last executing test programs: 20.165274216s ago: executing program 0 (id=1): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000b80)={[{@nombcache}, {@abort}, {@dioread_lock}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy") bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50) socket(0xa, 0x3, 0x3a) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x17, 0x0, 0x8400, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000380)={r0, 0x0, 0x20000000, 0x2}, 0x20) chdir(&(0x7f0000000080)='./file0\x00') mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) renameat2(r1, &(0x7f0000000100)='./file0\x00', r2, &(0x7f0000000580)='./bus\x00', 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r3, &(0x7f0000000f80)=""/4096, 0x1000) 19.08696427s ago: executing program 0 (id=7): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001040)=ANY=[@ANYBLOB], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet_udplite(0x2, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setrlimit(0x0, &(0x7f0000000000)={0xe714, 0xc9}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = gettid() sched_getscheduler(r2) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) init_module(&(0x7f0000000300)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000000000000000000000000000000000000000000000000000000000007c000000000000000038000040000000000000"], 0xaf, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @empty}, {0x0, @local}, 0x0, {0x2, 0x0, @multicast2}, 'lo\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b0000000800000006000000ffffffff01000000", @ANYRES32=0x1, @ANYBLOB='\x00'/17, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={0x0, r3, 0x0, 0xfffffffffffffffc}, 0x18) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000480)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0xff, 0x7fff0010}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback=0xd741d31cdc711be2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = socket(0x10, 0x803, 0x0) write(r4, &(0x7f0000000040)="2600000022004701050007108980e8ff06006d20002b1f00c0e90101", 0x1c) setsockopt$sock_int(r4, 0x1, 0x8, 0x0, 0x0) sendto(r4, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r4, 0x0, 0x0, 0x100, 0x0) 15.715764061s ago: executing program 4 (id=5): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r3, &(0x7f00000006c0)={0x50d, 0x7d, 0x0, {{0x500, 0x1f7, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x10f, '\x04nodZ=\xbfd`\xd2\xc2\x97D,\x027\xfcb%\xff\xff\xff\x80\x05\x00\x00\x00\x00\x00\x00\xff\x03\xff\x92\xe9\x16\x00\x05\x00\x00\x00,\x93\xcb=\xb6\xc21\xd1\x19\xaa\xa1ou\xc5\x8f\xa6\x88\x9f\xf3\xc8\xf7\xab\xc6\x1bY\xa1\xd2o\fJ\xf8\xe2\x93\xd3\xf8l\xcd\xc6o\xf5{\xe9\x00\x00\x00\x00\x00\x00\x00\x03\xd5\x89-\x8e\xfe\xbb\x9e\x05\xac\nk\xc5)`z\xc6\x8a8\x13\xaf\xe7\x9e\x85cj\xfdl]\x15\xb2\xae\xbb\xb7\xee;\x1e\xae\x8a\x7f\xbe.\x85\x88s\x14\xcb\xec\xf0\xa1\xa5\x124z\x8c\x15\xb3 \xd1\xe1\xc0\x10Uz\xaaw\x16^Q`208^|\'\x01\x00\xacB3\x00D\xa9\b=\xe5\xbe\xd8\xe0\xbd(h\"\x94\xf68\xc3\x8e%uj\xb0\xb0\x7fe\xdb\xd6$\xee\x95_}\xa7\x8e\xe1\x96I7?0\xe3\xf7\xb9d\xf0\xa2f\xc3\xac\x9ePwS\xa3\xc4\x03\xc8{\xf1Jv\x87%\x91h\xb4[\xbdz\x1f\xd8`\x0e\xa1.\x00\xdb\xfeL\x1a\xfe\xea\xaf\x9d{\xb4\xa7Z\x1c\x82\x18\x93\xf7\xf4|\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x35, '\xcf`7-a\xcc\xea\xb8\xc8\x86A\xeb\x93\xb4\xcc\xf6\x00*\xb8{\xfc\x01\'\x96\t?h0\\M\" \x83~\x01\b\xe2\xe7HP\x1cQHK\xa0/\x10\x9c\xaa\xf9\x15\t\xa2', 0x55, '\xf8\xf6i\xfbqk\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xdb\x80\xe8\xd4\a\x00\x00\x007\x00'}, 0x301, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\fA\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaau\xf8$k\xccB\xea\xa8\xc61\xc0\xc5\x00\x95\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xc0\xfbNL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12.a\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xc2\x00\x00\x000\xe4\xee+\xfc\x7f\x80P\x85\x11C\xe5\x16\x1a\xcdG\x15\n\xcb\xaft8\"\xdf\xe2\x03\xb1\b\xd3~\x91M\xc1\xe5>#LP\x9e\xcaA\a\xa1q,\xaa\x9d\xa5=\x05\x1c6\x88Ly\x18&a\xf3\xca6\xbc\xdb\xfb\xbd&q\t\xf81\x9d\x8d\xd5\xc0p\x99\xeb\x1b\x11\x03\x06U\xf5biOat=\x19B\x1bJ\x19\xef\x8b\x8bL\xe9\xc9\x93\xc7\xd6\xcb0\fNezNP\xa3[\\\xc1k\x8c\x16\x1a\x8e=\xf9\x03k\xbc\xf2\x8a\xdc\xd1\x9alL)\x17\t\xae\xe5\xab>[\xc5\xae)\xf4u\xe4\xd2D\b\xb5\x16}\x0f\xaf_\xc1Vkp\\\x8b`\xaf\xa8\xac\xa4/~\x04i\x18\x8a\x0e\xf0b\xca\x18\xe3\x8f\x9e\xe1\n\xc7}+~\xb9\xd6\x0e\xa7\x9f\xdbUd\x11H[\x1b\x13\xdb\xb8\xa2\xa6b.\xbc\xf8Lio\xa4\xda!\xba\xd22\r\rh\xe9\xbfCF\xf0ha\x19\xa3\x9e@\x03\x95\xc8\xf2\x82^\xa0i\xae\x0e\x14;\xd1\xa4Ay\xedlTp,^\x9a\x19\xcc\x7f\xfaP\x0f\xa4\x1bl\x80I\xbd\xe4X\'\xd5N\xc9\x01\xd2z\xd1%\x05h\x89\xb33k?\x06\x83\x8c[fz\xe2.\xfe;\xc1[\x82_\x7f\xbc\xe4\x80\'(\x1c\xf9\xfe\x8f\xc2\x1f\xc7|$=\xe2g\x051\x0e\xb8\x1c\xf7M\xe0)1\x92\xa1?j\xd0W\xdea\xfd\x8a\xba\x8e\xf4C\x9b\xc0jE\xb2\xb01bQZ#C:\xfe\xb5*\xed\xb5\xabo3FS8\x05\x15\xf7y\xf3]\xc8\xa7\x8c7w$\x92\xa2(L!\xd2\x13V\xd4s\xf0\x0f\x85\x13|{\xf0cou}5(\x86\x9b?\x00w5\xcf\xf8\\\x9d\x97\x8b\xf5]\xcc&\xd6-%\xe3\b\xf0\x88\'\xa9\x1f\xf4{\xec\x92\xf8\xe9\x1ey\bfT\x00\xaaN9\xb3Y\x86#\x9d\\{\x94\x92\xc5\xbb&\xbcU\xb5[I\xedpHnn}\xa3\x8c \x84P\xf9\xf7\x9e\x1bA\x00'/769, 0xffffffffffffffff, 0xee01}}, 0x50d) 13.232491287s ago: executing program 2 (id=16): syz_open_dev$vcsa(0x0, 0x56a5, 0x101000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x8, 0x1ff}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e7, &(0x7f0000000000)) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000800)={0x9, {{0x2, 0x0, @multicast2}}, 0x0, 0x2, [{{0x2, 0x0, @broadcast}}, {{0x2, 0x0, @loopback}}]}, 0x190) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) close(r1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10) socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 13.231535146s ago: executing program 4 (id=17): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 12.766754363s ago: executing program 4 (id=20): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) close(r0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x100002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x48400) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58) writev(r0, &(0x7f00000005c0)=[{&(0x7f0000000140)="f4339bc23dab73", 0x7}, {&(0x7f00000002c0)="628a31b6d7ba4817f9e7171f59f6ba02d142ac1df6b7ee697448e1d1df8e6f1bad0f1ef1889722dfbe78cc1a58a59f2d3881ae40ded75e48ec1d1782df4cdfbf37cbc45995b26e7abb0cd849ea66e80fba985a82232c84", 0x57}, {&(0x7f0000000480)="57c761f654db5f3098ae64ce385ffcfed0ef110d93cbe7fa1f4f2327602a291192f5fe9863d527e303153f68b04c18db5a48756a583789e9895746c12b9d4e1224c9e17563edff39dd0b7d73fbb4b5a64e7b6db65b84b82f6c938205b2d8560f0da2f775e85175f74ed70033681e96d30fe8a7c2866c59e8f2e2d253ee55115be95aef4a8688989faa6f27db0ea71914ea8150aa35afc828c97af0ec5cc718ca2a58b335388cfebd804d", 0xaa}, {&(0x7f0000001680)="50eab642bf632c5cde", 0x9}], 0x4) r3 = accept4(r2, 0x0, 0x0, 0x0) sendfile(r3, r0, 0x0, 0x4f) 11.205814265s ago: executing program 4 (id=22): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setreuid(0xee01, 0xffffffffffffffff) mkdir(0x0, 0x0) inotify_init1(0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setresuid(r1, r1, 0xee01) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2c00) gettid() r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x7b}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x98}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x9, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 10.920409662s ago: executing program 2 (id=23): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) fchown(0xffffffffffffffff, 0x0, 0xee01) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) listen(r3, 0x0) connect$rose(r3, &(0x7f0000000040)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x40) 9.788171441s ago: executing program 1 (id=24): getpeername(0xffffffffffffffff, &(0x7f0000001100)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, &(0x7f0000001180)=0x80) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000006, 0x4132, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080), 0x681, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r3, 0xc0045009, &(0x7f0000000180)=0x4) 9.784783209s ago: executing program 3 (id=25): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ip_vti0\x00', 0x0}) r4 = socket$can_raw(0x1d, 0x3, 0x1) sendmsg$can_raw(r4, &(0x7f0000000300)={&(0x7f0000000800)={0x1d, r3}, 0x10, &(0x7f0000000880)={&(0x7f0000000840)=@can={{}, 0x0, 0x0, 0x0, 0x0, "ded27feeba7ca62a"}, 0x10}}, 0x0) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f0000000ac0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x4040010) r5 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) write$uinput_user_dev(r5, 0x0, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x5) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xa, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) 7.797785498s ago: executing program 1 (id=27): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_WASH={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) poll(&(0x7f0000000040), 0x55, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0) 7.797520478s ago: executing program 2 (id=28): syz_open_dev$video(0x0, 0x8, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) fchown(0xffffffffffffffff, 0x0, 0xee01) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) listen(0xffffffffffffffff, 0x0) connect$rose(0xffffffffffffffff, &(0x7f0000000040)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x40) 7.281783296s ago: executing program 3 (id=29): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4000000, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x12, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="b60a00000000000063112c00000000001800000000000000000000000000000095000000000000009935bfd0033bb90965200948c5887a51572f3f35f83a6e88f69693c7f3eeae1533ef75923322686e236cb7a3518f23ae5db005186b7eef5af4f6a8735f1698c6ca349b64b9998a409a3d20cc0198ca45bcaaf0bbefc43f60c7ec19df8f9450b778a3961b280f51987f6dd8390a7ecb01154f51c7da7549cc928941a7de9eaa55cb1f2bf49f31533f298173fd91512c65ca8efcbbe7cdbec5e5680864af4f4eb94187aa"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000800)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10) setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x67, 0x0, 0x0) fchdir(0xffffffffffffffff) getpid() 6.222318258s ago: executing program 2 (id=30): prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r3, &(0x7f0000002080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_retopts={{0x10, 0x60000000}}, @ip_pktinfo={{0x1c, 0x40000000, 0x8, {0x0, @local, @empty}}}], 0x30}}], 0x300, 0xa1c) 5.989897407s ago: executing program 1 (id=31): bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f0000001240)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) r0 = socket(0x10, 0x80002, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'geneve0\x00', 0x0}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'geneve1\x00', 0x400}) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f00000000c0)={r2, 0x3, 0x6, @dev}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r2, @ANYBLOB], 0x20}}, 0x0) 5.153945197s ago: executing program 3 (id=32): r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, 0x0, 0x0) 4.865956597s ago: executing program 3 (id=33): r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f0000000e80)=ANY=[@ANYBLOB="8500000061000000350000000000000085000000230000009500000000000000f4670880271e3542dfa8ba6287066c5197fabc5f7010e81ae0b737126ea6f7dc39cd340101000000000000e22ff5dde54704d25c79949c23e20100000000000000c09cc28de194f40800000000b0d3712c7e93366796c7224a0c2c0213af2ecdf3c075e3d800000104f4b1fc30dc914bc16543d4baa2bb755af3d576090c4867a7b6393e366c6386d5ec7209d031f40f3012e95752003b2f7846c744ae6af3c037102124d8eb000000000000000000000000a46aac3abe6c4d7f47ef6d02bad9dddacecf7eaa4a9779f8555ed6aea768c1f28221c110ed050000000ee282ab76ef93d96bc46a7c04b8c5324812d992a4f8dc6fcba00b1b2da951667d0276a0327b56c0ebfb19b3426887b6f1b6070e0ce1f844ce32a9988ca042dca52fbb8c1452b651ebf942f7297f7b66254c567b7983f60f2744419a2f238f173d0000003cf4fbd775d9c07d8d591a4dac60ff00a629b3b200000000000000000000000009001d004e41ff9b4d00e07ff771cea08bea2fa81fb4c4c43f74936f333e3ae44f7ddd2fb35d4c46392ae855531b1eaf40aee8c94fd812e40f14e519a264ff3c572eecd5f6ca98b55e78f8d94f57ed7e6a3ab5dd9a4adedbdf0e58f58eb2e83500000000000000934c92002eace9a8d6f3dd008acf8a5c0fb433678060ac0e201e401fb1711d41f45d90a1e19795c995ff7d0020ecccf41d81c8c510cf773171407191872d0e3e62dd578d590e62ff74d667477ac69a806d4552084a87f74fdfc117d4975576c102976c1ef70ceac9ff714bab1f59f8ebd67f2aca41706c147e3e0d3e557de0349c5ca80f10361bedc4832ae62a2b745ef6587710a82c2e27bacc81877b996a708c3a9235bdbec2cde0cfca78205439b4fd312c7106000000000000000000000000df83e1a6c37e26d8f98d7e9419275bc3bba633b47d00"/723], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0xfffff000, 0xb, 0x0, &(0x7f0000000880)="61df712bc884fed5722780", 0x0, 0x8000, 0x0, 0x0, 0x67, &(0x7f0000000000), &(0x7f0000000800)="ffe200004e379b19393a41afde6b0b1235c1278ebf59a5d4d697bc199e060b675b46d4ff37c7f91ceaa6790cd8570f080b0d2375918cd7dfcf26aa90dc6a5617be488475b892958512c8e814c24d7efc26f9f2512dec8c759773c42a2fca2735984613809a78eb", 0x0, 0x2}, 0x50) 4.864832195s ago: executing program 2 (id=34): syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3000080, &(0x7f0000000200)=ANY=[@ANYBLOB="71756965742c636f6465706167653d69736f383835392d31352c706172743d3078303030303030300000000000000000662c00a20000000700000000ede9debf530c3cc4d04b548919aca0c2937d4da1fc31dc42fc2e3e", @ANYRES8], 0x11, 0x2d2, &(0x7f0000000bc0)="$eJzs3U1rE1scx/HfmaRteht6pw+XC3fZa0E3UutG3KRIXoS4ELWJUAwVbQV1YxVXIrp371vwLQhuFN+Arlz5AiIII+fMZJJJJzMxNDMNfj9gmMycM+d/Mg/n/AfsCMAf60rzy9uL3+w/I1VUkV5cljxJNakq6R/9W3uwf7h32Gm3MvbTDRxbyyisaY4V2t1vp9WtKaoR8e23quqD6zAdQRDsfJV0UHYgKJW7+lN40kJ0dbrttcIjy/Z0wnpHJxzHrDFddfVQy2XHAQAoVzT+e9E4X4/m754nbUbD/qkc/yfVLTuAqQsytw6M/y7LCow9vn+7Tf18z6VwdrvXyxLHaXlu6Pu8wjMrMcE0eVmli8VbvL3XaZ/fvdtpeXqmRmSg2Lr7bIWnbk9OtBspuWmGMfpu0meUS64Pc7YP2yPiX5uwxYmZD+aTuW58vVErnv9VA2MPkztS/tCRCuPfGr1H10vfllJ022g0Gl6iyIpr5L+ohUhOL2vpGYl6Z9SKkg8I/Lw4Xa3VoVph7y7k1FoLa+0sJmpt976NqLWeaMv2Jj6bR7c3beaVuWo29F3v1ByY/3s2vk1lXpn9q8ZshkOB+8XD/synN1d1+/SPjRxHulZProl/xYVRof/IvqdhyJOMbS91S5e0fPDo8Z1Kp9O+bxdupizcq8dr5p5LqWVKWPDUX6Oj/qYFhQ8ij9XqDUpFhnruRHdo7x+5he1VVkgHT82ZUMZC82OxJ1IZCwXdo1Cq/kHPLfq+kIBQNDfvCvO/gXxly0327IefMU/PnZBFewzsHDvOgGqJ+qtu6a/fyuCWRmdw4+Zc/5+VzsSrfgY5LfpRnLMhyJr6Waapz7rB838AAAAAAAAAAAAAAAAAAIBZU8R/Jyi7jwAAAAAAAAAAAAAAAAAAAAAAzLr4/b/qvf9X473/d/gvf1fCN7ycyPt/X++L9/8C0/crAAD//zZmik0=") r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) syz_open_pts(0xffffffffffffffff, 0x48f00) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)={0xffffffffffffffff}) sendmsg$inet(r2, 0x0, 0x20000801) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) sigaltstack(0x0, 0x0) dup(0xffffffffffffffff) write$binfmt_script(r0, &(0x7f0000010180)={'#! ', './file0'}, 0x10017) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) 4.839858122s ago: executing program 1 (id=35): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x5}, 0x18) sched_rr_get_interval(0x0, &(0x7f0000000240)) 4.607804192s ago: executing program 3 (id=36): openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0xb) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) splice(r0, 0x0, r4, 0x0, 0x80, 0x2) fcntl$setpipe(r4, 0x407, 0x0) write(r2, 0x0, 0x0) 4.521847159s ago: executing program 1 (id=37): socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0xc, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000280), &(0x7f0000000340), 0x10, 0xfffffffb, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r3 = inotify_init1(0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) close_range(r3, 0xffffffffffffffff, 0x0) 3.433605098s ago: executing program 1 (id=38): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x200554, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11f0, &(0x7f0000001280)="$eJzs3E+LW1UYB+C349ipU+ePWqstiAfd6ObSzMKNboJMQRpQ2kZoBeHWudGQaxJyw0BErK7c+jnEpTtB3OlmNn4Gd7NxWUG8YtI6M2W6KEJvHZ5nkxfO+ZH3JHDghJy7/9Y3nw56VdbLp7F06lQsjSPSnRQpluKeL+P1N3/+5aVrN25eaXc621dTuty+3nojpbT+8o8ffP7dKz9Nz77//foPK7G3+eH+71u/7Z3fu7D/1/VP+lXqV2k4mqY83RqNpvmtskg7/WqQpfReWeRVkfrDqpgcGe+Vo/F4lvLhztrqeFJUVcqHszQoZmk6StPJLOUf5/1hyrIsra0G/0X32zt1XUfU9ZNxOuq6rp+K1TgbT8darMdGbMYz8Ww8F+fi+TgfL8SLcWE+q+m+AQAAAAAAAAAAAAAAAAAA4GRx/x8AAAAAAAAAAAAAAAAAAACad+3GzSvtTmf7akpnIsqvd7u73cXrYrzdi36UUcSl2Ig/Y377f2FRX36ns30pzW3GV+Xtu/nbu90njuZb88cJHJtvLfLpaH4lVg/nt2Ijzh2f3zqcj3v5M/Haq4fyWWzErx/FKMrYiX+yB/kvWim9/W7nvve/OJ8HAAAAJ0GW/nXs+T3LHjS+yD/E7wP3na+X4+Jys2snopp9NsjLspgoHvvidLNt/FHXdfMfwv+2WH482jgoVu5uAQ+Y0/DGxCNx8KU33QkAAAAAAAAAAAAP41H807DpNQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA3O3AsAAAAACDM3zqNjg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KsAAAD//4T40z0=") r0 = syz_open_procfs(0x0, &(0x7f0000000440)='net/ip_tables_targets\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) read$char_usb(r0, &(0x7f0000000140)=""/189, 0xfffffecd) 3.116823326s ago: executing program 3 (id=39): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 0s ago: executing program 2 (id=41): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800ebf50000000000000000000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='mm_lru_insertion\x00', r3}, 0x18) sched_setscheduler(0x0, 0x0, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) accept$alg(r4, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r7, r6], 0x2}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.56' (ED25519) to the list of known hosts. [ 67.650790][ T5227] cgroup: Unknown subsys name 'net' [ 67.801992][ T5227] cgroup: Unknown subsys name 'cpuset' [ 67.810882][ T5227] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 69.375104][ T5227] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.671123][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.677788][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 73.413189][ T5241] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.423158][ T5241] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.438441][ T5241] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.468105][ T5241] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.475921][ T5241] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 73.483669][ T5241] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.540816][ T5241] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 73.550250][ T5241] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 73.558392][ T5241] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 73.569762][ T5241] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 73.577906][ T5241] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 73.585336][ T5241] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.645312][ T4628] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.659500][ T4628] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.668465][ T4628] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.678390][ T4628] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.687574][ T4628] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 73.701390][ T5250] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.710192][ T5250] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 73.719423][ T5252] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 73.758335][ T5241] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 73.765886][ T5241] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 73.779748][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 73.788294][ T5241] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 73.796091][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 73.803968][ T5241] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.812368][ T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 73.832354][ T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 73.843436][ T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 73.851793][ T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 74.089623][ T5242] chnl_net:caif_netlink_parms(): no params data found [ 74.104087][ T5237] chnl_net:caif_netlink_parms(): no params data found [ 74.268710][ T5242] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.276579][ T5242] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.286022][ T5242] bridge_slave_0: entered allmulticast mode [ 74.293268][ T5242] bridge_slave_0: entered promiscuous mode [ 74.304304][ T5242] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.311988][ T5242] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.319320][ T5242] bridge_slave_1: entered allmulticast mode [ 74.326409][ T5242] bridge_slave_1: entered promiscuous mode [ 74.357343][ T5237] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.366165][ T5237] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.373578][ T5237] bridge_slave_0: entered allmulticast mode [ 74.382248][ T5237] bridge_slave_0: entered promiscuous mode [ 74.422411][ T5237] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.430042][ T5237] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.437361][ T5237] bridge_slave_1: entered allmulticast mode [ 74.444911][ T5237] bridge_slave_1: entered promiscuous mode [ 74.459192][ T5242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.471393][ T5242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.564326][ T5237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.577163][ T5237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.644081][ T5242] team0: Port device team_slave_0 added [ 74.654148][ T5245] chnl_net:caif_netlink_parms(): no params data found [ 74.673188][ T5237] team0: Port device team_slave_0 added [ 74.681571][ T5242] team0: Port device team_slave_1 added [ 74.702582][ T5237] team0: Port device team_slave_1 added [ 74.716958][ T5246] chnl_net:caif_netlink_parms(): no params data found [ 74.760186][ T5242] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.767196][ T5242] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.793410][ T5242] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.806540][ T5248] chnl_net:caif_netlink_parms(): no params data found [ 74.832168][ T5237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.840007][ T5237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.867379][ T5237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.880122][ T5242] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.887193][ T5242] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.914545][ T5242] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.955286][ T5237] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.962468][ T5237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.990045][ T5237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.076132][ T5245] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.087181][ T5245] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.094512][ T5245] bridge_slave_0: entered allmulticast mode [ 75.105431][ T5245] bridge_slave_0: entered promiscuous mode [ 75.155318][ T5245] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.164143][ T5245] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.171528][ T5245] bridge_slave_1: entered allmulticast mode [ 75.179075][ T5245] bridge_slave_1: entered promiscuous mode [ 75.207611][ T5237] hsr_slave_0: entered promiscuous mode [ 75.214320][ T5237] hsr_slave_1: entered promiscuous mode [ 75.228585][ T5242] hsr_slave_0: entered promiscuous mode [ 75.235104][ T5242] hsr_slave_1: entered promiscuous mode [ 75.242160][ T5242] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.250182][ T5242] Cannot create hsr debugfs directory [ 75.282625][ T5245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.311572][ T5246] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.319018][ T5246] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.326263][ T5246] bridge_slave_0: entered allmulticast mode [ 75.333546][ T5246] bridge_slave_0: entered promiscuous mode [ 75.345409][ T5246] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.353056][ T5246] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.360738][ T5246] bridge_slave_1: entered allmulticast mode [ 75.367639][ T5246] bridge_slave_1: entered promiscuous mode [ 75.393620][ T5245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.413462][ T5248] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.422594][ T5248] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.432765][ T5248] bridge_slave_0: entered allmulticast mode [ 75.440252][ T5248] bridge_slave_0: entered promiscuous mode [ 75.475444][ T5248] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.483835][ T5248] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.491690][ T5248] bridge_slave_1: entered allmulticast mode [ 75.500679][ T5248] bridge_slave_1: entered promiscuous mode [ 75.510311][ T5246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.523565][ T5246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.594456][ T5245] team0: Port device team_slave_0 added [ 75.599853][ T54] Bluetooth: hci0: command tx timeout [ 75.624812][ T5248] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.636007][ T5246] team0: Port device team_slave_0 added [ 75.647649][ T5246] team0: Port device team_slave_1 added [ 75.662092][ T5245] team0: Port device team_slave_1 added [ 75.667977][ T54] Bluetooth: hci1: command tx timeout [ 75.686502][ T5248] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.742034][ T5248] team0: Port device team_slave_0 added [ 75.761583][ T5246] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.769552][ T5246] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.795910][ T5246] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.808558][ T5245] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.815540][ T5245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.843316][ T5245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.844754][ T54] Bluetooth: hci2: command tx timeout [ 75.856765][ T5245] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.867341][ T5245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.893977][ T5245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.907970][ T54] Bluetooth: hci4: command tx timeout [ 75.908060][ T5252] Bluetooth: hci3: command tx timeout [ 75.925991][ T5248] team0: Port device team_slave_1 added [ 75.945082][ T5246] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.952509][ T5246] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.978924][ T5246] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.037438][ T5248] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.044745][ T5248] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.072058][ T5248] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.138940][ T5248] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.146051][ T5248] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.172627][ T5248] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.198923][ T5245] hsr_slave_0: entered promiscuous mode [ 76.205293][ T5245] hsr_slave_1: entered promiscuous mode [ 76.212313][ T5245] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.220093][ T5245] Cannot create hsr debugfs directory [ 76.247178][ T5246] hsr_slave_0: entered promiscuous mode [ 76.253736][ T5246] hsr_slave_1: entered promiscuous mode [ 76.260386][ T5246] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.268412][ T5246] Cannot create hsr debugfs directory [ 76.373066][ T5248] hsr_slave_0: entered promiscuous mode [ 76.379941][ T5248] hsr_slave_1: entered promiscuous mode [ 76.386998][ T5248] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.395869][ T5248] Cannot create hsr debugfs directory [ 76.463222][ T5237] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.516351][ T5237] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.558607][ T5237] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.570945][ T5237] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.686716][ T5242] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 76.717174][ T5242] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 76.746471][ T5242] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 76.757227][ T5242] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 76.814094][ T5246] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 76.840448][ T5246] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 76.864697][ T5246] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 76.900749][ T5246] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 76.946434][ T5245] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 76.971343][ T5245] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 76.984720][ T5245] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 77.018334][ T5245] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 77.113793][ T5237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.146585][ T5248] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 77.162204][ T5242] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.184545][ T5248] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 77.216234][ T5248] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 77.225927][ T5248] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 77.251773][ T5242] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.265033][ T5237] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.292265][ T140] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.299875][ T140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.342561][ T140] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.349867][ T140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.384746][ T140] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.391966][ T140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.402437][ T140] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.409739][ T140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.463133][ T5246] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.546341][ T5246] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.587181][ T140] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.594379][ T140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.669105][ T5252] Bluetooth: hci0: command tx timeout [ 77.675288][ T963] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.682621][ T963] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.725133][ T5248] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.749269][ T5252] Bluetooth: hci1: command tx timeout [ 77.773496][ T5245] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.835873][ T5248] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.861538][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.868719][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.890699][ T5245] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.908888][ T5252] Bluetooth: hci2: command tx timeout [ 77.915653][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.922897][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.956715][ T5246] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.984310][ T140] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.991684][ T140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.005502][ T5252] Bluetooth: hci3: command tx timeout [ 78.012252][ T54] Bluetooth: hci4: command tx timeout [ 78.032981][ T963] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.040160][ T963] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.065175][ T5242] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.115306][ T5237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.205470][ T5248] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.300881][ T5242] veth0_vlan: entered promiscuous mode [ 78.349757][ T5246] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.363716][ T5237] veth0_vlan: entered promiscuous mode [ 78.384398][ T5242] veth1_vlan: entered promiscuous mode [ 78.420811][ T5237] veth1_vlan: entered promiscuous mode [ 78.542221][ T5237] veth0_macvtap: entered promiscuous mode [ 78.562599][ T5242] veth0_macvtap: entered promiscuous mode [ 78.582672][ T5242] veth1_macvtap: entered promiscuous mode [ 78.591129][ T5237] veth1_macvtap: entered promiscuous mode [ 78.639234][ T5242] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.663112][ T5248] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.675607][ T5242] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.703866][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.716063][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.731285][ T5237] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.744340][ T5237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.756421][ T5237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.771792][ T5237] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.786364][ T5245] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.804048][ T5242] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.814778][ T5242] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.824998][ T5242] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.834353][ T5242] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.879768][ T5237] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.889446][ T5237] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.900522][ T5237] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.909756][ T5237] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.995993][ T5248] veth0_vlan: entered promiscuous mode [ 79.030955][ T5245] veth0_vlan: entered promiscuous mode [ 79.063644][ T5246] veth0_vlan: entered promiscuous mode [ 79.082179][ T5248] veth1_vlan: entered promiscuous mode [ 79.113106][ T5245] veth1_vlan: entered promiscuous mode [ 79.142586][ T5246] veth1_vlan: entered promiscuous mode [ 79.203677][ T4587] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.226709][ T4587] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.282695][ T5248] veth0_macvtap: entered promiscuous mode [ 79.283918][ T140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.297146][ T140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.304857][ T4587] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.319519][ T4587] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.337504][ T5246] veth0_macvtap: entered promiscuous mode [ 79.346308][ T5245] veth0_macvtap: entered promiscuous mode [ 79.376634][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.380861][ T5245] veth1_macvtap: entered promiscuous mode [ 79.387061][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.402508][ T5248] veth1_macvtap: entered promiscuous mode [ 79.442660][ T5246] veth1_macvtap: entered promiscuous mode [ 79.464242][ T5237] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 79.491162][ T5248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.502462][ T5248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.514872][ T5248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.525486][ T5248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.536787][ T5248] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.557421][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.569236][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.580617][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.593234][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.603281][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.614625][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.628851][ T5245] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.645197][ T5248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.669208][ T5248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.696854][ T5248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.719525][ T5248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.748564][ T54] Bluetooth: hci0: command tx timeout [ 79.757333][ T5248] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.828042][ T54] Bluetooth: hci1: command tx timeout [ 79.990375][ T5324] loop3: detected capacity change from 0 to 128 [ 80.003123][ T54] Bluetooth: hci2: command tx timeout [ 80.201652][ T54] Bluetooth: hci4: command tx timeout [ 80.201713][ T5252] Bluetooth: hci3: command tx timeout [ 80.265431][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.351556][ T5322] loop0: detected capacity change from 0 to 1024 [ 80.374500][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.410083][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.477424][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.489303][ T5322] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.533754][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.567988][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.582607][ T5245] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.604670][ T5246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.626735][ T5246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.648811][ T5246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.666822][ T5246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.690418][ T5246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.747280][ T5246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.765121][ T5246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.777202][ T5246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.801172][ T5246] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.824874][ T5248] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.834573][ T5248] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.838416][ T5237] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.844117][ T5248] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.861362][ T5248] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.459547][ T5245] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.513737][ T5245] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.570749][ T5245] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.586446][ T5245] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.597125][ T5335] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 81.612273][ T5246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.635068][ T5246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.658970][ T5246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.670034][ T5246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.680149][ T5246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.690803][ T5246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.700896][ T5246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.711866][ T5246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.726563][ T5246] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.768690][ T5335] Invalid ELF header type: 0 != 1 [ 81.812985][ T5246] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.825724][ T5335] Zero length message leads to an empty skb [ 81.829986][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 81.842547][ T54] Bluetooth: hci0: command tx timeout [ 81.853953][ T5246] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.864018][ T5246] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.873133][ T5246] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.908720][ T54] Bluetooth: hci1: command tx timeout [ 81.918431][ T5285] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 82.002680][ T140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.011371][ T140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.076369][ T54] Bluetooth: hci2: command tx timeout [ 82.083583][ T5285] usb 4-1: Using ep0 maxpacket: 16 [ 82.109946][ T5285] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 82.131474][ T5285] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 82.146488][ T5285] usb 4-1: New USB device found, idVendor=006b, idProduct=0101, bcdDevice= 0.40 [ 82.171740][ T4587] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.172258][ T5285] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.195324][ T5285] usb 4-1: Product: syz [ 82.200622][ T5285] usb 4-1: Manufacturer: syz [ 82.205550][ T5285] usb 4-1: SerialNumber: syz [ 82.216369][ T4587] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.229001][ T54] Bluetooth: hci4: command tx timeout [ 82.229011][ T5252] Bluetooth: hci3: command tx timeout [ 82.331920][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.340055][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.392905][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 82.543021][ T5285] usb 4-1: 0:2 : does not exist [ 82.580532][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.598025][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.625320][ T5285] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 82.711732][ T5285] usb 4-1: 5:0: cannot get min/max values for control 2 (id 5) [ 82.723533][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.769982][ T5285] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 82.795715][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.817652][ T5285] usb 4-1: 5:0: cannot get min/max values for control 4 (id 5) [ 82.923788][ T5285] usb 4-1: 5:0: cannot get min/max values for control 5 (id 5) [ 82.955116][ T5285] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 83.016692][ T140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.040082][ T5285] usb 4-1: 5:0: cannot get min/max values for control 8 (id 5) [ 83.073676][ T140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.210611][ T5285] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 83.310800][ T5285] usb 4-1: 5:0: cannot get min/max values for control 5 (id 5) [ 83.547116][ T5351] netlink: 16 bytes leftover after parsing attributes in process `syz.3.10'. [ 84.094262][ T5285] usb 4-1: USB disconnect, device number 2 [ 84.346766][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 84.384144][ T5361] netlink: 16 bytes leftover after parsing attributes in process `syz.2.13'. [ 84.409758][ T5240] udevd[5240]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 84.567611][ T5362] loop3: detected capacity change from 0 to 128 [ 84.606807][ T5365] netlink: 36 bytes leftover after parsing attributes in process `syz.2.14'. [ 84.655314][ T5362] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 85.425498][ T5373] loop1: detected capacity change from 0 to 2048 [ 85.435847][ T5373] udf: Unknown parameter 'T0jv [ 85.435847][ T5373] iǺtOa ;MU!nj*tysl] t *{~dsJR' [ 85.715752][ T5362] ext4 filesystem being mounted at /4/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 86.028664][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 86.038566][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 86.128193][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.238157][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 86.388426][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 86.669030][ T5242] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 87.257320][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 87.278094][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 87.286498][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 88.039003][ T25] cfg80211: failed to load regulatory.db [ 93.963129][ T5424] geneve0: entered promiscuous mode [ 94.234063][ T5252] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 94.318756][ T5252] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 94.339080][ T5252] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 94.354823][ T5252] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 94.365177][ T5252] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 94.376287][ T5252] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 94.733711][ T5430] misc userio: Invalid payload size [ 95.115722][ T29] audit: type=1326 audit(1729025853.811:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5435 comm="syz.1.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c6737dff9 code=0x7ffc0000 [ 95.178414][ T5437] loop2: detected capacity change from 0 to 64 [ 95.308167][ T29] audit: type=1326 audit(1729025853.811:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5435 comm="syz.1.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c6737dff9 code=0x7ffc0000 [ 95.393913][ T5425] chnl_net:caif_netlink_parms(): no params data found [ 95.416914][ T29] audit: type=1326 audit(1729025853.851:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5435 comm="syz.1.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3c6737dff9 code=0x7ffc0000 [ 95.635144][ T5437] syz.2.34: attempt to access beyond end of device [ 95.635144][ T5437] loop2: rw=34817, sector=39, nr_sectors = 30 limit=64 [ 95.768581][ T29] audit: type=1326 audit(1729025853.851:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5435 comm="syz.1.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c6737dff9 code=0x7ffc0000 [ 96.459543][ T29] audit: type=1326 audit(1729025853.851:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5435 comm="syz.1.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c6737dff9 code=0x7ffc0000 [ 96.483014][ T29] audit: type=1326 audit(1729025853.851:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5435 comm="syz.1.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3c6737dff9 code=0x7ffc0000 [ 96.506384][ T29] audit: type=1326 audit(1729025853.851:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5435 comm="syz.1.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c6737dff9 code=0x7ffc0000 [ 96.528855][ T29] audit: type=1326 audit(1729025853.851:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5435 comm="syz.1.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c6737dff9 code=0x7ffc0000 [ 96.551072][ T29] audit: type=1326 audit(1729025853.851:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5435 comm="syz.1.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3c6737dff9 code=0x7ffc0000 [ 96.574135][ T29] audit: type=1326 audit(1729025853.851:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5435 comm="syz.1.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c6737dff9 code=0x7ffc0000 [ 96.602776][ T5437] syz.2.34: attempt to access beyond end of device [ 96.602776][ T5437] loop2: rw=34817, sector=72, nr_sectors = 2 limit=64 [ 96.644068][ T5437] syz.2.34: attempt to access beyond end of device [ 96.644068][ T5437] loop2: rw=34817, sector=76, nr_sectors = 473 limit=64 [ 96.708047][ T54] Bluetooth: hci5: command tx timeout [ 96.853193][ T5452] loop1: detected capacity change from 0 to 8192 [ 96.860758][ T5452] ======================================================= [ 96.860758][ T5452] WARNING: The mand mount option has been deprecated and [ 96.860758][ T5452] and is ignored by this kernel. Remove the mand [ 96.860758][ T5452] option from the mount to silence this warning. [ 96.860758][ T5452] ======================================================= [ 98.840930][ T54] Bluetooth: hci5: command tx timeout [ 99.883905][ T5452] ================================================================== [ 99.892003][ T5452] BUG: KASAN: slab-use-after-free in bpf_trace_run2+0xfa/0x540 [ 99.899651][ T5452] Read of size 8 at addr ffff88807c10d418 by task syz.1.38/5452 [ 99.907310][ T5452] [ 99.909641][ T5452] CPU: 0 UID: 0 PID: 5452 Comm: syz.1.38 Not tainted 6.12.0-rc3-next-20241015-syzkaller #0 [ 99.919645][ T5452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 99.929727][ T5452] Call Trace: [ 99.933014][ T5452] [ 99.935953][ T5452] dump_stack_lvl+0x241/0x360 [ 99.940639][ T5452] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.945840][ T5452] ? __pfx__printk+0x10/0x10 [ 99.950439][ T5452] ? _printk+0xd5/0x120 [ 99.954697][ T5452] ? __virt_addr_valid+0x183/0x530 [ 99.959856][ T5452] ? __virt_addr_valid+0x183/0x530 [ 99.965257][ T5452] print_report+0x169/0x550 [ 99.969785][ T5452] ? __virt_addr_valid+0x183/0x530 [ 99.974921][ T5452] ? __virt_addr_valid+0x183/0x530 [ 99.980058][ T5452] ? __virt_addr_valid+0x45f/0x530 [ 99.985215][ T5452] ? __phys_addr+0xba/0x170 [ 99.989765][ T5452] ? bpf_trace_run2+0xfa/0x540 [ 99.994578][ T5452] kasan_report+0x143/0x180 [ 99.999130][ T5452] ? bpf_trace_run2+0xfa/0x540 [ 100.003942][ T5452] bpf_trace_run2+0xfa/0x540 [ 100.008561][ T5452] ? arch_do_signal_or_restart+0x51f/0x860 [ 100.014465][ T5452] ? __pfx_lock_release+0x10/0x10 [ 100.019491][ T5452] ? __pfx_bpf_trace_run2+0x10/0x10 [ 100.024695][ T5452] ? __might_fault+0xc6/0x120 [ 100.029371][ T5452] ? trace_sys_enter+0x9d/0x150 [ 100.034220][ T5452] __bpf_trace_sys_enter+0x38/0x60 [ 100.039331][ T5452] trace_sys_enter+0xd9/0x150 [ 100.044027][ T5452] syscall_trace_enter+0xf8/0x150 [ 100.049055][ T5452] do_syscall_64+0xcc/0x230 [ 100.053567][ T5452] ? clear_bhb_loop+0x35/0x90 [ 100.058257][ T5452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.064163][ T5452] RIP: 0033:0x7f3c67319959 [ 100.068730][ T5452] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 100.088563][ T5452] RSP: 002b:00007f3c68112840 EFLAGS: 00000293 ORIG_RAX: 000000000000000f [ 100.097911][ T5452] RAX: ffffffffffffffda RBX: 0000000000010000 RCX: 00007f3c67319959 [ 100.106258][ T5452] RDX: 00007f3c68112840 RSI: 00007f3c68112970 RDI: 0000000000000011 [ 100.114519][ T5452] RBP: 0000000020001240 R08: 0000000000000000 R09: 0000000000200554 [ 100.122512][ T5452] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000020001240 [ 100.130640][ T5452] R13: 00007f3c68112eb0 R14: 00000000000011f0 R15: 0000000020000b40 [ 100.138715][ T5452] [ 100.141753][ T5452] [ 100.144069][ T5452] Allocated by task 5457: [ 100.148405][ T5452] kasan_save_track+0x3f/0x80 [ 100.153208][ T5452] __kasan_kmalloc+0x98/0xb0 [ 100.157958][ T5452] __kmalloc_cache_noprof+0x243/0x390 [ 100.163414][ T5452] bpf_raw_tp_link_attach+0x2a0/0x6e0 [ 100.168805][ T5452] bpf_raw_tracepoint_open+0x177/0x1f0 [ 100.174275][ T5452] __sys_bpf+0x3c0/0x810 [ 100.178546][ T5452] __x64_sys_bpf+0x7c/0x90 [ 100.182974][ T5452] do_syscall_64+0xf3/0x230 [ 100.187480][ T5452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.193389][ T5452] [ 100.195706][ T5452] Freed by task 0: [ 100.199417][ T5452] kasan_save_track+0x3f/0x80 [ 100.204116][ T5452] kasan_save_free_info+0x40/0x50 [ 100.209152][ T5452] __kasan_slab_free+0x59/0x70 [ 100.213925][ T5452] kfree+0x1a0/0x460 [ 100.217840][ T5452] rcu_core+0xaaa/0x17a0 [ 100.222107][ T5452] handle_softirqs+0x2c5/0x980 [ 100.226899][ T5452] __irq_exit_rcu+0xf4/0x1c0 [ 100.232115][ T5452] irq_exit_rcu+0x9/0x30 [ 100.236385][ T5452] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 100.242060][ T5452] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 100.248145][ T5452] [ 100.250845][ T5452] Last potentially related work creation: [ 100.256578][ T5452] kasan_save_stack+0x3f/0x60 [ 100.261462][ T5452] __kasan_record_aux_stack+0xac/0xc0 [ 100.266879][ T5452] call_rcu+0x167/0xa70 [ 100.271144][ T5452] bpf_link_release+0x78/0x90 [ 100.275850][ T5452] __fput+0x23c/0xa50 [ 100.279833][ T5452] task_work_run+0x24f/0x310 [ 100.284435][ T5452] get_signal+0x15e8/0x1740 [ 100.288945][ T5452] arch_do_signal_or_restart+0x96/0x860 [ 100.294507][ T5452] syscall_exit_to_user_mode+0xc9/0x370 [ 100.300158][ T5452] do_syscall_64+0x100/0x230 [ 100.304769][ T5452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.310688][ T5452] [ 100.313082][ T5452] The buggy address belongs to the object at ffff88807c10d400 [ 100.313082][ T5452] which belongs to the cache kmalloc-128 of size 128 [ 100.327663][ T5452] The buggy address is located 24 bytes inside of [ 100.327663][ T5452] freed 128-byte region [ffff88807c10d400, ffff88807c10d480) [ 100.341494][ T5452] [ 100.343816][ T5452] The buggy address belongs to the physical page: [ 100.350237][ T5452] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c10d [ 100.359002][ T5452] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 100.366134][ T5452] page_type: f5(slab) [ 100.370123][ T5452] raw: 00fff00000000000 ffff88801ac41a00 dead000000000122 0000000000000000 [ 100.378707][ T5452] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 100.387288][ T5452] page dumped because: kasan: bad access detected [ 100.393725][ T5452] page_owner tracks the page as allocated [ 100.399642][ T5452] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5425, tgid 5425 (syz-executor), ts 96825364121, free_ts 96364124450 [ 100.419386][ T5452] post_alloc_hook+0x1f3/0x230 [ 100.424162][ T5452] get_page_from_freelist+0x3123/0x3270 [ 100.429724][ T5452] __alloc_pages_noprof+0x292/0x710 [ 100.434924][ T5452] alloc_slab_page+0x59/0x120 [ 100.439630][ T5452] allocate_slab+0x5a/0x2f0 [ 100.444333][ T5452] ___slab_alloc+0xcd1/0x14b0 [ 100.449111][ T5452] __slab_alloc+0x58/0xa0 [ 100.453456][ T5452] __kmalloc_node_noprof+0x2ee/0x4d0 [ 100.458927][ T5452] allocate_slab+0xb6/0x2f0 [ 100.463436][ T5452] ___slab_alloc+0xcd1/0x14b0 [ 100.468120][ T5452] __slab_alloc+0x58/0xa0 [ 100.472540][ T5452] __kmalloc_cache_noprof+0x27b/0x390 [ 100.477932][ T5452] alloc_netdev_mqs+0xbb9/0x1020 [ 100.482910][ T5452] rtnl_create_link+0x2f9/0xc20 [ 100.487896][ T5452] rtnl_newlink+0x1423/0x20a0 [ 100.492688][ T5452] rtnetlink_rcv_msg+0x73f/0xcf0 [ 100.498010][ T5452] page last free pid 5447 tgid 5443 stack trace: [ 100.504481][ T5452] free_unref_folios+0xf12/0x18d0 [ 100.509974][ T5452] folios_put_refs+0x76c/0x860 [ 100.514857][ T5452] free_pages_and_swap_cache+0x5c8/0x690 [ 100.520644][ T5452] tlb_flush_mmu+0x3a3/0x680 [ 100.525418][ T5452] tlb_finish_mmu+0xd4/0x200 [ 100.530124][ T5452] exit_mmap+0x496/0xc40 [ 100.534367][ T5452] __mmput+0x115/0x390 [ 100.538530][ T5452] exit_mm+0x220/0x310 [ 100.542611][ T5452] do_exit+0x9b2/0x28e0 [ 100.546773][ T5452] do_group_exit+0x207/0x2c0 [ 100.551363][ T5452] get_signal+0x16a3/0x1740 [ 100.555869][ T5452] arch_do_signal_or_restart+0x96/0x860 [ 100.561419][ T5452] syscall_exit_to_user_mode+0xc9/0x370 [ 100.567009][ T5452] do_syscall_64+0x100/0x230 [ 100.571614][ T5452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.577528][ T5452] [ 100.579849][ T5452] Memory state around the buggy address: [ 100.585580][ T5452] ffff88807c10d300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 100.593640][ T5452] ffff88807c10d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 100.601697][ T5452] >ffff88807c10d400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 100.609753][ T5452] ^ [ 100.614616][ T5452] ffff88807c10d480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 100.622699][ T5452] ffff88807c10d500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 100.630771][ T5452] ================================================================== [ 100.640233][ T5452] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 100.647467][ T5452] CPU: 0 UID: 0 PID: 5452 Comm: syz.1.38 Not tainted 6.12.0-rc3-next-20241015-syzkaller #0 [ 100.657458][ T5452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 100.667520][ T5452] Call Trace: [ 100.670818][ T5452] [ 100.673774][ T5452] dump_stack_lvl+0x241/0x360 [ 100.678472][ T5452] ? __pfx_dump_stack_lvl+0x10/0x10 [ 100.683681][ T5452] ? __pfx__printk+0x10/0x10 [ 100.688294][ T5452] ? vscnprintf+0x5d/0x90 [ 100.692647][ T5452] panic+0x349/0x880 [ 100.696569][ T5452] ? check_panic_on_warn+0x21/0xb0 [ 100.701697][ T5452] ? __pfx_panic+0x10/0x10 [ 100.706135][ T5452] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 100.712045][ T5452] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 100.717960][ T5452] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 100.724307][ T5452] ? print_report+0x502/0x550 [ 100.729013][ T5452] check_panic_on_warn+0x86/0xb0 [ 100.733964][ T5452] ? bpf_trace_run2+0xfa/0x540 [ 100.738768][ T5452] end_report+0x77/0x160 [ 100.743045][ T5452] kasan_report+0x154/0x180 [ 100.747735][ T5452] ? bpf_trace_run2+0xfa/0x540 [ 100.752511][ T5452] bpf_trace_run2+0xfa/0x540 [ 100.757113][ T5452] ? arch_do_signal_or_restart+0x51f/0x860 [ 100.763037][ T5452] ? __pfx_lock_release+0x10/0x10 [ 100.768084][ T5452] ? __pfx_bpf_trace_run2+0x10/0x10 [ 100.773322][ T5452] ? __might_fault+0xc6/0x120 [ 100.778027][ T5452] ? trace_sys_enter+0x9d/0x150 [ 100.782896][ T5452] __bpf_trace_sys_enter+0x38/0x60 [ 100.788030][ T5452] trace_sys_enter+0xd9/0x150 [ 100.792719][ T5452] syscall_trace_enter+0xf8/0x150 [ 100.797756][ T5452] do_syscall_64+0xcc/0x230 [ 100.802369][ T5452] ? clear_bhb_loop+0x35/0x90 [ 100.807083][ T5452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.813025][ T5452] RIP: 0033:0x7f3c67319959 [ 100.817476][ T5452] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 100.837108][ T5452] RSP: 002b:00007f3c68112840 EFLAGS: 00000293 ORIG_RAX: 000000000000000f [ 100.845547][ T5452] RAX: ffffffffffffffda RBX: 0000000000010000 RCX: 00007f3c67319959 [ 100.853533][ T5452] RDX: 00007f3c68112840 RSI: 00007f3c68112970 RDI: 0000000000000011 [ 100.861513][ T5452] RBP: 0000000020001240 R08: 0000000000000000 R09: 0000000000200554 [ 100.869499][ T5452] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000020001240 [ 100.877484][ T5452] R13: 00007f3c68112eb0 R14: 00000000000011f0 R15: 0000000020000b40 [ 100.885518][ T5452] [ 100.888834][ T5452] Kernel Offset: disabled [ 100.893166][ T5452] Rebooting in 86400 seconds..