][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  852.267135][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  852.295392][T17181] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  852.311802][T17181] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  852.326220][T17181] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  852.341764][T17181] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  852.476522][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  852.497839][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  852.538517][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  852.584998][ T3704] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  852.604300][ T3704] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  852.627692][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  852.674254][T17377] loop4: detected capacity change from 0 to 2048
[  852.681223][T16318] kmmpd-loop3: attempt to access beyond end of device
[  852.681223][T16318] loop3: rw=14337, sector=256, nr_sectors = 4 limit=64
[  852.705694][T16318] Buffer I/O error on dev loop3, logical block 64, lost sync page write
[  852.734716][T17377] Alternate GPT is invalid, using primary GPT.
[  852.746602][T17377]  loop4: p2 p3 p7
[  852.761285][T17381] tipc: Started in network mode
[  852.766161][T17381] tipc: Node identity ac14140f, cluster identity 4711
[  852.782910][T17381] tipc: New replicast peer: 255.255.255.255
[  852.812350][T17381] tipc: Enabled bearer <udp:s>, priority 10
[  852.982187][T17392] loop0: detected capacity change from 0 to 256
[  852.992723][T17391] bridge0: port 3(syz_tun) entered blocking state
[  853.023860][T17391] bridge0: port 3(syz_tun) entered disabled state
[  853.045787][T17391] device syz_tun entered promiscuous mode
[  853.065445][T17391] bridge0: port 3(syz_tun) entered blocking state
[  853.072043][T17391] bridge0: port 3(syz_tun) entered forwarding state
[  853.513223][T17417] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  853.648633][T17426] netlink: 40227 bytes leftover after parsing attributes in process `syz.4.4299'.
[  853.742488][T17430] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4301'.
[  853.797062][T17430] netlink: 68 bytes leftover after parsing attributes in process `syz.3.4301'.
[  853.921610][ T3686] tipc: Node number set to 2886997007
[  854.177955][T17444] syz.4.4309[17444] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  854.178052][T17444] syz.4.4309[17444] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  854.239190][T17444] bridge0: port 3(syz_tun) entered disabled state
[  854.257388][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805fb1bc00: rx timeout, send abort
[  854.268488][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805fd80800: rx timeout, send abort
[  854.289172][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805fb1bc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  854.304950][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805fd80800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  854.452001][T17444] device syz_tun left promiscuous mode
[  854.479310][T17444] bridge0: port 3(syz_tun) entered disabled state
[  854.561077][T17460] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4314'.
[  854.614408][T17463] netlink: 68 bytes leftover after parsing attributes in process `syz.3.4314'.
[  854.687721][T17465] loop1: detected capacity change from 0 to 512
[  854.728490][T17465] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  854.740867][T17465] System zones: 0-2, 18-18, 34-34
[  854.758722][T17465] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.4315: bg 0: block 248: padding at end of block bitmap is not set
[  854.794950][T17465] EXT4-fs error (device loop1): ext4_acquire_dquot:6801: comm syz.1.4315: Failed to acquire dquot type 1
[  854.838655][T17465] EXT4-fs (loop1): 1 truncate cleaned up
[  854.850535][T17465] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  854.869149][T17465] ext4 filesystem being mounted at /11/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  854.995579][T17176] EXT4-fs (loop1): unmounting filesystem.
[  855.060065][T17483] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4322'.
[  855.069133][T17483] netlink: 84 bytes leftover after parsing attributes in process `syz.1.4322'.
[  855.268514][T17494] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4327'.
[  855.324822][T17497] bridge0: port 3(syz_tun) entered blocking state
[  855.336693][T17494] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4327'.
[  855.346564][T17497] bridge0: port 3(syz_tun) entered disabled state
[  855.355156][T17497] device syz_tun entered promiscuous mode
[  855.365391][T17497] bridge0: port 3(syz_tun) entered blocking state
[  855.371935][T17497] bridge0: port 3(syz_tun) entered forwarding state
[  855.558117][T17508] loop1: detected capacity change from 0 to 2048
[  855.636019][T17508] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  855.636936][T17512] syz.4.4334[17512] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  855.652357][T17508] EXT4-fs error (device loop1): ext4_ext_precache:627: inode #2: comm syz.1.4330: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5)
[  855.657531][T17517] loop2: detected capacity change from 0 to 512
[  855.677009][T17512] syz.4.4334[17512] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  855.719957][T17517] EXT4-fs: Ignoring removed i_version option
[  855.741745][T17176] EXT4-fs (loop1): unmounting filesystem.
[  855.796283][T17517] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  855.822616][T17517] ext4 filesystem being mounted at /10/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  855.845626][T17517] EXT4-fs error (device loop2): ext4_add_entry:2486: inode #12: comm syz.2.4335: Directory hole found for htree leaf block 0
[  855.861844][T17517] EXT4-fs (loop2): Remounting filesystem read-only
[  855.893967][T17181] EXT4-fs (loop2): unmounting filesystem.
[  856.011139][T17533] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4340'.
[  856.128592][T17530] netlink: 'syz.3.4341': attribute type 33 has an invalid length.
[  856.736191][   T26] kauditd_printk_skb: 326 callbacks suppressed
[  856.736206][   T26] audit: type=1326 audit(2000000172.320:4230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17557 comm="syz.4.4351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49cb17dff9 code=0x7ffc0000
[  856.822533][   T26] audit: type=1326 audit(2000000172.320:4231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17557 comm="syz.4.4351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7f49cb17dff9 code=0x7ffc0000
[  856.868619][   T26] audit: type=1326 audit(2000000172.320:4232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17557 comm="syz.4.4351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f49cb17dff9 code=0x7ffc0000
[  856.920462][   T26] audit: type=1326 audit(2000000172.430:4233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17559 comm="syz.3.4352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  856.952650][   T26] audit: type=1326 audit(2000000172.450:4234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17559 comm="syz.3.4352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  856.976085][   T26] audit: type=1326 audit(2000000172.450:4235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17559 comm="syz.3.4352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  857.250637][T17573] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  857.393368][T17577] syz.1.4359[17577] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  857.393467][T17577] syz.1.4359[17577] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  857.440919][T17581] loop4: detected capacity change from 0 to 512
[  857.477786][T17582] bridge0: port 3(syz_tun) entered disabled state
[  857.491836][T17581] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  857.541615][T17582] device syz_tun left promiscuous mode
[  857.549853][T17582] bridge0: port 3(syz_tun) entered disabled state
[  857.586963][T17581] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  857.609758][T17581] ext4 filesystem being mounted at /28/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  857.719225][T16318] kmmpd-loop3: attempt to access beyond end of device
[  857.719225][T16318] loop3: rw=14337, sector=256, nr_sectors = 4 limit=64
[  857.732465][T17596] loop2: detected capacity change from 0 to 1024
[  857.741581][T16318] Buffer I/O error on dev loop3, logical block 64, lost sync page write
[  857.774243][T17117] EXT4-fs (loop4): unmounting filesystem.
[  857.782781][T17596] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  857.870949][T17603] sch_tbf: peakrate 64 is lower than or equals to rate 4294967295 !
[  857.895542][T17181] EXT4-fs (loop2): unmounting filesystem.
[  858.038279][T17611] loop2: detected capacity change from 0 to 1024
[  858.057322][T17611] EXT4-fs: Ignoring removed orlov option
[  858.076975][T17611] EXT4-fs: Ignoring removed nomblk_io_submit option
[  858.094151][T17617] syz.4.4374[17617] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  858.094248][T17617] syz.4.4374[17617] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  858.098299][   T26] audit: type=1326 audit(2000000173.680:4236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17616 comm="syz.3.4373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  858.161570][T17611] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  858.258358][   T26] audit: type=1326 audit(2000000173.740:4237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17616 comm="syz.3.4373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  858.318567][T17181] EXT4-fs (loop2): unmounting filesystem.
[  858.347598][   T26] audit: type=1326 audit(2000000173.740:4238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17616 comm="syz.3.4373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  858.405830][   T26] audit: type=1326 audit(2000000173.750:4239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17616 comm="syz.3.4373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  858.538408][T17633] loop4: detected capacity change from 0 to 2048
[  858.598367][T17633] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  858.759356][T17633] loop4: detected capacity change from 2048 to 0
[  858.775882][T17633] EXT4-fs error (device loop4): ext4_xattr_ibody_get:603: inode #15: comm syz.4.4380: corrupted in-inode xattr
[  858.819893][T17633] EXT4-fs error (device loop4): ext4_xattr_ibody_get:603: inode #15: comm syz.4.4380: corrupted in-inode xattr
[  858.869551][T17631] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2186: inode #15: comm syz.4.4380: corrupted in-inode xattr
[  858.911808][T17648] loop2: detected capacity change from 0 to 512
[  858.929854][T17650] syz.0.4386[17650] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  858.929954][T17650] syz.0.4386[17650] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  858.938024][T17652] syz.3.4387[17652] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  858.953807][T17652] syz.3.4387[17652] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  859.018667][T17648] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  859.036036][T17117] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /33/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0
[  859.108290][T17648] ext4 filesystem being mounted at /22/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  859.197701][T17306] EXT4-fs (loop4): unmounting filesystem.
[  859.346724][T17181] EXT4-fs (loop2): unmounting filesystem.
[  859.442732][ T3704] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  859.597105][ T3704] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  859.652757][T17671] loop2: detected capacity change from 0 to 1024
[  859.712494][ T3704] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  859.733082][T17671] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  859.845751][ T3657] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  859.858148][ T3657] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  859.869412][ T3657] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  859.887182][ T3657] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  859.894860][ T3657] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  859.902882][ T3657] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  859.945373][ T3704] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  859.958223][T17181] EXT4-fs (loop2): unmounting filesystem.
[  860.794041][T17694] loop1: detected capacity change from 0 to 128
[  860.824053][T17698] program syz.0.4404 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  861.152374][T17679] chnl_net:caif_netlink_parms(): no params data found
[  861.340089][T17679] bridge0: port 1(bridge_slave_0) entered blocking state
[  861.350984][T17679] bridge0: port 1(bridge_slave_0) entered disabled state
[  861.378347][T17679] device bridge_slave_0 entered promiscuous mode
[  861.396985][T17721] __nla_validate_parse: 9 callbacks suppressed
[  861.397002][T17721] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4412'.
[  861.463866][T17679] bridge0: port 2(bridge_slave_1) entered blocking state
[  861.497993][T17679] bridge0: port 2(bridge_slave_1) entered disabled state
[  861.511087][T17679] device bridge_slave_1 entered promiscuous mode
[  861.592302][T17733] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0
[  861.595976][T17679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  861.620917][T17679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  861.627932][T17726] IPVS: stopping master sync thread 17733 ...
[  861.654557][T17732] loop2: detected capacity change from 0 to 512
[  861.692604][T17679] team0: Port device team_slave_0 added
[  861.715829][T17679] team0: Port device team_slave_1 added
[  861.717108][T17732] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  861.731869][T17732] ext4 filesystem being mounted at /29/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  861.831482][T17181] EXT4-fs (loop2): unmounting filesystem.
[  861.957996][T17745] loop2: detected capacity change from 0 to 1024
[  861.959155][ T3653] Bluetooth: hci1: command tx timeout
[  861.995821][T17679] batman_adv: batadv0: Adding interface: batadv_slave_0
[  862.023563][T17679] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  862.052415][T17745] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  862.090346][T17679] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  862.130366][T17754] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4419'.
[  862.188679][T17181] EXT4-fs (loop2): unmounting filesystem.
[  862.311274][T17679] batman_adv: batadv0: Adding interface: batadv_slave_1
[  862.322098][T17679] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  862.358635][T17679] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  862.613906][T17679] device hsr_slave_0 entered promiscuous mode
[  862.659309][T17679] device hsr_slave_1 entered promiscuous mode
[  862.676547][T17679] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  862.699009][T17679] Cannot create hsr debugfs directory
[  862.760046][T16318] kmmpd-loop3: attempt to access beyond end of device
[  862.760046][T16318] loop3: rw=14337, sector=256, nr_sectors = 4 limit=64
[  862.789097][ T3704] device hsr_slave_0 left promiscuous mode
[  862.794313][T16318] Buffer I/O error on dev loop3, logical block 64, lost sync page write
[  862.805247][ T3704] device hsr_slave_1 left promiscuous mode
[  862.832205][ T3704] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  862.856712][ T3704] batman_adv: batadv0: Removing interface: batadv_slave_0
[  862.867552][ T3704] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  862.895607][ T3704] batman_adv: batadv0: Removing interface: batadv_slave_1
[  862.918114][ T3704] device bridge_slave_1 left promiscuous mode
[  862.958251][ T3704] bridge0: port 2(bridge_slave_1) entered disabled state
[  862.967222][ T3704] device bridge_slave_0 left promiscuous mode
[  862.981667][ T3704] bridge0: port 1(bridge_slave_0) entered disabled state
[  863.014121][T17780] loop2: detected capacity change from 0 to 1024
[  863.036291][T17781] syz.1.4431[17781] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  863.036387][T17781] syz.1.4431[17781] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  863.055617][ T3704] device veth1_macvtap left promiscuous mode
[  863.110562][T17780] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  863.148965][ T3704] device veth0_macvtap left promiscuous mode
[  863.155063][ T3704] device veth1_vlan left promiscuous mode
[  863.219128][ T3704] device veth0_vlan left promiscuous mode
[  863.255825][T17181] EXT4-fs (loop2): unmounting filesystem.
[  863.696492][T17809] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4439'.
[  864.009466][ T3704] team0 (unregistering): Port device team_slave_1 removed
[  864.040783][ T3653] Bluetooth: hci1: command tx timeout
[  864.065392][ T3704] team0 (unregistering): Port device team_slave_0 removed
[  864.112522][ T3704] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  864.162368][ T3704] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  864.655605][ T3704] bond0 (unregistering): Released all slaves
[  864.789464][T17808] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  864.795496][T17808] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  864.854335][T17808] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  864.910047][T17808] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  864.916057][T17808] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  864.949088][T17808] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  864.956498][T17808] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  864.963125][T17808] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  864.969712][T17808] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  864.977052][T17808] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  864.983494][T17820] loop0: detected capacity change from 0 to 1024
[  864.987182][T17808] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  864.997251][T17808] Bluetooth: hci6: Suspend notifier action (1) failed: -4
[  865.007409][T17808] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  865.017407][T17808] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  865.024516][T17808] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  865.039485][T17808] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  865.048224][T17808] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  865.055396][T17820] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  865.064334][T17808] Bluetooth: hci5: Suspend notifier action (1) failed: -4
[  865.091834][T17808] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  865.122757][T17808] Bluetooth: hci7: Opcode 0x0406 failed: -4
[  865.128755][T17808] Bluetooth: hci7: Suspend notifier action (1) failed: -4
[  865.163252][T17808] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  865.175340][T17808] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  865.182899][T17808] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  865.190902][T17141] EXT4-fs (loop0): unmounting filesystem.
[  865.336540][T17827] loop0: detected capacity change from 0 to 1024
[  865.353276][T17827] EXT4-fs: Ignoring removed nomblk_io_submit option
[  865.427081][T17827] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  865.678184][T17839] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4449'.
[  865.742679][T17141] EXT4-fs (loop0): unmounting filesystem.
[  865.826836][T17679] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  865.840274][T17679] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  865.850348][T17679] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  865.868212][T17679] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  865.912356][T17841] loop2: detected capacity change from 0 to 4096
[  865.949499][T17841] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  866.028025][T17841] Process accounting resumed
[  866.073357][T17679] 8021q: adding VLAN 0 to HW filter on device bond0
[  866.087369][T17841] EXT4-fs (loop2): re-mounted. Quota mode: writeback.
[  866.134742][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  866.148281][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  866.167936][T17850] loop0: detected capacity change from 0 to 1024
[  866.177690][T17679] 8021q: adding VLAN 0 to HW filter on device team0
[  866.200637][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  866.213431][T17181] EXT4-fs (loop2): unmounting filesystem.
[  866.226266][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  866.245097][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[  866.245735][T17850] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  866.252236][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[  866.263229][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  866.278059][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  866.287971][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  866.296716][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[  866.303853][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[  866.313016][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  866.330750][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  866.340652][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  866.353019][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  866.362174][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  866.384739][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  866.403717][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  866.415634][T17141] EXT4-fs (loop0): unmounting filesystem.
[  866.460163][T17679] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  866.471457][T17679] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  866.497644][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  866.511742][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  866.533861][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  866.546915][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  866.557244][   T26] kauditd_printk_skb: 78 callbacks suppressed
[  866.557259][   T26] audit: type=1326 audit(2000000182.140:4318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17858 comm="syz.0.4456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  866.562017][ T3870] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  866.589412][   T26] audit: type=1326 audit(2000000182.170:4319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17858 comm="syz.0.4456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  866.627272][   T26] audit: type=1326 audit(2000000182.170:4320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17858 comm="syz.0.4456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  866.657524][   T26] audit: type=1326 audit(2000000182.210:4321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17858 comm="syz.0.4456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  866.720416][   T26] audit: type=1326 audit(2000000182.210:4322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17858 comm="syz.0.4456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  866.787649][   T26] audit: type=1326 audit(2000000182.210:4323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17858 comm="syz.0.4456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  866.838977][ T3657] Bluetooth: hci2: command 0x0406 tx timeout
[  866.919156][ T3657] Bluetooth: hci3: command 0x0406 tx timeout
[  866.929633][   T26] audit: type=1326 audit(2000000182.210:4324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17858 comm="syz.0.4456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  867.006032][ T3657] Bluetooth: hci6: command 0x0c1a tx timeout
[  867.012317][ T3653] Bluetooth: hci0: command 0x0c1a tx timeout
[  867.020162][   T26] audit: type=1326 audit(2000000182.210:4325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17858 comm="syz.0.4456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  867.047713][   T26] audit: type=1326 audit(2000000182.210:4326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17858 comm="syz.0.4456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  867.071517][   T26] audit: type=1326 audit(2000000182.210:4327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17858 comm="syz.0.4456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  867.094580][ T3653] Bluetooth: hci5: command 0x0c1a tx timeout
[  867.100900][ T3653] Bluetooth: hci4: command 0x0c1a tx timeout
[  867.127565][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  867.145206][T17877] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  867.154104][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  867.159184][ T3657] Bluetooth: hci7: command 0x0c1a tx timeout
[  867.194369][T17679] 8021q: adding VLAN 0 to HW filter on device batadv0
[  867.239602][ T3657] Bluetooth: hci1: command 0x0419 tx timeout
[  867.318220][T17881] loop2: detected capacity change from 0 to 1024
[  867.375426][T17881] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  867.470180][T17181] EXT4-fs (loop2): unmounting filesystem.
[  867.602697][T17893] loop2: detected capacity change from 0 to 1024
[  867.657731][T17893] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  867.686731][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  867.700362][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  867.732152][T17679] device veth0_vlan entered promiscuous mode
[  867.741411][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  867.769030][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  867.787604][T17679] device veth1_vlan entered promiscuous mode
[  867.795542][T17181] EXT4-fs (loop2): unmounting filesystem.
[  867.801466][T16318] kmmpd-loop3: attempt to access beyond end of device
[  867.801466][T16318] loop3: rw=14337, sector=256, nr_sectors = 4 limit=64
[  867.859053][T16318] Buffer I/O error on dev loop3, logical block 64, lost sync page write
[  867.867821][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  867.887726][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  867.916162][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  867.951492][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  868.035288][T17679] device veth0_macvtap entered promiscuous mode
[  868.082798][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  868.099702][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  868.133301][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  868.175809][T17679] device veth1_macvtap entered promiscuous mode
[  868.227743][T17917] syz.1.4478[17917] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  868.227838][T17917] syz.1.4478[17917] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  868.249138][T17679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  868.277986][T17679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  868.306647][T17679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  868.317307][T17679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  868.328203][T17679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  868.338953][T17679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  868.350964][T17679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  868.375844][T17679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  868.398631][T17679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  868.418626][T17679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  868.438666][T17679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  868.453753][T17679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  868.466010][T17679] batman_adv: batadv0: Interface activated: batadv_slave_0
[  868.475785][T17921] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4479'.
[  868.516268][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  868.702673][T17925] loop1: detected capacity change from 0 to 512
[  868.919254][ T3657] Bluetooth: hci2: command 0x0406 tx timeout
[  868.999380][ T3657] Bluetooth: hci3: command 0x0406 tx timeout
[  869.027898][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  869.079387][ T3653] Bluetooth: hci0: command 0x0c1a tx timeout
[  869.085483][ T3657] Bluetooth: hci6: command 0x0c1a tx timeout
[  869.141196][T17925] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  869.150645][T17925] ext4 filesystem being mounted at /46/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  869.161261][ T3657] Bluetooth: hci4: command 0x0c1a tx timeout
[  869.189009][ T3653] Bluetooth: hci5: command 0x0c1a tx timeout
[  869.219817][T17931] loop0: detected capacity change from 0 to 128
[  869.227943][T17679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  869.240164][ T3646] Bluetooth: hci7: command 0x0c1a tx timeout
[  869.270260][T17679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  869.312378][T17679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  869.323140][ T3653] Bluetooth: hci1: command 0x0419 tx timeout
[  869.334393][T17679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  869.346382][T17679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  869.358197][T17679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  869.370913][T17679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  869.382037][T17679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  869.392669][T17679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  869.403764][T17679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  869.414225][T17679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  869.425352][T17679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  869.447098][T17679] batman_adv: batadv0: Interface activated: batadv_slave_1
[  869.476169][ T3842] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  869.494473][ T3842] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  869.651125][T17679] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  869.660368][T17679] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  869.669716][T17679] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  869.678426][T17679] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  869.807810][ T1242] ieee802154 phy0 wpan0: encryption failed: -22
[  869.814330][ T1242] ieee802154 phy1 wpan1: encryption failed: -22
[  869.887225][T17176] EXT4-fs (loop1): unmounting filesystem.
[  869.895737][ T3880] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  869.913388][ T3880] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  869.975188][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  870.006167][ T3880] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  870.028614][ T3880] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  870.053610][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  870.274140][T17957] loop1: detected capacity change from 0 to 764
[  870.279236][T17955] loop4: detected capacity change from 0 to 512
[  870.322363][T17956] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4490'.
[  870.381581][T17955] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.4392: bg 0: block 248: padding at end of block bitmap is not set
[  870.406670][T17955] EXT4-fs error (device loop4): ext4_acquire_dquot:6801: comm syz.4.4392: Failed to acquire dquot type 1
[  870.438794][T17955] EXT4-fs (loop4): 1 truncate cleaned up
[  870.458955][T17955] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  870.468646][T17955] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  870.594324][T17679] EXT4-fs (loop4): unmounting filesystem.
[  870.837428][T17978] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4499'.
[  870.897272][T17986] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4499'.
[  870.929277][T17987] netlink: 68 bytes leftover after parsing attributes in process `syz.2.4503'.
[  870.943117][T17988] loop0: detected capacity change from 0 to 1024
[  871.011419][T17988] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  871.114562][T17996] netlink: 268 bytes leftover after parsing attributes in process `syz.1.4506'.
[  871.123971][T17996] unsupported nla_type 65024
[  871.167044][T17141] EXT4-fs (loop0): unmounting filesystem.
[  871.179554][T18000] netlink: 35 bytes leftover after parsing attributes in process `syz.4.4508'.
[  871.291724][T18002] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4510'.
[  871.399407][ T3653] Bluetooth: hci1: command 0x0419 tx timeout
[  871.512747][T18016] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4515'.
[  871.597595][T18020] loop1: detected capacity change from 0 to 512
[  871.628841][   T26] kauditd_printk_skb: 262 callbacks suppressed
[  871.628855][   T26] audit: type=1107 audit(2000000187.210:4588): pid=18021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='~E'
[  871.667669][T18024] syz.0.4519[18024] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  871.667759][T18024] syz.0.4519[18024] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  871.668534][T18022] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4518'.
[  871.702684][T18022] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  871.727526][T18020] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  871.735460][T18022] batman_adv: batadv0: Removing interface: batadv_slave_0
[  871.747289][T18020] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  871.760816][T18022] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  871.771055][T18022] batman_adv: batadv0: Removing interface: batadv_slave_1
[  871.958595][   T26] audit: type=1326 audit(2000000187.540:4589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18029 comm="syz.0.4520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  872.009114][   T26] audit: type=1326 audit(2000000187.570:4590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18029 comm="syz.0.4520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  872.052357][   T26] audit: type=1326 audit(2000000187.570:4591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18029 comm="syz.0.4520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  872.100784][   T26] audit: type=1326 audit(2000000187.570:4592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18029 comm="syz.0.4520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  872.125399][   T26] audit: type=1326 audit(2000000187.570:4593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18029 comm="syz.0.4520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  872.149654][   T26] audit: type=1326 audit(2000000187.570:4594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18029 comm="syz.0.4520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  872.194319][   T26] audit: type=1326 audit(2000000187.570:4595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18029 comm="syz.0.4520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  872.222388][   T26] audit: type=1326 audit(2000000187.570:4596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18029 comm="syz.0.4520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  872.281309][   T26] audit: type=1326 audit(2000000187.570:4597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18029 comm="syz.0.4520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493cd7dff9 code=0x7ffc0000
[  872.294342][T18028] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98
[  872.496466][T18028] siw: device registration error -19
[  872.500828][T18040] loop0: detected capacity change from 0 to 4096
[  872.583874][T18047] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  872.592233][T18047] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  872.601137][T18047] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  872.723098][T18040] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  872.839690][T16318] kmmpd-loop3: attempt to access beyond end of device
[  872.839690][T16318] loop3: rw=14337, sector=256, nr_sectors = 4 limit=64
[  872.953402][T16318] Buffer I/O error on dev loop3, logical block 64, lost sync page write
[  873.288292][T17176] EXT4-fs (loop1): unmounting filesystem.
[  873.957591][T17141] EXT4-fs (loop0): unmounting filesystem.
[  874.109833][T18071] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4533'.
[  874.191263][T18075] IPVS: stopping master sync thread 18076 ...
[  874.513884][T18087] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4540'.
[  874.599060][T18089] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  874.607358][T18089] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  874.615860][T18089] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  875.338391][T18094] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4542'.
[  875.389811][T18098] netlink: 64 bytes leftover after parsing attributes in process `syz.0.4544'.
[  875.625852][T18109] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0
[  875.628149][T18107] IPVS: stopping master sync thread 18109 ...
[  875.696553][T18108] loop4: detected capacity change from 0 to 2048
[  875.844214][T18117] syz.1.4552[18117] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  875.844315][T18117] syz.1.4552[18117] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  876.316283][T18128] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  876.336070][T18128] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  876.344580][T18128] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  877.017370][T18134] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4558'.
[  877.038704][T18134] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4558'.
[  877.646579][T18142] IPVS: stopping master sync thread 18143 ...
[  877.653877][T18143] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0
[  877.779691][T18146] loop0: detected capacity change from 0 to 1024
[  877.889156][T16318] kmmpd-loop3: attempt to access beyond end of device
[  877.889156][T16318] loop3: rw=14337, sector=256, nr_sectors = 4 limit=64
[  877.910636][T16318] Buffer I/O error on dev loop3, logical block 64, lost sync page write
[  877.962296][T18153] loop4: detected capacity change from 0 to 2048
[  878.181564][T18158] 9pnet_fd: Insufficient options for proto=fd
[  879.219277][T18175] loop0: detected capacity change from 0 to 512
[  879.525604][T18175] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  879.591222][T18175] ext4 filesystem being mounted at /66/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  879.825495][T18175] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4573'.
[  879.984956][T18176] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  879.993259][T18176] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  880.001732][T18176] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  880.030711][T17141] EXT4-fs (loop0): unmounting filesystem.
[  880.069337][T18187] loop4: detected capacity change from 0 to 512
[  880.078959][T18187] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  880.090208][T18189] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0
[  880.118010][T18185] IPVS: stopping master sync thread 18189 ...
[  880.156151][T18187] EXT4-fs (loop4): 1 truncate cleaned up
[  880.162625][T18187] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  880.418806][   T26] kauditd_printk_skb: 20 callbacks suppressed
[  880.418821][   T26] audit: type=1326 audit(2000000196.000:4618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18202 comm="syz.3.4584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  880.490999][T18207] loop0: detected capacity change from 0 to 512
[  880.496315][   T26] audit: type=1326 audit(2000000196.010:4619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18202 comm="syz.3.4584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  880.529139][T18207] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  880.557500][   T26] audit: type=1326 audit(2000000196.010:4620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18202 comm="syz.3.4584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  880.602500][   T26] audit: type=1326 audit(2000000196.010:4621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18202 comm="syz.3.4584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  880.629183][T18207] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002]
[  880.666723][   T26] audit: type=1326 audit(2000000196.010:4622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18202 comm="syz.3.4584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  880.669663][T18207] System zones: 1-12
[  880.709156][T18207] EXT4-fs (loop0): 1 truncate cleaned up
[  880.714843][T18207] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  880.747785][   T26] audit: type=1326 audit(2000000196.010:4623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18202 comm="syz.3.4584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  880.778977][   T26] audit: type=1326 audit(2000000196.010:4624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18202 comm="syz.3.4584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  880.821611][   T26] audit: type=1326 audit(2000000196.010:4625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18202 comm="syz.3.4584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  880.905835][T17141] EXT4-fs (loop0): unmounting filesystem.
[  880.963893][   T26] audit: type=1326 audit(2000000196.010:4626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18202 comm="syz.3.4584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77797dff9 code=0x7ffc0000
[  881.035731][T18224] IPVS: stopping master sync thread 18225 ...
[  881.039926][   T26] audit: type=1326 audit(2000000196.010:4627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18202 comm="syz.3.4584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe77797c990 code=0x7ffc0000
[  881.042753][T18225] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0
[  881.069793][T18226] loop6: detected capacity change from 0 to 7
[  881.122929][T18227] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  881.131269][T18227] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  881.139801][T18227] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  881.367009][T18226] Dev loop6: unable to read RDB block 7
[  881.416378][T18226]  loop6: unable to read partition table
[  881.548597][T18226] loop6: partition table beyond EOD, truncated
[  881.702832][T18226] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[  881.702832][T18226] 
) failed (rc=-5)
[  881.874542][T18234] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  881.881610][T18234] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  881.907742][T18232] loop2: detected capacity change from 0 to 2048
[  881.910111][T18234] vhci_hcd vhci_hcd.0: Device attached
[  881.942978][T18236] vhci_hcd: connection closed
[  881.945478][ T3873] vhci_hcd: stop threads
[  881.955826][T17679] EXT4-fs (loop4): unmounting filesystem.
[  881.963685][ T3873] vhci_hcd: release socket
[  881.973801][ T3873] vhci_hcd: disconnect device
[  882.025476][T18244] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4599'.
[  882.186928][T18256] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0
[  882.191052][T18255] IPVS: stopping master sync thread 18256 ...
[  882.252092][T18258] 9pnet: Could not find request transport: t
[  882.434658][T18273] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4610'.
[  882.464663][T18275] syz.4.4612[18275] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  882.464771][T18275] syz.4.4612[18275] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  882.500275][T18275] loop4: detected capacity change from 0 to 128
[  882.525222][T18275] ext4: Unknown parameter 'fowner>00000000000000000000'
[  882.557538][T18279] loop0: detected capacity change from 0 to 128
[  882.575091][T18279] EXT4-fs: Ignoring removed orlov option
[  882.597766][T18279] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  882.616788][T18279] ext4 filesystem being mounted at /77/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  882.666555][T18279] 
[  882.668902][T18279] ======================================================
[  882.675923][T18279] WARNING: possible circular locking dependency detected
[  882.682922][T18279] 6.1.114-syzkaller #0 Not tainted
[  882.688021][T18279] ------------------------------------------------------
[  882.695238][T18279] syz.0.4614/18279 is trying to acquire lock:
[  882.701292][T18279] ffff888071f65cd0 (&ei->i_data_sem/1){+.+.}-{3:3}, at: ext4_move_extents+0x3a0/0xe10
[  882.710851][T18279] 
[  882.710851][T18279] but task is already holding lock:
[  882.718197][T18279] ffff888071f62aa8 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_double_down_write_data_sem+0x28/0x40
[  882.728821][T18279] 
[  882.728821][T18279] which lock already depends on the new lock.
[  882.728821][T18279] 
[  882.739210][T18279] 
[  882.739210][T18279] the existing dependency chain (in reverse order) is:
[  882.748215][T18279] 
[  882.748215][T18279] -> #3 (&ei->i_data_sem/2){++++}-{3:3}:
[  882.756040][T18279]        lock_acquire+0x1f8/0x5a0
[  882.761110][T18279]        down_read+0xad/0xa30
[  882.765775][T18279]        ext4_map_blocks+0x379/0x1cb0
[  882.771149][T18279]        ext4_getblk+0x1eb/0x7c0
[  882.776100][T18279]        ext4_bread+0x2a/0x170
[  882.780871][T18279]        ext4_quota_write+0x21e/0x570
[  882.786244][T18279]        get_free_dqblk+0x340/0x6c0
[  882.791449][T18279]        do_insert_tree+0x298/0x1440
[  882.796742][T18279]        do_insert_tree+0xb94/0x1440
[  882.802051][T18279]        do_insert_tree+0xb94/0x1440
[  882.807330][T18279]        do_insert_tree+0xb94/0x1440
[  882.812619][T18279]        qtree_write_dquot+0x483/0x5a0
[  882.818084][T18279]        v2_write_dquot+0x11c/0x190
[  882.823277][T18279]        dquot_acquire+0x34d/0x680
[  882.828396][T18279]        ext4_acquire_dquot+0x2eb/0x4a0
[  882.833945][T18279]        dqget+0x762/0xe90
[  882.838371][T18279]        __dquot_initialize+0x45e/0xea0
[  882.843909][T18279]        ext4_rename2+0xcb4/0x4420
[  882.849010][T18279]        vfs_rename+0xd32/0x10f0
[  882.853938][T18279]        do_renameat2+0xde0/0x1440
[  882.859047][T18279]        __x64_sys_rename+0x82/0x90
[  882.864266][T18279]        do_syscall_64+0x3b/0xb0
[  882.869213][T18279]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  882.875645][T18279] 
[  882.875645][T18279] -> #2 (&s->s_dquot.dqio_sem){++++}-{3:3}:
[  882.883744][T18279]        lock_acquire+0x1f8/0x5a0
[  882.888768][T18279]        down_read+0xad/0xa30
[  882.893453][T18279]        v2_read_dquot+0x4a/0x100
[  882.898469][T18279]        dquot_acquire+0x188/0x680
[  882.903569][T18279]        ext4_acquire_dquot+0x2eb/0x4a0
[  882.909117][T18279]        dqget+0x762/0xe90
[  882.913543][T18279]        __dquot_initialize+0x2d9/0xea0
[  882.919087][T18279]        ext4_rename2+0x957/0x4420
[  882.920617][T16318] kmmpd-loop3: attempt to access beyond end of device
[  882.920617][T16318] loop3: rw=14337, sector=256, nr_sectors = 4 limit=64
[  882.924213][T18279]        vfs_rename+0xd32/0x10f0
[  882.939787][T16318] Buffer I/O error on dev loop3, logical block 64, lost sync page write
[  882.942598][T18279]        do_renameat2+0xde0/0x1440
[  882.942628][T18279]        __x64_sys_rename+0x82/0x90
[  882.961274][T18279]        do_syscall_64+0x3b/0xb0
[  882.966220][T18279]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  882.972635][T18279] 
[  882.972635][T18279] -> #1 (&dquot->dq_lock){+.+.}-{3:3}:
[  882.980264][T18279]        lock_acquire+0x1f8/0x5a0
[  882.985302][T18279]        __mutex_lock+0x132/0xd80
[  882.990337][T18279]        dquot_commit+0x57/0x510
[  882.995307][T18279]        ext4_write_dquot+0x1fd/0x360
[  883.000700][T18279]        mark_all_dquot_dirty+0xf7/0x400
[  883.006349][T18279]        __dquot_alloc_space+0xb68/0x10e0
[  883.012063][T18279]        ext4_mb_new_blocks+0x1302/0x4b80
[  883.017777][T18279]        ext4_new_meta_blocks+0x206/0x4f0
[  883.023486][T18279]        ext4_ext_insert_extent+0xf4e/0x4e40
[  883.029457][T18279]        ext4_split_extent_at+0x825/0x11b0
[  883.035265][T18279]        ext4_swap_extents+0x12fb/0x2280
[  883.040920][T18279]        move_extent_per_page+0x24cb/0x4c30
[  883.046815][T18279]        ext4_move_extents+0x9ab/0xe10
[  883.052262][T18279]        ext4_ioctl+0x3a8d/0x5f60
[  883.057279][T18279]        __se_sys_ioctl+0xf1/0x160
[  883.062387][T18279]        do_syscall_64+0x3b/0xb0
[  883.067323][T18279]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  883.073789][T18279] 
[  883.073789][T18279] -> #0 (&ei->i_data_sem/1){+.+.}-{3:3}:
[  883.081626][T18279]        validate_chain+0x1661/0x5950
[  883.086992][T18279]        __lock_acquire+0x125b/0x1f80
[  883.092366][T18279]        lock_acquire+0x1f8/0x5a0
[  883.097381][T18279]        down_write_nested+0x39/0x60
[  883.102658][T18279]        ext4_move_extents+0x3a0/0xe10
[  883.108104][T18279]        ext4_ioctl+0x3a8d/0x5f60
[  883.113129][T18279]        __se_sys_ioctl+0xf1/0x160
[  883.118246][T18279]        do_syscall_64+0x3b/0xb0
[  883.123177][T18279]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  883.129600][T18279] 
[  883.129600][T18279] other info that might help us debug this:
[  883.129600][T18279] 
[  883.139831][T18279] Chain exists of:
[  883.139831][T18279]   &ei->i_data_sem/1 --> &s->s_dquot.dqio_sem --> &ei->i_data_sem/2
[  883.139831][T18279] 
[  883.153666][T18279]  Possible unsafe locking scenario:
[  883.153666][T18279] 
[  883.161110][T18279]        CPU0                    CPU1
[  883.166470][T18279]        ----                    ----
[  883.171836][T18279]   lock(&ei->i_data_sem/2);
[  883.176432][T18279]                                lock(&s->s_dquot.dqio_sem);
[  883.183806][T18279]                                lock(&ei->i_data_sem/2);
[  883.190941][T18279]   lock(&ei->i_data_sem/1);
[  883.195548][T18279] 
[  883.195548][T18279]  *** DEADLOCK ***
[  883.195548][T18279] 
[  883.203676][T18279] 4 locks held by syz.0.4614/18279:
[  883.208884][T18279]  #0: ffff88807c010460 (sb_writers#4){++++}-{0:0}, at: mnt_want_write_file+0x5a/0x1f0
[  883.218556][T18279]  #1: ffff888071f62c20 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: lock_two_nondirectories+0xde/0x130
[  883.229776][T18279]  #2: ffff888071f65e48 (&sb->s_type->i_mutex_key#8/4){+.+.}-{3:3}, at: ext4_move_extents+0x385/0xe10
[  883.240736][T18279]  #3: ffff888071f62aa8 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_double_down_write_data_sem+0x28/0x40
[  883.251791][T18279] 
[  883.251791][T18279] stack backtrace:
[  883.257661][T18279] CPU: 0 PID: 18279 Comm: syz.0.4614 Not tainted 6.1.114-syzkaller #0
[  883.265801][T18279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  883.275846][T18279] Call Trace:
[  883.279124][T18279]  <TASK>
[  883.282051][T18279]  dump_stack_lvl+0x1e3/0x2cb
[  883.286722][T18279]  ? nf_tcp_handle_invalid+0x642/0x642
[  883.292173][T18279]  ? print_circular_bug+0x12b/0x1a0
[  883.297366][T18279]  check_noncircular+0x2fa/0x3b0
[  883.302295][T18279]  ? add_chain_block+0x850/0x850
[  883.307235][T18279]  ? lockdep_lock+0x11f/0x2a0
[  883.311926][T18279]  ? add_lock_to_list+0x1de/0x2e0
[  883.316941][T18279]  ? _find_first_zero_bit+0xd0/0x100
[  883.322231][T18279]  validate_chain+0x1661/0x5950
[  883.327095][T18279]  ? reacquire_held_locks+0x660/0x660
[  883.332473][T18279]  ? validate_chain+0x112/0x5950
[  883.337402][T18279]  ? look_up_lock_class+0x77/0x140
[  883.342509][T18279]  ? register_lock_class+0x100/0x990
[  883.347831][T18279]  ? is_dynamic_key+0x260/0x260
[  883.352677][T18279]  ? mark_lock+0x9a/0x340
[  883.357024][T18279]  __lock_acquire+0x125b/0x1f80
[  883.361894][T18279]  lock_acquire+0x1f8/0x5a0
[  883.366390][T18279]  ? ext4_move_extents+0x3a0/0xe10
[  883.371540][T18279]  ? read_lock_is_recursive+0x10/0x10
[  883.376944][T18279]  ? __might_sleep+0xb0/0xb0
[  883.381540][T18279]  ? rwsem_write_trylock+0x166/0x210
[  883.386843][T18279]  ? inode_owner_or_capable+0x210/0x210
[  883.392393][T18279]  ? clear_nonspinnable+0x60/0x60
[  883.397420][T18279]  down_write_nested+0x39/0x60
[  883.402191][T18279]  ? ext4_move_extents+0x3a0/0xe10
[  883.407318][T18279]  ext4_move_extents+0x3a0/0xe10
[  883.412255][T18279]  ? rcu_read_lock_any_held+0xb3/0x160
[  883.417768][T18279]  ? ext4_double_up_write_data_sem+0x30/0x30
[  883.423763][T18279]  ext4_ioctl+0x3a8d/0x5f60
[  883.428266][T18279]  ? kasan_set_track+0x4b/0x70
[  883.433031][T18279]  ? security_file_ioctl+0x6d/0xa0
[  883.438146][T18279]  ? __se_sys_ioctl+0x47/0x160
[  883.442899][T18279]  ? do_syscall_64+0x3b/0xb0
[  883.447486][T18279]  ? ext4_fileattr_set+0x1770/0x1770
[  883.452773][T18279]  ? do_vfs_ioctl+0x1ab2/0x2a90
[  883.457614][T18279]  ? __x64_compat_sys_ioctl+0x80/0x80
[  883.462979][T18279]  ? __lock_acquire+0x1f80/0x1f80
[  883.468002][T18279]  ? lockdep_hardirqs_on+0x94/0x130
[  883.473201][T18279]  ? __kmem_cache_free+0x25c/0x3c0
[  883.478308][T18279]  ? tomoyo_path_number_perm+0x61b/0x7f0
[  883.483952][T18279]  ? tomoyo_path_number_perm+0x68a/0x7f0
[  883.489592][T18279]  ? tomoyo_path_number_perm+0x1f2/0x7f0
[  883.495220][T18279]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  883.500679][T18279]  ? __fget_files+0x28/0x4a0
[  883.505283][T18279]  ? __fget_files+0x28/0x4a0
[  883.509877][T18279]  ? __fget_files+0x435/0x4a0
[  883.514546][T18279]  ? __fget_files+0x28/0x4a0
[  883.519135][T18279]  ? bpf_lsm_file_ioctl+0x5/0x10
[  883.524075][T18279]  ? security_file_ioctl+0x7d/0xa0
[  883.529177][T18279]  ? ext4_fileattr_set+0x1770/0x1770
[  883.534485][T18279]  __se_sys_ioctl+0xf1/0x160
[  883.539069][T18279]  do_syscall_64+0x3b/0xb0
[  883.543474][T18279]  ? clear_bhb_loop+0x45/0xa0
[  883.548158][T18279]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  883.554060][T18279] RIP: 0033:0x7f493cd7dff9
[  883.558477][T18279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  883.578086][T18279] RSP: 002b:00007f493db7b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  883.586569][T18279] RAX: ffffffffffffffda RBX: 00007f493cf35f80 RCX: 00007f493cd7dff9
[  883.594544][T18279] RDX: 0000000020000040 RSI: 00000000c028660f RDI: 0000000000000007
[  883.602531][T18279] RBP: 00007f493cdf0296 R08: 0000000000000000 R09: 0000000000000000
[  883.610524][T18279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  883.618486][T18279] R13: 0000000000000000 R14: 00007f493cf35f80 R15: 00007ffc299f70a8
[  883.626468][T18279]  </TASK>
[  883.671487][T17141] EXT4-fs (loop0): unmounting filesystem.
[  887.959133][T16318] kmmpd-loop3: attempt to access beyond end of device
[  887.959133][T16318] loop3: rw=14337, sector=256, nr_sectors = 4 limit=64
[  887.972786][T16318] Buffer I/O error on dev loop3, logical block 64, lost sync page write
[  892.358934][ T3653] Bluetooth: hci0: command 0x0c1a tx timeout