last executing test programs: 19.559079068s ago: executing program 0 (id=133): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x80340, 0x0) read$FUSE(r2, &(0x7f0000000640)={0x2020}, 0x2020) 17.238845644s ago: executing program 0 (id=136): unshare(0x42000000) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @local}, {0x0, 0x17c1, 0x8}}}}}, 0x0) close(r3) socket(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x2a) 8.70695902s ago: executing program 0 (id=154): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='task_rename\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='task_rename\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r4}, &(0x7f00000004c0), &(0x7f0000000540)=r3}, 0x20) 8.410504006s ago: executing program 0 (id=158): bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x7fff, 0x0, 0x1}}, 0x40) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x6, 0x4, 0x8, 0x8}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001010000850000001500000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0xfeff, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b00)={r1, 0xe0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000002c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0xd9, &(0x7f0000000900)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000940), &(0x7f0000000980), 0x8, 0xd8, 0x8, 0x8, &(0x7f00000009c0)}}, 0x10) eventfd(0xfffffff9) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000500)=0xc) capset(&(0x7f0000000280)={0x20071026, r3}, &(0x7f0000000340)={0x3, 0x0, 0x0, 0x0, 0x0, 0x20}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_open_dev$tty1(0xc, 0x4, 0x3) 8.070754422s ago: executing program 2 (id=162): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10002, 0x9, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r1}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r2}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r3, 0x1, 0x1d, &(0x7f00000001c0), 0x4) 7.6907205s ago: executing program 2 (id=163): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000900)=ANY=[@ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000700)=r3}, 0x20) sendmsg$inet(r2, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x4040086) 5.437216014s ago: executing program 2 (id=165): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={[], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) chdir(0x0) r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r3, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x20, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x17b, 0x4c801}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MLD_VERSION={0x5, 0x2c, 0x5}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20044081}, 0x20040844) 4.503079062s ago: executing program 1 (id=168): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) bpf$ENABLE_STATS(0x20, 0x0, 0x0) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 4.346847195s ago: executing program 3 (id=169): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10002, 0x9, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc00000000000000", @ANYRES32, @ANYBLOB='\x00\x00#\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400"], 0x50) 4.308909866s ago: executing program 1 (id=170): lseek(0xffffffffffffffff, 0xfffffffffffffff9, 0x3) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYRES8=r0, @ANYRES32=r1], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f00000003c0)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000700000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xe02, 0x1c0) r7 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) sendfile(r7, r6, 0x0, 0x3a) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r8 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r8, &(0x7f00000001c0), 0x12) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) 2.972289082s ago: executing program 1 (id=171): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x5, 0x1, 0x8e, 0xe7c9, 0x1}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32=0x0, @ANYRES32], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18) bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xe30a, r0}, 0x38) 2.923924473s ago: executing program 0 (id=172): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x240000, &(0x7f0000000a80)={[{@minixdf}, {@grpid}, {@journal_path={'journal_path', 0x3d, '\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/'}}, {@data_journal}, {@norecovery}, {@commit={'commit', 0x3d, 0x5}}, {@journal_async_commit}, {@data_writeback}, {@jqfmt_vfsv0}, {@noload}], [{@mask={'mask', 0x3d, '^MAY_READ'}}, {@obj_type={'obj_type', 0x3d, 'PQ]\'\xfa7\x87\xc3W\xe7\xf6\xcc0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$key(0xf, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000400)={'syztnl2\x00', &(0x7f0000000600)={'syztnl0\x00', r6, 0x29, 0x4, 0x9, 0x0, 0x1e, @private2, @loopback, 0x20, 0x8000, 0x6, 0x8}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000740)={'syztnl0\x00', &(0x7f00000006c0)={'ip6gre0\x00', 0x0, 0x2f, 0xf, 0x4, 0x7, 0x4, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8000, 0x7800, 0x7, 0x7}}) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000780)={0x0, @multicast1, @initdev}, &(0x7f00000007c0)=0xc) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000880)={r1, 0x58, &(0x7f0000000800)}, 0x10) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000940)={'ip_vti0\x00', &(0x7f00000008c0)={'gre0\x00', 0x0, 0x1, 0x80, 0x0, 0x2, {{0x9, 0x4, 0x1, 0x2a, 0x24, 0x65, 0x0, 0x28, 0x29, 0x0, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0xb, 0x9c, [@private=0xa010100, @broadcast]}, @noop]}}}}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000980)={@dev}, &(0x7f00000009c0)=0x14) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000c80)={'erspan0\x00', 0x0}) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000d00)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0}, 0x81) sendmsg$key(r5, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c16ad803f1f805000600200000000a00060000000000ff0000009061ca2b00001fffff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmmsg(r5, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0xfffffffd, 0x0) socket$inet(0xa, 0x1, 0x0) getsockopt$netlink(r0, 0x10e, 0x8, 0x0, &(0x7f00000001c0)) 2.854673595s ago: executing program 3 (id=173): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x240000, &(0x7f0000000a80)={[{@minixdf}, {@grpid}, {@journal_path={'journal_path', 0x3d, '\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/'}}, {@data_journal}, {@norecovery}, {@commit={'commit', 0x3d, 0x5}}, {@journal_async_commit}, {@data_writeback}, {@jqfmt_vfsv0}, {@noload}], [{@mask={'mask', 0x3d, '^MAY_READ'}}, {@obj_type={'obj_type', 0x3d, 'PQ]\'\xfa7\x87\xc3W\xe7\xf6\xcc0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$key(0xf, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000400)={'syztnl2\x00', &(0x7f0000000600)={'syztnl0\x00', r6, 0x29, 0x4, 0x9, 0x0, 0x1e, @private2, @loopback, 0x20, 0x8000, 0x6, 0x8}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000740)={'syztnl0\x00', &(0x7f00000006c0)={'ip6gre0\x00', 0x0, 0x2f, 0xf, 0x4, 0x7, 0x4, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8000, 0x7800, 0x7, 0x7}}) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000780)={0x0, @multicast1, @initdev}, &(0x7f00000007c0)=0xc) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000880)={r1, 0x58, &(0x7f0000000800)}, 0x10) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000940)={'ip_vti0\x00', &(0x7f00000008c0)={'gre0\x00', 0x0, 0x1, 0x80, 0x0, 0x2, {{0x9, 0x4, 0x1, 0x2a, 0x24, 0x65, 0x0, 0x28, 0x29, 0x0, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0xb, 0x9c, [@private=0xa010100, @broadcast]}, @noop]}}}}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000980)={@dev}, &(0x7f00000009c0)=0x14) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000c80)={'erspan0\x00', &(0x7f0000000a00)={'ip_vti0\x00', 0x0, 0x20, 0x700, 0x6, 0x0, {{0xb, 0x4, 0x0, 0x5, 0x2c, 0x64, 0x0, 0x80, 0x4, 0x0, @remote, @private=0xa010100, {[@ra={0x94, 0x4}, @generic={0x88, 0x2}, @lsrr={0x83, 0xf, 0xbd, [@dev={0xac, 0x14, 0x14, 0x42}, @loopback, @loopback]}, @end]}}}}}) sendmsg$nl_route_sched_retired(0xffffffffffffffff, 0x0, 0x81) sendmsg$key(r5, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c16ad803f1f805000600200000000a00060000000000ff0000009061ca2b00001fffff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmmsg(r5, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0xfffffffd, 0x0) socket$inet(0xa, 0x1, 0x0) getsockopt$netlink(r0, 0x10e, 0x8, 0x0, &(0x7f00000001c0)) 951.087332ms ago: executing program 0 (id=174): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) readv(r2, &(0x7f0000001340)=[{&(0x7f0000000580)=""/148, 0x94}], 0x1) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5], 0x48}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x2c, 0x24, 0x200, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0x2}}, [@TCA_INGRESS_BLOCK={0x8}]}, 0x2c}}, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000fb"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r6, @ANYBLOB], 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@gettclass={0x24, 0x2a, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}}}, 0x24}}, 0x0) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r8}, &(0x7f0000000200), &(0x7f0000000240)='%-010d \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r8}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r9}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000"], 0x48) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0xf0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) 838.377394ms ago: executing program 1 (id=175): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='hrtimer_start\x00', r1}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r2}, 0x10) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) 782.840935ms ago: executing program 3 (id=176): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x4d, 0x1, 0x3}, {0x61}, {}, {}, {0x6}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x6}, 0x18) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) 519.4285ms ago: executing program 3 (id=177): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_freezer_state(r1, &(0x7f0000000380), 0x2, 0x0) r2 = openat$cgroup_freezer_state(r1, &(0x7f0000002b00), 0x2, 0x0) close(r2) 508.64102ms ago: executing program 1 (id=178): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x68001, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) 327.444124ms ago: executing program 3 (id=179): socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000000080)={0x0, 0xfff4, &(0x7f0000000300)=[{&(0x7f0000000040)="fb", 0x1}], 0x1}, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r3}, 0x18) recvmsg(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1}, 0x40fd) 326.327124ms ago: executing program 2 (id=180): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000580)='kfree\x00', r1}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000001880)={r2}, 0xc) 98.877999ms ago: executing program 2 (id=181): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000140)=ANY=[@ANYBLOB="61106500000000009500000000000000"], &(0x7f0000000200)='GPL\x00'}, 0x80) 98.505909ms ago: executing program 3 (id=182): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffbfff, 0x1, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xa, 0x3, &(0x7f0000001500)=ANY=[@ANYBLOB="850000002200000007000000000000089500000000000000e26c9bd1a6361b80cdd6ff0700000000000869045aac0000659f55df08f9b90788ff7f00000010000029c21ebbcde61d8ab5920aef6c3e007fe61241638962cf0b89ef506cfd3f1d4163d3cfca3733b30070a7cf53021a9554320000000000000014569d65e33d46f8d8ae24ba69c657afac04379cb536008c219991704f11c5a01ba62ed8f2c6a503dd1b1d076f03b0f917c766f3a7598bbc00feb3bc8e88f79df517b37b56bcbc290080000000000000e675458a43b8a8935bf9cf0be7d0aeaac41405e341cd0ba0d6fd562489dad595712a4051bb6cf826ab757193fe093b8b3353fbbb278d19000000000000007b61805ed430ef06000000000000001e93f640f159320c8b088f4d64977b2eb312d4967aff9e4c14c66c90000054ed82c7cba4c81f91d6dfed18767bf0df584b4b6c4204df411f921e3aa02a67dd324b8176020e9c024751df38c05727f82c92046bfe64babb6d7ba86526b7886a0c2481c5812812a6fa3fca3758cbd8c32b25c28be225bd1f16297baa065f5bf96330fad0aaa4388c06c0eb2ecdf829af9577fcd868cc269b740000b777d73a63246ce6f0467167626329ab91df7a13d9ec9a64e7f6b56aeab8c38f69a213c96e2d2ad7978c9d721c270f27e7025d576535198742d403ec43572d7d0baf00e882617b260627805ca44200335ea4363066944d0aa6feb9705b09ba40d4642519281151f875cbf13a582f90ad719f0eccf02a473dd508a16138904933689ea6ee02412064730700aeff2b69c2f2bf6f691c3560e068743ae8e8771280da61fd8fdc3f7a35ea352e35753c59ebc1bd27ab6603e6afb1b3f057fbb7ed3aabe702b3c6301d3f5c295d1d69d1541d0e64631c95d6c0999e27e8d1a58f6a00f19102d2bfaf53f25a45637b1c577ae50c4c56d9abc40c64a20c14ff0b1bf4d23fe07ae90f503ba9c64bf89b26e7d8d70710b04f9ece69023acadbb4582272e5b3a0429a5675e5a9554de54945d9a270180e0545b0c824ad36f7cc8be12b3874d5a19349b0ede845e9ece24d546d3af1bae069b89f6ecf2aabb17eb1840bc8e0ed1dd8b9b7eeaf32a185d80250a7f2eeb756eadafe20bbc616bc44b347abc8caf722b2c3b06884c1d1690f23b06fa4541bb2a81073b452764f04bd39008b65ee222cf697ac21b087548e9708dffaff2859e973b1e88668c8022cc6dac8548167e5798ec9c7d288a7fa7749f07513187cd8f060abbbc5e37dd1be3aab927be1b409be733b7408534e5b0951e9ecfd0a1c77e3a29be4c4093330124615056e3ce0ce6ac91b1242d3bb2e787a186dc2ec284d60e9d8a03884a22eeaa1efa497ee88c6cb565b164a260afb5157e392b1ebb1a4d4f992011ecbac4a0a6df5bdc6f7994a422bb2761edd2d8f20f5f879a88f89d48b8314f862585e4b7a9d6a6681f40e8b82cc6555dcdb951d164cc9a70e640ac8974faa2587a6e3af3b9458f7d4b4077b3002536b10ea24d73307a33090c4c270909a5322eac32cb175e68fa83457b21465c08c02dcefccc0c714c2862ddbe567755f05a1e671328d160d3752345ca1db6e74c720e42afca982ba6befd96c5575f1dd8f87ff6606301c0000000000000000000000000000000000000004d0d54b4caf78018766cdb971e8b168d4763c21181f00000003d4e1d842caf457797f93db93e4f38a9dbd79f6bf5dc40b55fdbf9b856665061b2e2924f27eb2d2b5a181ccfd9eeb11dec165b6f12433f00bb06124041ffdcdcdc91f3b3b76635a689c9249cf69bcae654bfa81e75b7c7002b883c56026d83520395b7d511f607cf2f899c7b1c75e2192f775d72247167285857588ace1115fbebfe63c16b84cf7036d41c493a63c09f2ce46c1f5995c2d7fe58c15e64bb4cb7e7f336cc22fa1ea1363bce375bd3d579be1dddb08ed5147b629e4b3f0e65783ee5e20d9270802f2a7500738bf356131ca53e9d7ba8d486fb26252d684b84fa24639089064ca7b93057c041f12d544dab4d24a4f952b4f265a69ba279929959991b7ac63786055b3c029a0e8b6e4c26497c029bb61462623a58556cd62844d4d23cc738ee5b36c71d2c010b089251d5806000b1ade92dd9f441468967c052aecd9de81b4b55d06670597991f37ddc4fa19a6369d5bf76c474633a337f676ad255869881da5cadcf49ce9188129cc978977f87b32bd49457536430ffbd3e01e67ff087644f52fcf0a3c732b0586cb87972c43d2616bf4e521dc3126bf1760243d51a197d3ecfd74bd625e9f496175cfeaaa020817d33d513f3e97854ea76e04e96a8639a297871485a8609f8ca842b3321932c4d9e224a0cec5946cec9e359fd3687415cad5fb8c678136f36d9f781fade9f2469477748f4dfa0f56c326c89bb5d07f35aaf95303b5a620fc84e1c735647895713cbcea57b2277831f8f633f0d29371e645e5544e57010a9b76457f6ad73231a9f31f6bbb1b95248aeda5a9df9dea64cc1fd1f06a980fcf3a792bb0910e45fce298ab0a0298fc33a423e860d5b308d7849381b294106af25f15fec047d5b844a99f36e342165df728e381b48c20e0900f8d265157467d3494f2b96acf060f74084760d226f50edb115c2e075f3c663a4b4169b900fa0a13cf796e0d7a9dad86953c13ed6241206d682e194c64c491de6a531e9bd45abe705f07000a82ccd41a2c1b9d5dd8bf6c28653eb84f117e476e052a9db790e0a71dac9d8b343efebdc026860000000000000000000000000000aad579302085dfdf75bea24798c680b3de341e3bd57543cd8dfd58bcebdbb883c743ed43ba7f540f2c4e0310c21e7deff9e45b8bd2cf65bb584091b8e80e34b3e59185fe32d1d73dd4f62712a39b13661516723b6b80a7e99e5aa6536982c02275fc53fa3ef14d9fccb05f9c4e69a3af0fde863af2d9a0f8a94fc571b0ab4ad714f41fa4ee0b8b44e3c41a3125be95e4b23d5f05395852761bfaebe0db979d5f3991d826cc74542b85cfd0dba66bc93cfd79178ab0b79fa3b29ff9c19e0424513c91980187c9d94b8354337a1fc782505db900c47d83bd49276cfe6e242ba8365b1ea4598a21f50f5415a70990b5bb4a1f6bd8acdf2c7da3d648754767089c9b5ceb556fafa3cc5afd2f3e9a62a90262a76ff89a2751b59a744f0d3f36ca503357daa3e29ce6f357dc1e4839277d003e93fdbb955e1a1302a76aea7e73835094fb15464e94e814c77c293121d0433e80d444c4ca17abaf32b521d8686666055da023aef9c8df3e80d2ed640ed10aa19a036dcef172dbd3b3600b69d7b90c6222e167d7c76059f2b5f3b3004e8a20d1f6612efeb629573be97aa949c6016e7e16283e84986aaa4fc8a098708ebe36f377ada63d9b464c39342e0682549862de3ec75e7b031bc49f341a21417fb6375e8701481b59d1722c836961804666801678eb25750b520bf1615a4bbf30aa74d60ec6b657f2dd298b0419da43fc708a60c94a7ff2fd6a2d08005ad73c9e2d6143d2857be8fb3f12bfa6628bccb153e39172d07563d6a1dc75c347c08060304f091230bd74b49ecdd13bf480db3984622a167c8603b8c501280059a7b6123c8f8cd217f64eccc2dffe4f3a1e8c9a96a13d8126f3ea26779fbd0069d729a7764d4ddd7d9d820b0de2530969362b94b974678527f5bac7eb8d6e321b2be0b2f7534634a5ecd1248d7ad7e8e03163e92e9f1d620e28597bd881eea0981e8adfd70b670b0763ce9226f7c3e156b353e22fdea6942b577bbc539aab23cbd46bdd0ea1e67140c759f208c12dc57f3100000000e4965fcb6c0749955eac9476687e63b41c6282bbcb0c3d8b0c9493a3a5f6d879d7257b4b68dc7cac3d9d5f5bbe937c501866ee4042b250e516ec074559e1e551167138766eeecb6941e8305d9cde1800c821536f9d25bd14163890842a08135bdb7a90db630b18f099855a7d9de65c80fa71ff90e873361d0e11a7dfebe56ffb2000b711a0b7914d6351ff60593e48af60e1ffecba7cd6f8ab662eb3c8f3164139e994d6a706afb92722595d649a04f1ff64e5634e7cb9106173a9d5d8cf3e5a959e6bfdc1b6507b851c4ba43312726cfec58dedece1355a087c1b60882713a6161914f09267e2ce8aa886b3c0add5cd92e185d345c9b2933a78a4215133e8e7247fa444aee30bfb6c0fcada974254bc5feda6cee9a0803b2a0b81f440202ed5f278e4cf06565370893e7481efdfbc49b118eb17ba0104000000000000b342fdef64b143b525daae4e27e7368f913e6111bb5329b8b133d03cc34d736d22ba139b03b7fc83ac49f2dfc915a2f27e2eac8dc2a6ba72e6bdd423b3555b6e1bd4896b4c946a4500e0a42340700b93bca902e02f744ceb51534f1fb9fa87f850a6c6eed76f7376e2a7e72d3a64a82720ded8f0ce31b1de3561362e975ed32a7167d9e0ad3f2a77f7a10c1614a9ba938a98da2976cb1a0d049446e67073c9a1a38ecc881c693a524c5291f89677de9fe904c752e450eba71d2f32805501d0df5b4a41123233554bdc35b562d9f5a2a026a3b40fc7c9a8546fc8d8310a9876114ffd7dfb909656d54c31bbb655af54bbeeb0174e451ceb7b35e5bd1ac15792ff474abcde8353fe0de700b110a00305ff77c133181688a62a49cff6db4cb4a5a90d40d35e927d216435df804b8bd6033a7ce49f11491f752fefa99e9c54428b725486291490d311b13eb02d14a0ae56733141a8dc6d51e351000000000000009f384a63b97d00"/3400], &(0x7f0000014ff5)='GPL\x00', 0x2, 0x103a, &(0x7f0000014000)=""/4096, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2a3}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r3, 0x3a, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffd}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000004c0), 0x5, r2}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='timer_start\x00', r4}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) 38.12421ms ago: executing program 1 (id=183): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x240000, &(0x7f0000000a80)={[{@minixdf}, {@grpid}, {@journal_path={'journal_path', 0x3d, '\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/'}}, {@data_journal}, {@norecovery}, {@commit={'commit', 0x3d, 0x5}}, {@journal_async_commit}, {@data_writeback}, {@jqfmt_vfsv0}, {@noload}], [{@mask={'mask', 0x3d, '^MAY_READ'}}, {@obj_type={'obj_type', 0x3d, 'PQ]\'\xfa7\x87\xc3W\xe7\xf6\xcc0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$key(0xf, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000400)={'syztnl2\x00', &(0x7f0000000600)={'syztnl0\x00', r6, 0x29, 0x4, 0x9, 0x0, 0x1e, @private2, @loopback, 0x20, 0x8000, 0x6, 0x8}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000740)={'syztnl0\x00', &(0x7f00000006c0)={'ip6gre0\x00', 0x0, 0x2f, 0xf, 0x4, 0x7, 0x4, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8000, 0x7800, 0x7, 0x7}}) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000780)={0x0, @multicast1, @initdev}, &(0x7f00000007c0)=0xc) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000880)={r1, 0x58, &(0x7f0000000800)}, 0x10) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000940)={'ip_vti0\x00', &(0x7f00000008c0)={'gre0\x00', 0x0, 0x1, 0x80, 0x0, 0x2, {{0x9, 0x4, 0x1, 0x2a, 0x24, 0x65, 0x0, 0x28, 0x29, 0x0, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0xb, 0x9c, [@private=0xa010100, @broadcast]}, @noop]}}}}}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000980)={@dev}, &(0x7f00000009c0)=0x14) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000c80)={'erspan0\x00', 0x0}) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000d00)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0}, 0x81) sendmsg$key(r5, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c16ad803f1f805000600200000000a00060000000000ff0000009061ca2b00001fffff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmmsg(r5, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0xfffffffd, 0x0) socket$inet(0xa, 0x1, 0x0) getsockopt$netlink(r0, 0x10e, 0x8, 0x0, &(0x7f00000001c0)) 0s ago: executing program 2 (id=184): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r4}, 0x18) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.91' (ED25519) to the list of known hosts. [ 75.989909][ T5775] cgroup: Unknown subsys name 'net' [ 76.130496][ T5775] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 77.797583][ T5775] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.535993][ T5796] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.572616][ T5796] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.579508][ T5798] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.589457][ T5801] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.594867][ T5800] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.597014][ T5796] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.608577][ T5801] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.612447][ T5800] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.625831][ T5801] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.627313][ T5800] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.635047][ T5801] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.641412][ T5800] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.647510][ T5801] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.654811][ T5800] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 79.661986][ T5801] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 79.668421][ T5800] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.677181][ T5801] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.682447][ T5800] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.696176][ T5800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.704569][ T5796] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 79.713510][ T5800] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.721561][ T5800] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.731341][ T50] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 79.738799][ T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.202769][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 80.322922][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 80.382003][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 80.440485][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 80.514230][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.521579][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.529144][ T5784] bridge_slave_0: entered allmulticast mode [ 80.537399][ T5784] bridge_slave_0: entered promiscuous mode [ 80.587537][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.594818][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.603136][ T5784] bridge_slave_1: entered allmulticast mode [ 80.610193][ T5784] bridge_slave_1: entered promiscuous mode [ 80.617794][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.626162][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.633619][ T5785] bridge_slave_0: entered allmulticast mode [ 80.640646][ T5785] bridge_slave_0: entered promiscuous mode [ 80.689694][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.697102][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.705055][ T5785] bridge_slave_1: entered allmulticast mode [ 80.712294][ T5785] bridge_slave_1: entered promiscuous mode [ 80.770495][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.777836][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.786359][ T5787] bridge_slave_0: entered allmulticast mode [ 80.794021][ T5787] bridge_slave_0: entered promiscuous mode [ 80.817094][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.829709][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.852073][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.859414][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.867232][ T5787] bridge_slave_1: entered allmulticast mode [ 80.875041][ T5787] bridge_slave_1: entered promiscuous mode [ 80.897650][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.933254][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.940440][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.948100][ T5788] bridge_slave_0: entered allmulticast mode [ 80.955477][ T5788] bridge_slave_0: entered promiscuous mode [ 80.978716][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.991977][ T5785] team0: Port device team_slave_0 added [ 81.010565][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.018313][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.026301][ T5788] bridge_slave_1: entered allmulticast mode [ 81.034286][ T5788] bridge_slave_1: entered promiscuous mode [ 81.053661][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.066623][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.077883][ T5785] team0: Port device team_slave_1 added [ 81.155776][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.163295][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.189698][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.205471][ T5784] team0: Port device team_slave_0 added [ 81.214762][ T5784] team0: Port device team_slave_1 added [ 81.223489][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.235943][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.256534][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.264174][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.290329][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.334122][ T5787] team0: Port device team_slave_0 added [ 81.358369][ T5788] team0: Port device team_slave_0 added [ 81.379311][ T5787] team0: Port device team_slave_1 added [ 81.414618][ T5788] team0: Port device team_slave_1 added [ 81.427038][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.434511][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.460672][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.474201][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.481292][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.508214][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.557057][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.564868][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.590975][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.608892][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.615958][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.642987][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.674915][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.682462][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.708621][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.721685][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.728673][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.755539][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.755654][ T50] Bluetooth: hci0: command tx timeout [ 81.802458][ T5785] hsr_slave_0: entered promiscuous mode [ 81.809129][ T5785] hsr_slave_1: entered promiscuous mode [ 81.821323][ T50] Bluetooth: hci1: command tx timeout [ 81.822266][ T5793] Bluetooth: hci3: command tx timeout [ 81.827281][ T5796] Bluetooth: hci2: command tx timeout [ 81.858647][ T5787] hsr_slave_0: entered promiscuous mode [ 81.865555][ T5787] hsr_slave_1: entered promiscuous mode [ 81.872456][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.880440][ T5787] Cannot create hsr debugfs directory [ 81.979721][ T5784] hsr_slave_0: entered promiscuous mode [ 81.987168][ T5784] hsr_slave_1: entered promiscuous mode [ 81.993777][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.002593][ T5784] Cannot create hsr debugfs directory [ 82.032104][ T5788] hsr_slave_0: entered promiscuous mode [ 82.038524][ T5788] hsr_slave_1: entered promiscuous mode [ 82.044850][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.052541][ T5788] Cannot create hsr debugfs directory [ 82.452665][ T5785] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 82.471736][ T5785] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 82.485101][ T5785] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 82.495666][ T5785] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 82.582100][ T5787] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.593549][ T5787] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.604877][ T5787] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.616978][ T5787] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.723432][ T5784] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 82.741002][ T5784] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 82.760475][ T5784] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 82.770856][ T5784] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 82.892450][ T5788] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 82.903815][ T5788] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 82.915794][ T5788] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 82.927441][ T5788] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 82.945380][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.027294][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.047501][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.054928][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.070975][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.090823][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.098010][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.200263][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.226775][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.234023][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.274180][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.281385][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.319334][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.347300][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.394894][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.429768][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.437327][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.475424][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.482662][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.494944][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.527395][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.534626][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.578394][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.585667][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.822821][ T5796] Bluetooth: hci0: command tx timeout [ 83.835719][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.901552][ T5796] Bluetooth: hci2: command tx timeout [ 83.907031][ T5796] Bluetooth: hci1: command tx timeout [ 83.912959][ T50] Bluetooth: hci3: command tx timeout [ 83.969888][ T5785] veth0_vlan: entered promiscuous mode [ 84.004810][ T5785] veth1_vlan: entered promiscuous mode [ 84.140097][ T5785] veth0_macvtap: entered promiscuous mode [ 84.156153][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.187253][ T5785] veth1_macvtap: entered promiscuous mode [ 84.208422][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.231720][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.268581][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.287877][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.304011][ T5785] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.313700][ T5785] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.322614][ T5785] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.331794][ T5785] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.390127][ T5787] veth0_vlan: entered promiscuous mode [ 84.474174][ T5788] veth0_vlan: entered promiscuous mode [ 84.487150][ T5787] veth1_vlan: entered promiscuous mode [ 84.512529][ T5784] veth0_vlan: entered promiscuous mode [ 84.558825][ T2878] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.565361][ T5788] veth1_vlan: entered promiscuous mode [ 84.577140][ T2878] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.594451][ T5784] veth1_vlan: entered promiscuous mode [ 84.660062][ T2878] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.669186][ T2878] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.704063][ T5788] veth0_macvtap: entered promiscuous mode [ 84.719369][ T5787] veth0_macvtap: entered promiscuous mode [ 84.748099][ T5784] veth0_macvtap: entered promiscuous mode [ 84.779244][ T5787] veth1_macvtap: entered promiscuous mode [ 84.789767][ T5788] veth1_macvtap: entered promiscuous mode [ 84.804398][ T5784] veth1_macvtap: entered promiscuous mode [ 84.868935][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.884544][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.898006][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.913859][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.929110][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.940849][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.958736][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.970140][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.980432][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.994227][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.994524][ T5875] syz.1.2[5875]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 85.007081][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.032779][ T5787] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.045481][ T5787] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.046159][ T5875] loop1: detected capacity change from 0 to 1024 [ 85.054729][ T5787] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.054787][ T5787] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.090203][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.095260][ T5875] EXT4-fs: Ignoring removed bh option [ 85.121187][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.134251][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.136208][ T5875] EXT4-fs: inline encryption not supported [ 85.153533][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.165578][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.170943][ T5875] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 85.177081][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.201649][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.209345][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.222489][ T5875] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 85.231892][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.247833][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.257310][ T5875] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #3: block 2: comm syz.1.2: lblock 2 mapped to illegal pblock 2 (length 1) [ 85.260350][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.285116][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.285547][ T5875] Quota error (device loop1): qtree_write_dquot: dquota write failed [ 85.304656][ T5788] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.314888][ T5788] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.321570][ T5875] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #3: block 48: comm syz.1.2: lblock 0 mapped to illegal pblock 48 (length 1) [ 85.323707][ T5788] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.347060][ T5788] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.369008][ T5875] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 85.377251][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.389150][ T5875] EXT4-fs error (device loop1): ext4_acquire_dquot:6940: comm syz.1.2: Failed to acquire dquot type 0 [ 85.389589][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.413292][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.427110][ T5875] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 85.429516][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.447217][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.447339][ T5875] EXT4-fs error (device loop1): ext4_evict_inode:252: inode #11: comm syz.1.2: mark_inode_dirty error [ 85.459454][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.476211][ T5875] EXT4-fs warning (device loop1): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 85.484145][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.507465][ T5875] EXT4-fs (loop1): 1 orphan inode deleted [ 85.519109][ T5875] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.534418][ T3474] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 85.552341][ T5784] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.572005][ T5784] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.590012][ T5784] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.590074][ T3474] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 85.612077][ T3474] EXT4-fs error (device loop1): ext4_release_dquot:6976: comm kworker/u4:8: Failed to release dquot type 0 [ 85.615191][ T5784] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.703024][ T5875] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #3: block 48: comm syz.1.2: lblock 0 mapped to illegal pblock 48 (length 1) [ 85.759238][ T5875] Quota error (device loop1): v2_read_header: Failed header read: expected=8 got=-117 [ 85.894267][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.903240][ T5796] Bluetooth: hci0: command tx timeout [ 85.918602][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.971872][ T3474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.979783][ T3474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.985814][ T5796] Bluetooth: hci1: command tx timeout [ 85.992918][ T50] Bluetooth: hci3: command tx timeout [ 85.998375][ T50] Bluetooth: hci2: command tx timeout [ 86.020798][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.046070][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.123726][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.148039][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.178477][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.210437][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.395637][ T5883] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.493293][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.551968][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.999182][ T5891] loop0: detected capacity change from 0 to 1024 [ 88.217032][ T50] Bluetooth: hci0: command tx timeout [ 88.223036][ T5796] Bluetooth: hci2: command tx timeout [ 88.228852][ T5796] Bluetooth: hci3: command tx timeout [ 88.235802][ T5793] Bluetooth: hci1: command tx timeout [ 88.381054][ C0] sched: RT throttling activated [ 88.780805][ T5891] EXT4-fs: Ignoring removed i_version option [ 88.815263][ T5891] EXT4-fs: inline encryption not supported [ 88.845674][ T5891] EXT4-fs (loop0): Test dummy encryption mode enabled [ 88.907169][ T5891] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.079973][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.102446][ T5909] capability: warning: `syz.2.6' uses 32-bit capabilities (legacy support in use) [ 90.274376][ T5913] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 90.460848][ T27] audit: type=1326 audit(1758851397.268:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5915 comm="syz.2.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 90.556424][ T27] audit: type=1326 audit(1758851397.298:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5915 comm="syz.2.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=195 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 90.678603][ T27] audit: type=1326 audit(1758851397.298:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5915 comm="syz.2.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 90.829011][ T5922] loop3: detected capacity change from 0 to 1024 [ 90.869624][ T5922] ======================================================= [ 90.869624][ T5922] WARNING: The mand mount option has been deprecated and [ 90.869624][ T5922] and is ignored by this kernel. Remove the mand [ 90.869624][ T5922] option from the mount to silence this warning. [ 90.869624][ T5922] ======================================================= [ 90.969363][ T5922] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 90.990111][ T5922] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.675943][ T27] audit: type=1800 audit(1758851398.488:5): pid=5922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.10" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 92.169878][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.258247][ T23] cfg80211: failed to load regulatory.db [ 94.459393][ T5963] loop0: detected capacity change from 0 to 512 [ 94.480555][ T5963] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 96.402407][ T5967] process 'syz.2.22' launched './file0' with NULL argv: empty string added [ 96.995944][ T5971] kvm: vcpu 0: requested 3328 ns lapic timer period limited to 200000 ns [ 97.351563][ T5976] overlayfs: failed to clone upperpath [ 98.337018][ T5978] loop3: detected capacity change from 0 to 1024 [ 98.410216][ T5799] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 100.169930][ T5987] Zero length message leads to an empty skb [ 102.053695][ T5999] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 102.062543][ T5999] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 103.129386][ T6006] loop2: detected capacity change from 0 to 1024 [ 103.147608][ T6006] EXT4-fs: Ignoring removed bh option [ 103.176958][ T6006] EXT4-fs: inline encryption not supported [ 103.217704][ T6006] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 103.243235][ T6006] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 103.757893][ T6006] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 2: comm syz.2.33: lblock 2 mapped to illegal pblock 2 (length 1) [ 104.015947][ T6006] Quota error (device loop2): qtree_write_dquot: dquota write failed [ 104.051225][ T6006] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 48: comm syz.2.33: lblock 0 mapped to illegal pblock 48 (length 1) [ 104.148279][ T6006] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 104.171191][ T6006] EXT4-fs error (device loop2): ext4_acquire_dquot:6940: comm syz.2.33: Failed to acquire dquot type 0 [ 104.192472][ T6006] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 104.211815][ T6006] EXT4-fs error (device loop2): ext4_evict_inode:252: inode #11: comm syz.2.33: mark_inode_dirty error [ 104.234081][ T6006] EXT4-fs warning (device loop2): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 104.254947][ T6006] EXT4-fs (loop2): 1 orphan inode deleted [ 104.272917][ T6006] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.388919][ T5895] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 104.481104][ T5895] Quota error (device loop2): remove_tree: Can't read quota data block 1 [ 104.489629][ T5895] EXT4-fs error (device loop2): ext4_release_dquot:6976: comm kworker/u4:9: Failed to release dquot type 0 [ 104.507181][ T6006] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 1: comm syz.2.33: lblock 1 mapped to illegal pblock 1 (length 1) [ 104.588270][ T6014] syz.3.34[6014] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.589059][ T6014] syz.3.34[6014] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.187423][ T6006] Quota error (device loop2): find_next_id: Can't read quota tree block 1 [ 106.646866][ T6018] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 107.037635][ T6019] wg2: entered promiscuous mode [ 107.042728][ T6019] wg2: entered allmulticast mode [ 108.654094][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.681499][ T5788] EXT4-fs error (device loop2): __ext4_get_inode_loc:4483: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 108.712941][ T5788] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 108.745882][ T5788] EXT4-fs error (device loop2): ext4_quota_off:7224: inode #3: comm syz-executor: mark_inode_dirty error [ 109.528367][ T23] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 109.544999][ T6031] loop3: detected capacity change from 0 to 1024 [ 109.610504][ T5799] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 110.297716][ T23] usb 3-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 110.558756][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.621283][ T23] usb 3-1: Product: syz [ 110.631468][ T23] usb 3-1: Manufacturer: syz [ 110.636124][ T23] usb 3-1: SerialNumber: syz [ 112.250868][ T23] (unnamed net_device) (uninitialized): Assigned a random MAC address: 7a:b6:e2:ca:ae:c4 [ 112.406641][ T23] rtl8150 3-1:1.0: eth1: rtl8150 is detected [ 112.676812][ T5847] usb 3-1: USB disconnect, device number 2 [ 113.034995][ T6048] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 113.044272][ T6048] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 114.786860][ T27] audit: type=1326 audit(2000000003.010:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.0.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde29f8eec9 code=0x7ffc0000 [ 114.844059][ T6054] kernel profiling enabled (shift: 17) [ 114.903057][ T6054] syz.0.43: attempt to access beyond end of device [ 114.903057][ T6054] loop1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 114.917290][ T27] audit: type=1326 audit(2000000003.010:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.0.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde29f8eec9 code=0x7ffc0000 [ 114.962421][ T6054] FAT-fs (loop1): unable to read boot sector [ 115.002860][ T27] audit: type=1326 audit(2000000003.020:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.0.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fde29f8d710 code=0x7ffc0000 [ 115.051247][ T27] audit: type=1326 audit(2000000003.020:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.0.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fde29f906f7 code=0x7ffc0000 [ 115.121373][ T27] audit: type=1326 audit(2000000003.020:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.0.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fde29f8eec9 code=0x7ffc0000 [ 115.192170][ T27] audit: type=1326 audit(2000000003.020:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.0.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fde29f906f7 code=0x7ffc0000 [ 115.286676][ T27] audit: type=1326 audit(2000000003.020:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.0.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fde29f8db2a code=0x7ffc0000 [ 115.380484][ T27] audit: type=1326 audit(2000000003.020:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.0.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde29f8eec9 code=0x7ffc0000 [ 115.470245][ T27] audit: type=1326 audit(2000000003.050:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.0.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fde29f8eec9 code=0x7ffc0000 [ 115.508432][ T6079] netlink: 8 bytes leftover after parsing attributes in process `syz.2.47'. [ 115.541199][ T27] audit: type=1326 audit(2000000003.050:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz.0.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde29f8eec9 code=0x7ffc0000 [ 117.691310][ T6106] netlink: 'syz.2.55': attribute type 25 has an invalid length. [ 117.699024][ T6106] netlink: 'syz.2.55': attribute type 7 has an invalid length. [ 119.092673][ T6118] loop2: detected capacity change from 0 to 1024 [ 119.496403][ T6118] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 119.639849][ T6118] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c028, mo2=0003] [ 119.649451][ T6118] System zones: 1-12 [ 119.689493][ T6118] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.092707][ T6136] capability: warning: `syz.1.60' uses deprecated v2 capabilities in a way that may be insecure [ 121.385334][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.824104][ T6157] loop3: detected capacity change from 0 to 1024 [ 122.859414][ T6157] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 123.064012][ T6157] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:478: comm syz.3.64: Invalid block bitmap block 0 in block_group 0 [ 123.101423][ T6157] __quota_error: 25 callbacks suppressed [ 123.101443][ T6157] Quota error (device loop3): write_blk: dquota write failed [ 123.114803][ T6157] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 123.124889][ T6157] EXT4-fs error (device loop3): ext4_acquire_dquot:6940: comm syz.3.64: Failed to acquire dquot type 0 [ 123.269243][ T6157] EXT4-fs error (device loop3): ext4_free_blocks:6676: comm syz.3.64: Freeing blocks not in datazone - block = 0, count = 4096 [ 123.291364][ T6157] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.64: Invalid inode bitmap blk 0 in block_group 0 [ 123.305995][ T6157] EXT4-fs error (device loop3) in ext4_free_inode:363: Corrupt filesystem [ 123.343559][ T6157] EXT4-fs (loop3): 1 orphan inode deleted [ 123.356479][ T6157] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.619718][ T1090] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-8 [ 124.171321][ T1090] EXT4-fs error (device loop3): ext4_release_dquot:6976: comm kworker/u4:5: Failed to release dquot type 0 [ 126.238858][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.404853][ T27] audit: type=1326 audit(2000000001.000:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6180 comm="syz.2.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 127.510975][ T27] audit: type=1326 audit(2000000001.020:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6180 comm="syz.2.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 127.619844][ T27] audit: type=1326 audit(2000000001.020:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6180 comm="syz.2.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 127.690507][ T27] audit: type=1326 audit(2000000001.030:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6180 comm="syz.2.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 127.749475][ T27] audit: type=1326 audit(2000000001.040:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6180 comm="syz.2.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 127.858006][ T6188] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 127.867040][ T6188] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 128.928978][ T27] audit: type=1326 audit(2000000001.040:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6180 comm="syz.2.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 129.057510][ T27] audit: type=1326 audit(2000000001.040:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6180 comm="syz.2.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 129.097255][ T27] audit: type=1326 audit(2000000001.040:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6180 comm="syz.2.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 129.137282][ T27] audit: type=1326 audit(2000000001.040:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6180 comm="syz.2.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 129.164497][ T27] audit: type=1326 audit(2000000001.040:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6180 comm="syz.2.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 129.431611][ T27] audit: type=1326 audit(2000000001.040:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6180 comm="syz.2.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 130.318619][ T27] audit: type=1326 audit(2000000001.040:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6180 comm="syz.2.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 130.344820][ T27] audit: type=1326 audit(2000000001.040:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6180 comm="syz.2.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 130.450936][ T27] audit: type=1326 audit(2000000001.050:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6180 comm="syz.2.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 130.577477][ T27] audit: type=1326 audit(2000000001.050:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6180 comm="syz.2.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae8358eec9 code=0x7ffc0000 [ 131.112300][ T6210] loop0: detected capacity change from 0 to 1024 [ 133.559940][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.567541][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.488060][ T6246] fuse: Bad value for 'fd' [ 136.512591][ T6250] loop2: detected capacity change from 0 to 1024 [ 136.587224][ T6253] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 136.596368][ T6253] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 137.583227][ T6250] __quota_error: 3 callbacks suppressed [ 137.583246][ T6250] Quota error (device loop2): do_check_range: Getting block 64 out of range 1-5 [ 137.636529][ T6250] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 137.657786][ T6250] EXT4-fs error (device loop2): ext4_acquire_dquot:6940: comm syz.2.87: Failed to acquire dquot type 0 [ 137.712567][ T6250] EXT4-fs error (device loop2): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 137.745702][ T6250] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #13: comm syz.2.87: corrupted inode contents [ 137.776407][ T6250] EXT4-fs error (device loop2): ext4_dirty_inode:6106: inode #13: comm syz.2.87: mark_inode_dirty error [ 137.807324][ T6250] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #13: comm syz.2.87: corrupted inode contents [ 137.849256][ T6250] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #13: comm syz.2.87: mark_inode_dirty error [ 137.881265][ T6250] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #13: comm syz.2.87: corrupted inode contents [ 137.921172][ T6250] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 137.941176][ T6250] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #13: comm syz.2.87: corrupted inode contents [ 137.986632][ T6250] EXT4-fs error (device loop2): ext4_truncate:4288: inode #13: comm syz.2.87: mark_inode_dirty error [ 138.010558][ T6250] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 138.032568][ T6250] EXT4-fs (loop2): 1 truncate cleaned up [ 138.039798][ T6250] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.978518][ T6275] loop3: detected capacity change from 0 to 512 [ 141.390272][ T6278] overlayfs: failed to resolve './file0': -2 [ 142.154394][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.960743][ T5905] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 144.107190][ T6306] overlayfs: failed to resolve './file0': -2 [ 144.171388][ T5905] usb 3-1: config 0 has an invalid interface number: 157 but max is 1 [ 144.192220][ T5905] usb 3-1: config 0 has no interface number 1 [ 144.214057][ T5905] usb 3-1: config 0 interface 157 has no altsetting 0 [ 144.956482][ T5905] usb 3-1: config 0 interface 0 has no altsetting 0 [ 144.980648][ T5905] usb 3-1: New USB device found, idVendor=0403, idProduct=a5ae, bcdDevice=d1.8d [ 145.019878][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.093543][ T5905] usb 3-1: config 0 descriptor?? [ 147.010486][ T5905] usb 3-1: string descriptor 0 read error: -71 [ 147.018562][ T5905] ftdi_sio 3-1:0.157: FTDI USB Serial Device converter detected [ 147.043625][ T5905] ftdi_sio ttyUSB0: unknown device type: 0xd18d [ 147.065071][ T5905] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 147.077404][ T5905] ftdi_sio ttyUSB1: unknown device type: 0xd18d [ 147.121086][ T5905] usb 3-1: USB disconnect, device number 3 [ 147.144926][ T5905] ftdi_sio 3-1:0.157: device disconnected [ 147.162916][ T5905] ftdi_sio 3-1:0.0: device disconnected [ 147.305285][ T27] audit: type=1326 audit(2000000000.060:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6323 comm="syz.1.110" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f66e5d8eec9 code=0x0 [ 147.430402][ T28] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 147.921248][ T28] usb 1-1: config 0 has an invalid interface number: 160 but max is 0 [ 147.929597][ T28] usb 1-1: config 0 has no interface number 0 [ 147.936373][ T28] usb 1-1: config 0 interface 160 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 147.947715][ T28] usb 1-1: config 0 interface 160 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 147.962498][ T28] usb 1-1: New USB device found, idVendor=28ac, idProduct=8501, bcdDevice=9e.4e [ 148.003806][ T28] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.160437][ T28] usb 1-1: Product: syz [ 148.187017][ T28] usb 1-1: Manufacturer: syz [ 148.263756][ T28] usb 1-1: SerialNumber: syz [ 148.448178][ T28] usb 1-1: config 0 descriptor?? [ 148.804117][ T28] usb 1-1: Found UVC 0.00 device syz (28ac:8501) [ 148.820287][ T28] usb 1-1: No valid video chain found. [ 149.139747][ T5847] usb 1-1: USB disconnect, device number 2 [ 152.606110][ T23] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 152.837054][ T23] usb 4-1: config 0 has an invalid interface number: 157 but max is 1 [ 152.852898][ T23] usb 4-1: config 0 has no interface number 1 [ 152.865678][ T23] usb 4-1: config 0 interface 157 has no altsetting 0 [ 152.878774][ T23] usb 4-1: config 0 interface 0 has no altsetting 0 [ 152.886003][ T23] usb 4-1: New USB device found, idVendor=0403, idProduct=a5ae, bcdDevice=d1.8d [ 152.895606][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.309263][ T23] usb 4-1: config 0 descriptor?? [ 154.425783][ T23] usb 4-1: string descriptor 0 read error: -71 [ 154.433998][ T23] ftdi_sio 4-1:0.157: FTDI USB Serial Device converter detected [ 154.443285][ T23] ftdi_sio ttyUSB0: unknown device type: 0xd18d [ 154.452997][ T23] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 154.462396][ T23] ftdi_sio ttyUSB1: unknown device type: 0xd18d [ 154.472295][ T23] usb 4-1: USB disconnect, device number 2 [ 154.479411][ T23] ftdi_sio 4-1:0.157: device disconnected [ 154.487421][ T23] ftdi_sio 4-1:0.0: device disconnected [ 154.700415][ T6382] loop0: detected capacity change from 0 to 512 [ 154.831841][ T6380] loop2: detected capacity change from 0 to 16 [ 154.911595][ T6382] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 154.978205][ T6382] EXT4-fs (loop0): orphan cleanup on readonly fs [ 155.006228][ T6382] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.128: bg 0: block 248: padding at end of block bitmap is not set [ 155.042663][ T6382] Quota error (device loop0): write_blk: dquota write failed [ 155.050890][ T6382] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 155.061261][ T6382] EXT4-fs error (device loop0): ext4_acquire_dquot:6940: comm syz.0.128: Failed to acquire dquot type 1 [ 155.097299][ T6382] EXT4-fs (loop0): 1 truncate cleaned up [ 155.133464][ T6382] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 155.502077][ T6380] erofs: (device loop2): mounted with root inode @ nid 36. [ 155.522204][ T6384] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 156.981452][ T6395] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 156.990576][ T6395] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 157.118802][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.663285][ T5796] Bluetooth: hci4: command 0x1003 tx timeout [ 159.672651][ T5795] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 160.533922][ T785] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 160.735692][ T785] usb 4-1: config 0 has an invalid interface number: 157 but max is 1 [ 160.751698][ T785] usb 4-1: config 0 has no interface number 1 [ 160.764490][ T785] usb 4-1: config 0 interface 157 has no altsetting 0 [ 160.784369][ T785] usb 4-1: config 0 interface 0 has no altsetting 0 [ 160.804059][ T785] usb 4-1: New USB device found, idVendor=0403, idProduct=a5ae, bcdDevice=d1.8d [ 160.826364][ T785] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.904836][ T785] usb 4-1: config 0 descriptor?? [ 161.078279][ T6420] loop2: detected capacity change from 0 to 1024 [ 161.148732][ T785] usb 4-1: string descriptor 0 read error: -71 [ 161.166757][ T785] ftdi_sio 4-1:0.157: FTDI USB Serial Device converter detected [ 161.189095][ T785] ftdi_sio ttyUSB0: unknown device type: 0xd18d [ 161.205744][ T785] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 161.261072][ T785] ftdi_sio ttyUSB1: unknown device type: 0xd18d [ 161.326584][ T785] usb 4-1: USB disconnect, device number 3 [ 161.360864][ T785] ftdi_sio 4-1:0.157: device disconnected [ 161.411639][ T785] ftdi_sio 4-1:0.0: device disconnected [ 162.524630][ T6428] syz.3.140[6428] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 162.524770][ T6428] syz.3.140[6428] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 164.269158][ T6442] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 164.290999][ T6442] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 167.961935][ T6466] pim6reg1: entered promiscuous mode [ 167.967326][ T6466] pim6reg1: entered allmulticast mode [ 172.666544][ T6512] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 172.675647][ T6512] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 173.941586][ T6527] loop0: detected capacity change from 0 to 1024 [ 173.992373][ T6526] loop3: detected capacity change from 0 to 1024 [ 174.198919][ T5794] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 176.730294][ C0] [ 176.732719][ C0] ====================================================== [ 176.739845][ C0] WARNING: possible circular locking dependency detected [ 176.746878][ C0] syzkaller #0 Not tainted [ 176.751295][ C0] ------------------------------------------------------ [ 176.758346][ C0] syz.3.182/6554 is trying to acquire lock: [ 176.764291][ C0] ffff8880b8e29370 (krc.lock){..-.}-{2:2}, at: kvfree_call_rcu+0x15a/0x780 [ 176.772952][ C0] [ 176.772952][ C0] but task is already holding lock: [ 176.780355][ C0] ffff8880b8e29598 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 176.789302][ C0] [ 176.789302][ C0] which lock already depends on the new lock. [ 176.789302][ C0] [ 176.800055][ C0] [ 176.800055][ C0] the existing dependency chain (in reverse order) is: [ 176.809077][ C0] [ 176.809077][ C0] -> #1 (&base->lock){-.-.}-{2:2}: [ 176.816388][ C0] _raw_spin_lock_irqsave+0xa8/0xf0 [ 176.822114][ C0] lock_timer_base+0x123/0x270 [ 176.827436][ C0] __mod_timer+0xf9/0xdb0 [ 176.832330][ C0] queue_delayed_work_on+0x12a/0x1e0 [ 176.838141][ C0] kvfree_call_rcu+0x541/0x780 [ 176.843431][ C0] rtnl_register_internal+0x486/0x590 [ 176.849337][ C0] rtnl_register+0x32/0x70 [ 176.854289][ C0] ip_rt_init+0x2ec/0x390 [ 176.859234][ C0] ip_init+0xe/0x20 [ 176.863663][ C0] inet_init+0x2c1/0x3e0 [ 176.868421][ C0] do_one_initcall+0x1fd/0x750 [ 176.873755][ C0] do_initcall_level+0x137/0x1f0 [ 176.879236][ C0] do_initcalls+0x69/0xd0 [ 176.884134][ C0] kernel_init_freeable+0x3d2/0x570 [ 176.889868][ C0] kernel_init+0x1d/0x1c0 [ 176.894726][ C0] ret_from_fork+0x48/0x80 [ 176.899684][ C0] ret_from_fork_asm+0x11/0x20 [ 176.904987][ C0] [ 176.904987][ C0] -> #0 (krc.lock){..-.}-{2:2}: [ 176.912045][ C0] __lock_acquire+0x2ddb/0x7c80 [ 176.917431][ C0] lock_acquire+0x197/0x410 [ 176.922636][ C0] _raw_spin_lock+0x2e/0x40 [ 176.927681][ C0] kvfree_call_rcu+0x15a/0x780 [ 176.932986][ C0] trie_delete_elem+0x535/0x6a0 [ 176.938400][ C0] bpf_prog_5186c38a4019a4cb+0x4a/0x4e [ 176.944437][ C0] bpf_trace_run3+0x1e7/0x400 [ 176.949643][ C0] __bpf_trace_timer_start+0x14a/0x1b0 [ 176.955731][ C0] __traceiter_timer_start+0x77/0xc0 [ 176.961563][ C0] enqueue_timer+0x398/0x530 [ 176.966684][ C0] __mod_timer+0x977/0xdb0 [ 176.971639][ C0] mrp_join_timer+0x13f/0x170 [ 176.976859][ C0] call_timer_fn+0x16e/0x530 [ 176.981981][ C0] __run_timers+0x52d/0x7d0 [ 176.987010][ C0] run_timer_softirq+0x67/0xf0 [ 176.992304][ C0] handle_softirqs+0x280/0x820 [ 176.997765][ C0] __irq_exit_rcu+0xc7/0x190 [ 177.002876][ C0] irq_exit_rcu+0x9/0x20 [ 177.007638][ C0] sysvec_apic_timer_interrupt+0x56/0xc0 [ 177.013805][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 177.020322][ C0] [ 177.020322][ C0] other info that might help us debug this: [ 177.020322][ C0] [ 177.030543][ C0] Possible unsafe locking scenario: [ 177.030543][ C0] [ 177.037988][ C0] CPU0 CPU1 [ 177.043350][ C0] ---- ---- [ 177.048711][ C0] lock(&base->lock); [ 177.052800][ C0] lock(krc.lock); [ 177.059215][ C0] lock(&base->lock); [ 177.065817][ C0] lock(krc.lock); [ 177.069651][ C0] [ 177.069651][ C0] *** DEADLOCK *** [ 177.069651][ C0] [ 177.077807][ C0] 4 locks held by syz.3.182/6554: [ 177.082833][ C0] #0: ffffc9000366fb40 ((&app->join_timer)#2){+.-.}-{0:0}, at: call_timer_fn+0xbf/0x530 [ 177.092689][ C0] #1: ffff88814ceb3cc8 (&app->lock#2){+.-.}-{2:2}, at: mrp_join_timer+0xd8/0x170 [ 177.101938][ C0] #2: ffff8880b8e29598 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x123/0x270 [ 177.111314][ C0] #3: ffffffff8cd2fe20 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0xf4/0x400 [ 177.120652][ C0] [ 177.120652][ C0] stack backtrace: [ 177.126548][ C0] CPU: 0 PID: 6554 Comm: syz.3.182 Not tainted syzkaller #0 [ 177.133833][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 177.143895][ C0] Call Trace: [ 177.147176][ C0] [ 177.150111][ C0] dump_stack_lvl+0x16c/0x230 [ 177.154800][ C0] ? load_image+0x3b0/0x3b0 [ 177.159302][ C0] ? show_regs_print_info+0x20/0x20 [ 177.164622][ C0] ? print_circular_bug+0x12b/0x1a0 [ 177.169842][ C0] check_noncircular+0x2bd/0x3c0 [ 177.174787][ C0] ? print_deadlock_bug+0x5d0/0x5d0 [ 177.179992][ C0] ? lockdep_lock+0xe0/0x220 [ 177.184584][ C0] ? _find_first_zero_bit+0xd3/0x100 [ 177.189880][ C0] __lock_acquire+0x2ddb/0x7c80 [ 177.194761][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 177.199877][ C0] ? __stack_depot_save+0x560/0x630 [ 177.205424][ C0] ? verify_lock_unused+0x140/0x140 [ 177.210625][ C0] ? kasan_save_stack+0x4d/0x60 [ 177.215472][ C0] ? kasan_save_stack+0x3e/0x60 [ 177.220327][ C0] ? __kasan_record_aux_stack+0xaf/0xc0 [ 177.225879][ C0] ? kvfree_call_rcu+0xee/0x780 [ 177.230732][ C0] ? trie_delete_elem+0x535/0x6a0 [ 177.235776][ C0] ? bpf_prog_5186c38a4019a4cb+0x4a/0x4e [ 177.241444][ C0] ? bpf_trace_run3+0x1e7/0x400 [ 177.246292][ C0] ? __bpf_trace_timer_start+0x14a/0x1b0 [ 177.251930][ C0] ? __traceiter_timer_start+0x77/0xc0 [ 177.257405][ C0] ? enqueue_timer+0x398/0x530 [ 177.262165][ C0] ? __mod_timer+0x977/0xdb0 [ 177.266850][ C0] ? mrp_join_timer+0x13f/0x170 [ 177.271712][ C0] ? call_timer_fn+0x16e/0x530 [ 177.276473][ C0] ? __run_timers+0x52d/0x7d0 [ 177.281145][ C0] ? run_timer_softirq+0x67/0xf0 [ 177.286102][ C0] ? handle_softirqs+0x280/0x820 [ 177.291059][ C0] ? __irq_exit_rcu+0xc7/0x190 [ 177.295830][ C0] ? irq_exit_rcu+0x9/0x20 [ 177.300256][ C0] ? sysvec_apic_timer_interrupt+0x56/0xc0 [ 177.306091][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 177.312271][ C0] lock_acquire+0x197/0x410 [ 177.316784][ C0] ? kvfree_call_rcu+0x15a/0x780 [ 177.321737][ C0] ? read_lock_is_recursive+0x20/0x20 [ 177.327125][ C0] ? __phys_addr+0xba/0x170 [ 177.331651][ C0] _raw_spin_lock+0x2e/0x40 [ 177.336156][ C0] ? kvfree_call_rcu+0x15a/0x780 [ 177.341095][ C0] kvfree_call_rcu+0x15a/0x780 [ 177.345866][ C0] ? call_rcu+0x930/0x930 [ 177.350381][ C0] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 177.356275][ C0] ? _raw_spin_unlock+0x40/0x40 [ 177.361130][ C0] trie_delete_elem+0x535/0x6a0 [ 177.365992][ C0] bpf_prog_5186c38a4019a4cb+0x4a/0x4e [ 177.371465][ C0] bpf_trace_run3+0x1e7/0x400 [ 177.376162][ C0] ? bpf_trace_run3+0xf4/0x400 [ 177.381022][ C0] ? bpf_trace_run2+0x3c0/0x3c0 [ 177.385879][ C0] ? __bpf_trace_timer_start+0x133/0x1b0 [ 177.391525][ C0] __bpf_trace_timer_start+0x14a/0x1b0 [ 177.396997][ C0] ? debug_object_activate+0x2f7/0x4b0 [ 177.402484][ C0] ? __bpf_trace_timer_class+0x100/0x100 [ 177.408139][ C0] ? __rwlock_init+0x150/0x150 [ 177.412927][ C0] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 177.418832][ C0] ? _raw_spin_unlock+0x40/0x40 [ 177.423686][ C0] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 177.429143][ C0] ? __bpf_trace_timer_class+0x100/0x100 [ 177.434788][ C0] __traceiter_timer_start+0x77/0xc0 [ 177.440167][ C0] enqueue_timer+0x398/0x530 [ 177.444769][ C0] __mod_timer+0x977/0xdb0 [ 177.449222][ C0] mrp_join_timer+0x13f/0x170 [ 177.453911][ C0] call_timer_fn+0x16e/0x530 [ 177.458511][ C0] ? mrp_init_applicant+0x4e0/0x4e0 [ 177.463729][ C0] ? call_timer_fn+0xbf/0x530 [ 177.468456][ C0] ? __run_timers+0x7d0/0x7d0 [ 177.473160][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 177.478399][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 177.483698][ C0] ? mrp_init_applicant+0x4e0/0x4e0 [ 177.488905][ C0] __run_timers+0x52d/0x7d0 [ 177.493414][ C0] ? detach_timer+0x2b0/0x2b0 [ 177.498095][ C0] ? lock_chain_count+0x20/0x20 [ 177.502962][ C0] run_timer_softirq+0x67/0xf0 [ 177.507748][ C0] handle_softirqs+0x280/0x820 [ 177.512523][ C0] ? __irq_exit_rcu+0xc7/0x190 [ 177.517298][ C0] ? do_softirq+0x180/0x180 [ 177.521826][ C0] __irq_exit_rcu+0xc7/0x190 [ 177.526423][ C0] ? irq_exit_rcu+0x20/0x20 [ 177.530931][ C0] irq_exit_rcu+0x9/0x20 [ 177.535173][ C0] sysvec_apic_timer_interrupt+0x56/0xc0 [ 177.540813][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 177.546791][ C0] RIP: 0033:0x7f24a186ed66 [ 177.551217][ C0] Code: 89 fb 48 89 d0 49 8d 14 d2 49 39 50 28 0f 82 b5 03 00 00 c6 44 24 1e 01 45 31 ff 45 31 f6 44 0f b6 e6 85 c0 0f 84 9e 00 00 00 <44> 89 f9 49 8b 50 40 4c 89 f0 49 03 14 ca 80 3d 2d 90 37 00 00 49 [ 177.570836][ C0] RSP: 002b:00007ffda5770bc0 EFLAGS: 00000287 [ 177.576910][ C0] RAX: 000000110c388000 RBX: 00007f24a2715720 RCX: 0000000000000004 [ 177.584885][ C0] RDX: 00000000000015a2 RSI: 0000000000002ad6 RDI: 0000000000000010 [ 177.592864][ C0] RBP: ffffffff813ab5a2 R08: 00007f24a1be6038 R09: 00007f24a1bd2000 [ 177.600833][ C0] R10: 00007f24a13ff008 R11: 000000000000000a R12: 000000000000000a [ 177.608802][ C0] R13: 0000000000000000 R14: ffffffff813ab2d8 R15: 00000000000001f5 [ 177.616861][ C0] ? unwind_next_frame+0x1018/0x2970 [ 177.622175][ C0] ? unwind_next_frame+0x12e2/0x2970 [ 177.627501][ C0] [ 177.673580][ T6559] syzkaller0: entered promiscuous mode [ 177.679205][ T6559] syzkaller0: entered allmulticast mode