last executing test programs: 14.146525574s ago: executing program 3 (id=63): fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f0000000180)='syz0\x00', &(0x7f00000003c0)="037bc156", 0x4) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x202) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xbebf8000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000141, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = epoll_create1(0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000000)={0xe000202b}) epoll_pwait(r4, &(0x7f00008c9fc4)=[{}], 0x1, 0xfffffff3, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000300)={0x200f}) setreuid(0xee00, 0x0) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f0000000000)=0x800, 0x4) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x6, 0x8012, r5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2008}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x82f1, 0xffffffffffffffff, 0xffffd000) getgid() ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x10) r6 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000940)=ANY=[@ANYBLOB="0b00000073797a31000000000000000000000000000000000013ed00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000d226708c9655e2cf09bc09f1d100008000427500000000300005000000e400"/293], 0x118) 11.454627051s ago: executing program 1 (id=67): io_setup(0x2, &(0x7f0000000000)=0x0) r1 = eventfd(0x0) io_submit(r0, 0x1, &(0x7f0000000480)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xc2, r1, 0x0, 0x0, 0xffffffffed78da27}]) 10.767136382s ago: executing program 3 (id=70): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x58) flock(0xffffffffffffffff, 0x2) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x1, &(0x7f0000000000)=[{0x6, 0xfd, 0xc, 0x43}]}, 0x10) listen(r0, 0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r2 = fcntl$dupfd(r1, 0x406, r0) sendmsg$ETHTOOL_MSG_WOL_GET(r2, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000007c0)=ANY=[], 0x2c}}, 0x4008051) syz_emit_ethernet(0x36, 0x0, 0x0) write$uinput_user_dev(r2, &(0x7f0000000d40)={'syz0\x00', {0x5, 0x7ff, 0x8}, 0x34, [0x0, 0x8001, 0x9, 0xfffffbff, 0x0, 0x9, 0x0, 0x0, 0x7, 0x9, 0x6c, 0x8, 0x7, 0xd, 0x7fffffff, 0x8001, 0x48d59, 0x3, 0x3, 0x0, 0x3, 0x10001, 0x7f, 0x0, 0x6c, 0x9, 0x4, 0xa, 0x7, 0x1, 0x9, 0x7fff, 0x6, 0x5, 0x9, 0x9, 0x9, 0x6, 0x6, 0x8, 0x5, 0x5, 0xc, 0x2, 0xbf5b, 0x5, 0x200004, 0x64765660, 0xc39, 0x6, 0x1b1, 0xff, 0x4635, 0x1, 0x7, 0x7, 0x29f, 0xbcd, 0xfffffffa, 0x1, 0x5, 0x9, 0x7, 0x1], [0x0, 0x0, 0x1, 0x2, 0x1, 0x4, 0xaa, 0x7, 0x9, 0x8, 0xfffffff8, 0x7ff, 0x1ac, 0x6, 0x5, 0x0, 0x5, 0x7a, 0x7, 0x8, 0x3c, 0x1, 0xb, 0x9, 0x7fffffff, 0x0, 0x2, 0x1, 0x80000000, 0x24, 0x8, 0x8, 0x8aee, 0xb37, 0x20000009, 0x1ff, 0x9, 0x2, 0x8728, 0x200, 0x200, 0x0, 0xfab, 0x7a0, 0x6, 0x7, 0x80000001, 0x7ff, 0x7, 0x4, 0x9, 0x4, 0x2, 0x3ff, 0x400, 0x39ff, 0x9, 0xe6d7, 0x8e, 0x7ff, 0x6, 0x1, 0x6, 0x3], [0x7fffffff, 0x3, 0x0, 0x800, 0x10001, 0x1, 0x3ff, 0x2, 0x43a, 0x20, 0x1, 0x4, 0xf03, 0xffffff80, 0x4, 0x1, 0xd9c, 0x7f, 0x76b, 0xffffff81, 0x6e, 0x7, 0x6, 0x5, 0x9, 0x2, 0x81, 0x3, 0x8, 0x7, 0x40, 0x80, 0x7fff, 0x2, 0x9, 0x4, 0x1, 0x5cd699be, 0x8, 0xb, 0x4, 0x3, 0x9, 0x0, 0xe, 0x6f1, 0x6, 0x2, 0xfa9, 0xc, 0x2, 0x883b0, 0x4, 0x3, 0x4, 0x7, 0x4db, 0x190bc7fa, 0x2, 0x3, 0x9, 0x8, 0x4, 0x1], [0x7, 0x3, 0x1, 0x3, 0x0, 0x3, 0x7fff, 0x2, 0x9, 0x1c8ff9ea, 0x7ff, 0x7fffffff, 0xffffff80, 0x20, 0x1000000f, 0x101, 0x4, 0xf, 0x2be, 0x2, 0x6, 0xfffffff7, 0x10000001, 0xd, 0x1800, 0xa6c464f, 0x80000000, 0x0, 0xe76, 0x7, 0x3, 0x3, 0x430, 0xe, 0xfff, 0x5, 0xfffffff9, 0x5, 0x2, 0x1, 0x66, 0xf2, 0x5, 0x80, 0x0, 0x3, 0x7, 0x25, 0x8, 0x1, 0x4, 0xfffff34c, 0x7, 0x5, 0x5, 0x401, 0x3ff, 0x9, 0xb, 0x8, 0x8, 0x8000, 0x5, 0x6]}, 0x45c) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0) pwrite64(r4, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) close_range(r3, 0xffffffffffffffff, 0x0) 10.029822475s ago: executing program 1 (id=71): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x81c0, 0x8103) r0 = socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x4) r1 = socket$can_bcm(0x1d, 0x2, 0x2) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r1], 0x448}}, 0x0) sendmsg$can_bcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x80}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) write$binfmt_elf64(r3, &(0x7f0000000080)=ANY=[], 0x78) sendfile(r2, r3, &(0x7f00000001c0), 0x8) fcntl$addseals(r3, 0x409, 0x8) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fallocate(r3, 0x3, 0x2009140, 0x20000) close_range(r0, 0xffffffffffffffff, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file7/file0\x00', 0x0) 8.996951765s ago: executing program 3 (id=73): setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f0000002280)={0x4, 0x8}, 0x2) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000680)=@newsa={0x154, 0x1a, 0x633, 0x0, 0x25dfdbfd, {{@in=@private=0xa010101, @in=@broadcast, 0x0, 0x4000, 0x4e24, 0x8001, 0x0, 0x20}, {@in=@multicast2, 0x0, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0xb}, {0x323, 0x0, 0x0, 0x0, 0x4000}, {}, {}, 0x70bd29, 0x0, 0xa, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x4, {0x1, 0x4e21, 0xfffc}}]}, 0x154}}, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000280)={0xf3, 0x1bc, 0x3, 0x3, 0xa, 0x5, 0x40}, 0xc) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) syz_emit_ethernet(0x2a, &(0x7f00000006c0)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x62, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @address_reply={0x12, 0x0, 0x0, 0xe0000002}}}}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000022c0)=ANY=[@ANYRES64=r3, @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES64], 0x48) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000740)={[{@test_dummy_encryption}, {@i_version}, {@noblock_validity}, {@commit={'commit', 0x3d, 0x5}}, {@inlinecrypt}, {@max_batch_time}, {@abort}, {@auto_da_alloc}, {@lazytime}, {@noauto_da_alloc}, {@block_validity}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000004c0)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0) request_key(&(0x7f0000000ac0)='logon\x00', &(0x7f0000000b00)={'syz', 0x0}, 0x0, 0xffffffffffffffff) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4040) write$binfmt_script(r4, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0) fdatasync(r4) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ftruncate(r4, 0x81ff) 8.877466512s ago: executing program 1 (id=75): socket$inet_tcp(0x2, 0x1, 0x0) inotify_init1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setrlimit(0x9, &(0x7f0000000080)={0x8606, 0xffff}) io_setup(0x8f0, &(0x7f0000002400)) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@acquire], 0x0, 0x0, 0x0}) r5 = dup3(r4, r3, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f00000002c0)) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000640)={0x50, 0x0, &(0x7f0000000500)=[@free_buffer, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000280)={0x58, 0x0, &(0x7f0000000100)=[@free_buffer, @request_death, @clear_death={0x400c630f, 0x1}, @release={0x40046306, 0xfffffffe}, @dead_binder_done, @release={0x40046306, 0x3}, @decrefs, @decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) r7 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io(r7, 0x0, 0x0) 8.73214068s ago: executing program 0 (id=76): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="02030003120000002cbd7000fbdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af05000600000000000a00000000000000000000000000000000000000000000010b0000000000000002000100000000000000070c0000000005000500000000000a00000000000000fc01000000000000000000000000000107000000000000000100"], 0x90}, 0x1, 0x7}, 0x0) 8.589088728s ago: executing program 0 (id=77): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) inotify_init1(0x0) write$binfmt_elf64(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="7f454c46000400000180ffffffffffff03003e00ebffffff7c00000000000000400000000000000001000000000000001de600000c20380018"], 0x78) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) 7.652204263s ago: executing program 2 (id=79): openat$full(0xffffffffffffff9c, 0x0, 0x800, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') preadv(r0, 0x0, 0x0, 0xffff, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xb, 0x8, 0xd, 0x4, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x44f}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, 0xffffffffffffffff, &(0x7f0000000c40)={0x2000000b}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$can_bcm(0x1d, 0x2, 0x2) syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r6, 0x4b52, &(0x7f0000000040)={0xfa, &(0x7f0000000000)=[{}]}) 7.650912574s ago: executing program 0 (id=80): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000002140)={0x50, 0xffffffffffffffda, 0x0, {0x7, 0x27, 0x0, 0x14a4014, 0x0, 0x0, 0xa, 0x8000}}, 0x50) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x20a02, 0x0) ioctl$TIOCSSOFTCAR(r3, 0x5453, 0x0) io_submit(0x0, 0x0, 0x0) syz_open_dev$loop(&(0x7f0000000040), 0x7, 0x43) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r4, 0x0, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000280)={r4, r4, 0x1, 0xffffffa5, 0x0, 0x9, 0x8, 0x2, 0x5508, 0xc338, 0x1, 0x7, 'syz0\x00'}) 6.156645s ago: executing program 2 (id=81): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007000000850000"], 0x0, 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() write$FUSE_OPEN(0xffffffffffffffff, 0x0, 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x24040854) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) connect$unix(r3, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) r4 = io_uring_setup(0x2c49, &(0x7f00000000c0)={0x0, 0x8000002, 0x1000, 0x1000000, 0x1a6}) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r4, 0x18, &(0x7f0000000000), 0x1) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000500), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="757466383d302c756d61736b3d30303030303030303030303030303030303134373537372c73686f72746e616d653d6d697865642c636865636b3d7374726963742c636f6465706167653d313235302c6e6f6e756d7461696c3d302c756e695f786c6174653d312c756e695f786c6174653d302c756e695f786c6174653d312c696f636861727365743d63703836332c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c6e6f6e756d7461696c3d302c756e695f786c6174653d302c73686f72746e616d653d6c6f7765722c726f6469722c0073e891503a0309d91d60a3f79fb445ef040adbfaebe458f48306d4472e78e0c79837a8ba4cdfcf2664aea65ded67e7618d999eb426ea4d6e3c245287de93a7671165d44c0692c1e44faa189afae462610344caaf8690af6f5b8092420bf6e652ec1dd96df4f7fa2122c8a1eb91332abb080a48cf8d995e2f518dc460183619759f02357d416969cde8685c58841fd65e9ae556ec5221ab219a826bb13cc6ebfb345749e676fa449156aaef0e2d00409ca2cf5ae7c47b594d6a41fab2"], 0x26, 0x34b, &(0x7f0000000700)="$eJzs3TtoZNUbAPBv9uYN+0+KPwStRjtBlk3EQquEZYXFFLoy+GocTNZH7riQwYFskdlpFEvFRtDKzkLLrcVCxM7C1hVkVWzcbmEXr8zcm5k7j2hWTOKyv18RPr5zvjnn3HvC3LxOXlmL7c3puHTz5o2Ym6vE1Nq5tbhViaU4FUnkrsaIzmgCALiX3Mqy+D3LldLLk3t/sLAfzRzD3ACAo9F7/3/t9CAxe5KzAQCOwwFf/496ZmL28pFNCwA4QmPv/w8PNY98m3+q/zsBAMC967kXX3p6fSPiYrU6F9F4t1Vr1eLJQfv6pXgj0tiKs7EYdyLyB4X8aaH78akLG+fPVrt+Xopat6JVi2i0W7X8SWE96dXPxkosxlJRn/Xrk279Sq++GhFX273xo1Fp1aZjoRj/h4XYitVYjP+P1Udc2Di/Wi1eoNbYr29HdGJufxHd+Z+Jxfju1bgcaWxGt3Yw/72VavVctlGqr/d+ELJ5EjcEAAAAAAAAAAAAAAAAAAAAAID7wplq31L//Jus0W69c3G0w1L5fJ1WLW8uzgfq5OcDZbP7p/O8l4yeDzR8Pk+rNhWnTnTlAAAAAAAAAAAAAAAAAAAA8N/R3J2Jeppu7TR3r2yXg3Yp89Y3n381H6N93kwGmZjKX26oT5GLUlUS/fKsX54lQ32KIIkYdP7sWn/GeSaZsJaxVcz2FljOVIo51dP09EM/fTw26O6V7T8GmSTGLstwUClGLjU1/pen/qLq4GD1b/pcz7LsoPK9j8arohIxNXbj/o3g6xuvP/BYc/nxXubL4tCHRx5dfP76h5/+ul1Po7g0aTqz07yT/eOxktL+qRTXuRITNtvEoDPIdHaau/Xk+99eePD9b4f6zI9tkiLIypm394O54dtdT9MvRkefyYPuNA+z0ukJm39y8PLt/u69+4u5/Mla/drej78ctqr0ieWgDgAAAAAAAAAAAAAAAAAAOBalvxW/C088e3QzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDjN/j//6WgM5Y5THC7HeNNs1s7zQMHnz/WpQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcB/7MwAA//+xzHAn") r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) getdents64(r5, &(0x7f0000000f80)=""/4096, 0x1000) 5.529759137s ago: executing program 1 (id=82): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = io_uring_setup(0x3eae, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)=""/4104, 0x440000}], 0x1f77) 5.501704408s ago: executing program 0 (id=83): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r0, 0xffffffffffffffff, 0x0) 5.501325929s ago: executing program 3 (id=84): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f00000003c0)={[{@nodioread_nolock}, {@mblk_io_submit}, {@nodioread_nolock}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}, {@inode_readahead_blks}, {@dioread_lock}, {@noblock_validity}, {@discard}]}, 0x4, 0xbc1, &(0x7f0000001c80)="$eJzs3M1rXOUaAPDnnHy2yb2TXi6X27tpLpdLC/c6TSsptgi2UnHjQtCt0JBOSsj0gyRSk2Yx0X9A1LXgRlCL0oVdd6Pg1o3WrcWFUCQ2CiIaOfORxGQmH+2kJyS/H7w57zvvmXmeZ05nznlhTgPYtwazP2nE4Yi4kEQU6o+nEdFd7fVGVGr7LS7Mjf68MDeaxNLSSz8kkUTEg4W50cZrJfVtX33QGxFfPpvE395YH3dqZnZipFwuTdbHx6cvXzs+NTP7xPjlkUulS6UrJ049NXxy+NTQ6eG21frLt2dv//Tv57+r/Prhbzd/fPv9JM5Gf31udR3tMhiDy+/Jap0RMdLuYDnpqNezus6kc5MnpTucFAAALaWrruH+EYXoiJWLt0J89lWuyQEAAABtsdQRsQQAAADscYn1PwAAAOxxjd8BPFiYG220fH+R8HjdPxcRA7X6F+utNtMZleq2N7oi4uCDJFbf1prUnvbIBiPi3jenP8la7NB9yBupzEfEP5sd/6Ra/0D1Lu719acRMdSG+INrxrut/v93t67/bBvi510/APvTnXO1E9n681+6fP0TTc5/nU3OXQ8j7/Nf4/pvcd3130r9HS2u/17cYowbH7x7vdVcVv/Tt5/7uNGy+Nn2kYrahvvzEf/qbFZ/slx/0qL+C1uMUfj9eqnV3Bbr79l2YVu09F7E0Whef0Oy8f9PdHxsvFwaqv1tGmP+i+GPWsXfDcf/YIv6Nzv+17YY45Xz52+1mtu8/vT77uTlaq+7/shrI9PTkyciupMX1j9+sn5DewuNfRqvkdV/7D8bf/6b1Z+FqNTfh2wtMF/fZuPX18R85uaNTzeqP1v75Xn8Lz7k8X9zizH++/lbx1rNrV7/Zi2Lfy+prYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiP5I0uJyP02LxYi+iPh7HEzLV6em/zd29dUrF7O5iIHoSsfGy6WhiCjUxkk2PlHtr4xPrhk/GRGHIuKdwoHquDh6tXwx7+IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY1hcR/ZGkxYhII2KxkKbFYt5ZAQAAAG03kHcCAAAAwI6z/gcAAIC9z/ofAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHXboyJ27SURUzhyotkx3fa4r18yAnZbmnQCQm468EwBy05l3AkButrnGd7kAe1CyyXxvy5metucCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwO519PCdu0lEVM4cqLZMd32uq+kzjjzG7ICdlOadAJCbjo0mO9eMfVnAnrL2Iw7sH83X+MB+kmwy37uyT+XPMz07lhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu09/tSVpMSLSaj9Ni8WIv0TEQHQlY+Pl0lBE/DUivi509WTjnryTBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoO2mZmYnRsrl0qSOTns7ffV/Yrsln93fSXZHGrVOzl9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkYmpmdmKkXC5NTuWdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJC3qZnZiZFyuTS5hc6t7ey8qpN3jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5OePAAAA//++vgq1") mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000), &(0x7f0000000080)=@tcp6=r5, 0x2}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r4, r1, 0x25, 0x0, @val=@tcx={@void, @value=r4}}, 0x1c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r3, &(0x7f00000001c0), &(0x7f0000000040)=@tcp=r0}, 0x20) syz_emit_ethernet(0xd81, &(0x7f0000002740)=ANY=[], 0x0) 1.585659887s ago: executing program 1 (id=85): socket$inet_tcp(0x2, 0x1, 0x0) inotify_init1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setrlimit(0x9, &(0x7f0000000080)={0x8606, 0xffff}) io_setup(0x8f0, &(0x7f0000002400)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) 1.390437949s ago: executing program 3 (id=86): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000044, &(0x7f0000000240)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@nodioread_nolock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@nouid32}, {@nobh}, {@user_xattr}, {@nouid32}, {@dioread_nolock}]}, 0x1, 0x55e, &(0x7f0000001bc0)="$eJzs3d9rW+UbAPDnpM1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLqMJh1rHbhduBtvZAgiDsR7vfdKhv+Af8VAB0NG0QtvKic9abs1adIuWzrz+cDZ3jfnJO95cs7z9n1zTkgAA2s0+6cQ8WJEfJVEHI6IJF83HPnK0dXtlh9en8qWJFZWPv4zaWyX1Zuv1XzewbzyQkT8+kXEycLmdmuLS7PlSiWdz+tj9bkrY7XFpVOX5soz6Ux6eWJy8sybkxPvvP1Wz2J97fzf33509/0zXx5f/uan+0duJ3E2DuXrNsbxBG5srIzGaP6eFOPsYxuOr/7XizZ3haTfO8CODOV5XoysDzgcQ3nWA/99n0fECjCgEvkPA6o5DmjO7Xs0D35uPHhvdQK0Of7h1c9GYl9jbnRgOXlkZpTNd0d60H7Wxs9/3LmdLdG7zyEAOrpxMyJODw9v7v+SvP/budNdbPN4G/o/eHbuZuOf11uNfwpr459oMf452CJ3d6Jz/hfu96CZtrLx37stx79rF61GhvLa/xpjvmJy8VIlzfq2/0fEiSjuzerjW7RxZvneSrt1G8d/2ZK13xwL5vtxf3jvo8+ZLtfLTxLzRg9uRrzUcvybrB3/pMXxz96P8122cSy980q7dZ3jf7pWfoh4teXxX7+ilWx9fXKscT6MNc+Kzf66dey3du33O/7s+B/YOv6RZOP12tr22/h+3z9pu3WPxB/dn/97kk8a5T35Y9fK9fr8eMSe5MPNj0+sP7dZb26fxX/i+Nb93/r5/8va6+yPiE+7jP/W0R9f3tdN/H06/tPbOv7bL9z74LPv2rXfXf/3RqN0In+km/6vw34VY8dnMwAAAAAAAOxehYg4FEmhtFYuFEql1fs7jsaBQqVaq5+8WF24PB2N78qORLHQvNJ9eMP9EOP5/bDN+sRj9cmIOBIRXw/tb9RLU9XKdL+DBwAAAAAAAAAAAAAAAAAAgF3iYJvv/2d+H+r33gFPnZ/8hsHVMf978UtPwK7k7z8MLvkPg0v+w+CS/zC45D8MLvkPg0v+w+CS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBT58+dy5aV5YfXp7L69NXFhdnq1VPTaW22NLcwVZqqzl8pzVSrM5W0NFWd6/R6lWr1yvhELFwbq6e1+lhtcenCXHXhcv3CpbnyTHohLT6TqAAAAAAAAAAAAAAAAAAAAOD5Ultcmi1XKum8gsKOCsO7YzcUelzod88EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOv+DQAA//8Kozfs") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0xf0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f0000000180)='\x00', 0x1, 0x87ff) write(r0, &(0x7f0000001700)="7e7226ce9b4d692092ffa2b579f0ff5793012c9738a9be19ff3e69a683a0a1bbace0dc3853c661a4e1019e7a1f3af60350126cb99c5f3ace6f5616c00e0fb30b2832398fed6233b8632a001dd0a846cbb8a5d77e3208db486b055edb6ae7917f07ccf4b6811be57047aa17799359e733ec395940d1feb7a9ec2ddadb1ff610706e692e6ac97aaae883e5522f8e86c2403aec0ff8dee1cba5d40f0969470b9a2a95f6f22f9d4250809400ea8403a654094800088dc0b7d3927a76d459e7ba6b588dc122d342047f561e9f5e669da8b1047b56cb2d98cb46b38defeda69888de2d62e7938bdbaada9879313d815294b3d8c753ca30d5c29aae77c981d120375cca5d1e53a9622baed9fd1802e07a72a2a106f594d6e4e62f8b761c0c54adf3f465c096acc07c9e5b72ac30a2d0ea3af63e684abc4d11c0530c1233922e3e0846129038a9514132662b1fce257c7828e33158b139193fd4f9aeedd6ab4f40f1f9b474d512ab80711f8c7604b310fce608afba3d01", 0x173) 1.36043287s ago: executing program 0 (id=87): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) recvmsg(r3, 0x0, 0x40000101) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.248327827s ago: executing program 2 (id=88): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) utimes(0x0, 0x0) 823.778311ms ago: executing program 3 (id=89): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7}, 0x1c) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r3, 0x0, 0x0) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, 0x0, 0x0) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x5}}}, 0x24}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) syz_clone(0x83151, 0x0, 0x0, 0x0, 0x0, 0x0) io_setup(0x6, &(0x7f0000000680)=0x0) io_submit(r5, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x1, 0x0, r0, 0x0, 0x1802}]) 750.675726ms ago: executing program 2 (id=90): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0xe0902, 0x0) ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae09, &(0x7f0000000140)={0x1, 0x0, [{0xc0000001, 0xfffeffff, 0x1, 0x6ee8, 0x5, 0x30, 0x80000000}]}) 604.996134ms ago: executing program 2 (id=91): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x80) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r0, r2, 0x16, 0x0, @void}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r3, 0x0, 0x17, &(0x7f0000000000)=0xfffffffd, 0x57) 452.569043ms ago: executing program 1 (id=92): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@getqdisc={0x24, 0x26, 0x1, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x6, 0xd}, {0xfff1, 0x7}, {0x9, 0xfff2}}}, 0x24}}, 0x40044) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000380)={[{@acl}]}, 0x1, 0x561, &(0x7f0000000f80)="$eJzs3U1rG0cfAPD/ylbenycOhNCWUgw9NCWNHNt9SaGH9NyGBtp7KuyNCZajYMkhdgNNDs25hF5KA6X30nOPoV+gh36GQBsIJZj20IvLyivFL5ItJ7KtVL8frJnZXWl2NPsfz2gkFMDAGs3+FCJejoivk4jjEZHkx4YjPzi6et7yk1tT2ZbEysqnfyaN87J887majzuaZ16KiF++ijhT2FxubXFptlyppPN5fqw+d32strh09upceSadSa9NTE6ef2dy4v333u1ZXd+89Pe3nzwYynMn7iVxIY7lubX1eA6312ZGYzR/TYpxYcOJ4z0orJ8kbff+tOfXwc4M5XFejKwPOB5DedQD/31fRsQKMKCSHcf/b8XduRJgbzXHAc25fY/mwS+Mxx+uToA213949b2RONSYGx1ZTtbNjLL57kgPys/K+PmP+/eyLXr3PgTAtm7fiYhzw8Ob+78k7/+e3bkuztlYhv4P9s6DbPzzVrvxT6E1/ok245+jbWL3WWwf/4VHPSimo2z890Hb8W9r0WpkKM/9rzHmKyZXrlbSrG/7f0ScjuLBLL/Ves755YcrnY6tHf9lW1Z+cyyYX8ej4YPrHzNdrpefp85rPb4T8Urb8W/Sav+kTftnr8elLss4ld5/rdOx7eu/u1Z+iHijbfs/XdFKtl6fHGvcD2PNu2Kzv+6e+rVT+ftd/6z9j2xd/5Fk7XptbedlfH/onzRa68nrrat/dH//H0g+a6QP5Ptuluv1+fGIA8nHrf2F5v6Jp49t5pvnZ/U//frW/V+7+/9wRHzeZf3vnvzx1U7H+qH9p9u2f2t2u6H9d554+NEX33Uqv7v+7+1G6nS+p5v+r9sLfJ7XDgAAAAAAAPpNISKORVIotdKFQqm0+vmOk3GkUKnW6meuVBeuTUfju7IjUSw0V7qPr/k8xHi+YtjMT2zIT0bEiYj4ZuhwI1+aqlam97vyAAAAAAAAAAAAAAAAAAAA0CeOdvj+f+b3of2+OmDX+clvGFzbxn8vfukJ6Ev+/8PgEv8wuMQ/DC7xD4NL/MPgEv8wuMQ/DC7xDwAAAAAAAAAAAAAAAAAAAAAAAAAAAD116eLFbFtZfnJrKstP31hcmK3eODud1mZLcwtTpanq/PXSTLU6U0lLU9W57Z6vUq1eH5+IhZtj9bRWH6stLl2eqy5cq1++OleeSS+nxT2pFQAAAAAAAAAAAAAAAAAAALxYaotLs+VKJZ2XkHimxHB/XIZEjxP73TMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFP/BgAA//9q6zMB") setxattr$incfs_metadata(&(0x7f0000000240)='./file1\x00', &(0x7f0000000000), &(0x7f00000002c0)="ff7f000000000000000000004406e8a5c812ca847e3bf9b837c91d46ab", 0x1d, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f0000000000)=ANY=[], 0x361, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000340)=ANY=[], 0xfe37, 0x0) 265.841004ms ago: executing program 2 (id=93): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x1c, r4, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x67) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x0, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xf, 0x4, &(0x7f00000000c0)=ANY=[@ANYRES64=r3, @ANYRES64=r3, @ANYRESHEX=r1], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$HCIINQUIRY(r5, 0x400448ca, 0x0) ioctl$sock_bt_hci(r5, 0x400448c9, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=94): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000000c0), 0x12) sync() kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.203' (ED25519) to the list of known hosts. [ 55.845961][ T5751] cgroup: Unknown subsys name 'net' [ 56.010547][ T5751] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 57.376677][ T5751] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 58.785148][ T5771] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 58.805117][ T5771] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 58.812840][ T5771] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 58.821423][ T5771] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 58.823841][ T5773] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 58.835948][ T5771] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 58.837868][ T5774] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 58.844887][ T5776] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 58.852014][ T5773] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 58.858163][ T5776] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 58.865652][ T5773] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 58.872218][ T5776] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 58.878260][ T5775] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 58.894079][ T5776] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 58.894649][ T5775] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 58.901923][ T5776] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 58.909242][ T5773] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 58.916863][ T5776] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 58.923243][ T5775] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 58.930424][ T5776] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 58.938477][ T51] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 58.944159][ T5776] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 58.950834][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 58.965461][ T5775] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.356504][ T5762] chnl_net:caif_netlink_parms(): no params data found [ 59.451183][ T5764] chnl_net:caif_netlink_parms(): no params data found [ 59.485784][ T5765] chnl_net:caif_netlink_parms(): no params data found [ 59.509887][ T5762] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.518225][ T5762] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.525614][ T5762] bridge_slave_0: entered allmulticast mode [ 59.532312][ T5762] bridge_slave_0: entered promiscuous mode [ 59.548657][ T5762] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.555905][ T5762] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.563055][ T5762] bridge_slave_1: entered allmulticast mode [ 59.570522][ T5762] bridge_slave_1: entered promiscuous mode [ 59.581778][ T5763] chnl_net:caif_netlink_parms(): no params data found [ 59.664353][ T5762] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.684616][ T5762] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.763033][ T5764] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.770374][ T5764] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.779911][ T5764] bridge_slave_0: entered allmulticast mode [ 59.786673][ T5764] bridge_slave_0: entered promiscuous mode [ 59.797358][ T5762] team0: Port device team_slave_0 added [ 59.803445][ T5765] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.810656][ T5765] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.817862][ T5765] bridge_slave_0: entered allmulticast mode [ 59.825000][ T5765] bridge_slave_0: entered promiscuous mode [ 59.836477][ T5764] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.843626][ T5764] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.851080][ T5764] bridge_slave_1: entered allmulticast mode [ 59.858350][ T5764] bridge_slave_1: entered promiscuous mode [ 59.866693][ T5762] team0: Port device team_slave_1 added [ 59.882286][ T5765] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.892432][ T5765] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.899853][ T5765] bridge_slave_1: entered allmulticast mode [ 59.907379][ T5765] bridge_slave_1: entered promiscuous mode [ 59.967570][ T5765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.980452][ T5765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.992245][ T5764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.029469][ T5763] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.036807][ T5763] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.044682][ T5763] bridge_slave_0: entered allmulticast mode [ 60.051310][ T5763] bridge_slave_0: entered promiscuous mode [ 60.060339][ T5764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.072726][ T5762] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.079797][ T5762] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.105912][ T5762] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.119560][ T5762] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.126579][ T5762] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.152624][ T5762] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.167770][ T5765] team0: Port device team_slave_0 added [ 60.174160][ T5763] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.181285][ T5763] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.190949][ T5763] bridge_slave_1: entered allmulticast mode [ 60.197722][ T5763] bridge_slave_1: entered promiscuous mode [ 60.239398][ T5765] team0: Port device team_slave_1 added [ 60.267798][ T5764] team0: Port device team_slave_0 added [ 60.278382][ T5763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.298420][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.305451][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.331477][ T5765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.351712][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.358754][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.386943][ T5765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.400061][ T5764] team0: Port device team_slave_1 added [ 60.417174][ T5763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.442339][ T5762] hsr_slave_0: entered promiscuous mode [ 60.448656][ T5762] hsr_slave_1: entered promiscuous mode [ 60.517693][ T5763] team0: Port device team_slave_0 added [ 60.524132][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.531180][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.557252][ T5764] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.590149][ T5763] team0: Port device team_slave_1 added [ 60.596734][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.603678][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.630245][ T5764] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.681184][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.688513][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.714756][ T5763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.736526][ T5765] hsr_slave_0: entered promiscuous mode [ 60.742960][ T5765] hsr_slave_1: entered promiscuous mode [ 60.750408][ T5765] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.758340][ T5765] Cannot create hsr debugfs directory [ 60.779404][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.788021][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.814235][ T5763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.850475][ T5764] hsr_slave_0: entered promiscuous mode [ 60.859140][ T5764] hsr_slave_1: entered promiscuous mode [ 60.865179][ T5764] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.872719][ T5764] Cannot create hsr debugfs directory [ 60.951746][ T5763] hsr_slave_0: entered promiscuous mode [ 60.958064][ T5763] hsr_slave_1: entered promiscuous mode [ 60.966810][ T5763] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 60.974511][ T5763] Cannot create hsr debugfs directory [ 61.014997][ T5768] Bluetooth: hci0: command tx timeout [ 61.020764][ T5768] Bluetooth: hci3: command tx timeout [ 61.022089][ T5775] Bluetooth: hci1: command tx timeout [ 61.026762][ T5082] Bluetooth: hci2: command tx timeout [ 61.221620][ T5762] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 61.269147][ T5762] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 61.278241][ T5762] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 61.302900][ T5762] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 61.370401][ T5765] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 61.383188][ T5765] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 61.394339][ T5765] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 61.406194][ T5765] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 61.478647][ T5764] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 61.509214][ T5764] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 61.520326][ T5764] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 61.550105][ T5764] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 61.577076][ T5763] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 61.589037][ T5763] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 61.599607][ T5763] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 61.620717][ T5763] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 61.694787][ T5762] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.763310][ T5762] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.779961][ T2939] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.787304][ T2939] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.808656][ T5765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.822791][ T2939] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.829906][ T2939] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.868337][ T5765] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.897882][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.905124][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.917518][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.924692][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.962743][ T5763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.981709][ T5764] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.030143][ T5763] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.047509][ T5764] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.063316][ T126] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.070450][ T126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.092881][ T126] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.100045][ T126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.122473][ T2939] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.129728][ T2939] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.152456][ T2939] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.159698][ T2939] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.262078][ T5764] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 62.588131][ T5765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.606736][ T5762] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.701927][ T5765] veth0_vlan: entered promiscuous mode [ 62.727067][ T5764] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.736123][ T5765] veth1_vlan: entered promiscuous mode [ 62.770593][ T5762] veth0_vlan: entered promiscuous mode [ 62.787839][ T5763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.811406][ T5762] veth1_vlan: entered promiscuous mode [ 62.830414][ T5765] veth0_macvtap: entered promiscuous mode [ 62.848438][ T5765] veth1_macvtap: entered promiscuous mode [ 62.886603][ T5764] veth0_vlan: entered promiscuous mode [ 62.904817][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.920506][ T5763] veth0_vlan: entered promiscuous mode [ 62.932528][ T5764] veth1_vlan: entered promiscuous mode [ 62.944223][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.963300][ T5765] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.974910][ T5765] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.983622][ T5765] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.992748][ T5765] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.008636][ T5763] veth1_vlan: entered promiscuous mode [ 63.039630][ T5762] veth0_macvtap: entered promiscuous mode [ 63.061431][ T5762] veth1_macvtap: entered promiscuous mode [ 63.096667][ T5082] Bluetooth: hci1: command tx timeout [ 63.102095][ T5082] Bluetooth: hci0: command tx timeout [ 63.104592][ T5768] Bluetooth: hci2: command tx timeout [ 63.108590][ T51] Bluetooth: hci3: command tx timeout [ 63.129237][ T5763] veth0_macvtap: entered promiscuous mode [ 63.142922][ T5763] veth1_macvtap: entered promiscuous mode [ 63.166912][ T5764] veth0_macvtap: entered promiscuous mode [ 63.177016][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.187816][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.199378][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.230584][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.241278][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.251280][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.261856][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.273558][ T5762] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.288209][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.298538][ T5764] veth1_macvtap: entered promiscuous mode [ 63.303220][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.312666][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.328983][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.341489][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.352738][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.363826][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.373871][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.384613][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.395531][ T5762] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.412718][ T5762] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.421811][ T5762] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.433186][ T5762] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.442716][ T5762] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.487813][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.488913][ T5763] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.501941][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.510239][ T5763] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.522839][ T5763] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.531729][ T5763] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.583740][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.595139][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.605047][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.615491][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.625568][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.639313][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.651323][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.696132][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.717398][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.728759][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.739640][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.749656][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.760169][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.772074][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.784760][ T5764] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.795910][ T5764] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.804716][ T5764] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.813504][ T5764] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.905232][ T1134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.913094][ T1134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.990639][ T1149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.002590][ T1149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.731484][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.751551][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.812636][ T126] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.865387][ T126] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.931104][ T2939] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.953873][ T2939] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.973428][ T5852] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 65.038075][ T5852] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 65.174409][ T51] Bluetooth: hci2: command tx timeout [ 65.179879][ T51] Bluetooth: hci3: command tx timeout [ 65.185796][ T51] Bluetooth: hci1: command tx timeout [ 65.191227][ T51] Bluetooth: hci0: command tx timeout [ 65.212610][ T126] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.233806][ T126] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.451470][ T5860] vcan0: entered allmulticast mode [ 65.457788][ T5861] vcan0: left allmulticast mode [ 66.736175][ T5881] syz.3.11[5881]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 66.985801][ T5885] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13'. [ 67.254507][ T5768] Bluetooth: hci1: command tx timeout [ 67.260664][ T5768] Bluetooth: hci3: command tx timeout [ 67.266440][ T5768] Bluetooth: hci2: command tx timeout [ 67.272799][ T51] Bluetooth: hci0: command tx timeout [ 69.266722][ T5881] loop3: detected capacity change from 0 to 40427 [ 69.383314][ T5881] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 69.432683][ T5881] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 69.608931][ T5881] F2FS-fs (loop3): Found nat_bits in checkpoint [ 69.923958][ C0] sched: RT throttling activated [ 70.305986][ T5913] Zero length message leads to an empty skb [ 71.527403][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.536530][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.692836][ T5919] capability: warning: `syz.2.21' uses deprecated v2 capabilities in a way that may be insecure [ 72.027626][ T5926] loop3: detected capacity change from 0 to 256 [ 72.411184][ T5936] process 'syz.0.28' launched './file0' with NULL argv: empty string added [ 73.404782][ T34] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 73.652631][ T34] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 73.702719][ T34] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 73.755492][ T34] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 73.779340][ T34] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 73.818003][ T34] usb 2-1: SerialNumber: syz [ 74.759385][ T5952] ======================================================= [ 74.759385][ T5952] WARNING: The mand mount option has been deprecated and [ 74.759385][ T5952] and is ignored by this kernel. Remove the mand [ 74.759385][ T5952] option from the mount to silence this warning. [ 74.759385][ T5952] ======================================================= [ 74.807270][ T27] audit: type=1326 audit(1769590382.819:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5949 comm="syz.0.32" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa0e19aeb9 code=0x7ffc0000 [ 74.907941][ T27] audit: type=1326 audit(1769590382.819:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5949 comm="syz.0.32" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa0e19aeb9 code=0x7ffc0000 [ 74.941584][ T27] audit: type=1326 audit(1769590382.819:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5949 comm="syz.0.32" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7ffa0e19aeb9 code=0x7ffc0000 [ 75.145981][ T5953] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 75.156647][ T27] audit: type=1326 audit(1769590382.859:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5949 comm="syz.0.32" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa0e19aeb9 code=0x7ffc0000 [ 75.251812][ T27] audit: type=1326 audit(1769590382.859:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5949 comm="syz.0.32" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa0e19aeb9 code=0x7ffc0000 [ 75.305807][ T27] audit: type=1326 audit(1769590382.859:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5949 comm="syz.0.32" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffa0e19aeb9 code=0x7ffc0000 [ 75.399809][ T27] audit: type=1326 audit(1769590382.859:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5949 comm="syz.0.32" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa0e19aeb9 code=0x7ffc0000 [ 75.501358][ T27] audit: type=1326 audit(1769590382.859:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5949 comm="syz.0.32" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa0e19aeb9 code=0x7ffc0000 [ 75.555247][ T27] audit: type=1326 audit(1769590382.859:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5949 comm="syz.0.32" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ffa0e19aeb9 code=0x7ffc0000 [ 75.596771][ T27] audit: type=1326 audit(1769590383.089:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5949 comm="syz.0.32" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa0e19aeb9 code=0x7ffc0000 [ 75.651911][ T5959] bridge1: entered allmulticast mode [ 78.337067][ T34] usb 2-1: 0:2 : does not exist [ 78.342245][ T34] usb 2-1: unit 48 not found! [ 78.473193][ T34] usb 2-1: USB disconnect, device number 2 [ 78.532291][ T5757] udevd[5757]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 78.650441][ T5977] loop0: detected capacity change from 0 to 512 [ 78.720026][ T5977] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 78.811023][ T5977] EXT4-fs (loop0): orphan cleanup on readonly fs [ 78.844871][ T5977] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.36: bg 0: block 248: padding at end of block bitmap is not set [ 78.867531][ T5977] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.36: Failed to acquire dquot type 1 [ 78.893712][ T5977] EXT4-fs (loop0): 1 truncate cleaned up [ 78.927797][ T5977] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 80.605460][ T5984] loop1: detected capacity change from 0 to 256 [ 80.675334][ T5984] exfat: Deprecated parameter 'utf8' [ 80.680673][ T5984] exfat: Deprecated parameter 'utf8' [ 80.768858][ T5984] exfat: Deprecated parameter 'utf8' [ 80.853555][ T5984] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d) [ 81.256698][ T5765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.912596][ T9] cfg80211: failed to load regulatory.db [ 82.918156][ T6002] loop0: detected capacity change from 0 to 512 [ 83.154516][ T6002] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.201259][ T5992] loop2: detected capacity change from 0 to 40427 [ 83.225411][ T6002] ext4 filesystem being mounted at /15/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 83.283033][ T5992] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 83.325353][ T5992] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 83.488541][ T5992] F2FS-fs (loop2): Found nat_bits in checkpoint [ 83.529210][ T6007] xt_hashlimit: size too large, truncated to 1048576 [ 83.650056][ T5996] loop1: detected capacity change from 0 to 40427 [ 83.669925][ T5996] F2FS-fs (loop1): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288) [ 83.691170][ T5996] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 83.705052][ T5996] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x35f7 [ 83.715762][ T5996] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x7ffff [ 83.726614][ T5992] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 83.734058][ T5992] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 83.754584][ T5996] F2FS-fs (loop1): Image doesn't support compression [ 83.795477][ T5996] F2FS-fs (loop1): invalid crc value [ 83.820591][ T5996] F2FS-fs (loop1): Found nat_bits in checkpoint [ 83.976857][ T5996] F2FS-fs (loop1): Start checkpoint disabled! [ 84.023219][ T5996] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 84.060167][ T5996] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 84.075745][ T5765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.880245][ T6020] loop0: detected capacity change from 0 to 40427 [ 84.900544][ T6020] F2FS-fs (loop0): build fault injection attr: rate: 174, type: 0x7ffff [ 85.182524][ T5757] I/O error, dev loop0, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 86.700826][ T6040] loop1: detected capacity change from 0 to 512 [ 86.883106][ T6040] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 86.902818][ T6040] EXT4-fs (loop1): orphan cleanup on readonly fs [ 86.921221][ T6040] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.53: bg 0: block 248: padding at end of block bitmap is not set [ 86.941878][ T6040] __quota_error: 3 callbacks suppressed [ 86.941912][ T6040] Quota error (device loop1): write_blk: dquota write failed [ 86.955740][ T6040] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 86.966010][ T6040] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.53: Failed to acquire dquot type 1 [ 86.994442][ T6040] EXT4-fs (loop1): 1 truncate cleaned up [ 87.037476][ T6040] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 87.991981][ T6047] loop2: detected capacity change from 0 to 512 [ 89.229878][ T5762] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.376138][ T6047] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.454111][ T6047] ext4 filesystem being mounted at /15/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 89.507983][ T6053] netlink: 84 bytes leftover after parsing attributes in process `syz.1.57'. [ 90.180070][ T5764] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.915208][ T6085] netlink: 84 bytes leftover after parsing attributes in process `syz.0.66'. [ 95.685126][ T6092] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 95.789199][ T6096] loop2: detected capacity change from 0 to 512 [ 95.910885][ T6096] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.962900][ T6096] ext4 filesystem being mounted at /18/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 97.192888][ T6121] loop3: detected capacity change from 0 to 1024 [ 97.469688][ T6126] binder: BINDER_SET_CONTEXT_MGR already set [ 97.476081][ T6126] binder: 6117:6126 ioctl 4018620d 200000000040 returned -16 [ 97.859336][ T5764] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.152052][ T6121] EXT4-fs: Ignoring removed i_version option [ 98.177661][ T6121] EXT4-fs: inline encryption not supported [ 98.197867][ T6121] EXT4-fs (loop3): Test dummy encryption mode enabled [ 98.584117][ T0] NOHZ tick-stop error: local softirq work is pending, handler #1ca!!! [ 98.594665][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 99.505722][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 99.569532][ T6121] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.915631][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.302129][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.214308][ T6154] loop2: detected capacity change from 0 to 256 [ 104.261023][ T6154] FAT-fs (loop2): Directory bread(block 64) failed [ 104.267971][ T6154] FAT-fs (loop2): Directory bread(block 65) failed [ 104.274634][ T6154] FAT-fs (loop2): Directory bread(block 66) failed [ 104.281183][ T6154] FAT-fs (loop2): Directory bread(block 67) failed [ 104.287873][ T6154] FAT-fs (loop2): Directory bread(block 68) failed [ 104.294487][ T6154] FAT-fs (loop2): Directory bread(block 69) failed [ 104.301146][ T6154] FAT-fs (loop2): Directory bread(block 70) failed [ 104.307744][ T6154] FAT-fs (loop2): Directory bread(block 71) failed [ 104.314379][ T6154] FAT-fs (loop2): Directory bread(block 72) failed [ 104.321303][ T6154] FAT-fs (loop2): Directory bread(block 73) failed [ 104.507753][ T6167] loop3: detected capacity change from 0 to 1024 [ 104.575219][ T6167] EXT4-fs: Ignoring removed nobh option [ 104.604624][ T6167] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 104.760367][ T6167] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.781424][ T6170] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 104.925298][ T27] audit: type=1326 audit(1769590412.989:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6176 comm="syz.2.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d0579aeb9 code=0x7ffc0000 [ 104.949635][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.008235][ T27] audit: type=1326 audit(1769590412.989:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6176 comm="syz.2.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d0579aeb9 code=0x7ffc0000 [ 105.066604][ T27] audit: type=1326 audit(1769590412.989:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6176 comm="syz.2.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f6d057573ac code=0x7ffc0000 [ 105.089853][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.099272][ T27] audit: type=1326 audit(1769590412.989:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6176 comm="syz.2.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f6d0575740e code=0x7ffc0000 [ 105.133678][ T27] audit: type=1326 audit(1769590412.989:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6176 comm="syz.2.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6d0579ab4b code=0x7ffc0000 [ 105.180684][ T27] audit: type=1326 audit(1769590412.989:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6176 comm="syz.2.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f6d0579aeb9 code=0x7ffc0000 [ 105.248920][ T27] audit: type=1326 audit(1769590412.989:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6176 comm="syz.2.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d0579aeb9 code=0x7ffc0000 [ 105.314128][ T27] audit: type=1326 audit(1769590412.989:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6176 comm="syz.2.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d0579aeb9 code=0x7ffc0000 [ 105.337037][ T27] audit: type=1326 audit(1769590412.989:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6176 comm="syz.2.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f6d0579aeb9 code=0x7ffc0000 [ 105.449935][ T27] audit: type=1326 audit(1769590412.989:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6176 comm="syz.2.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f6d0579aeb9 code=0x7ffc0000 [ 105.473372][ T6186] netlink: 4 bytes leftover after parsing attributes in process `syz.3.89'. [ 105.482594][ T6188] loop1: detected capacity change from 0 to 1024 [ 105.575643][ T6188] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.847127][ T6196] ================================================================== [ 105.855217][ T6196] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 105.862941][ T6196] Read of size 18446744073709551588 at addr ffff8880587ab040 by task syz.1.92/6196 [ 105.872221][ T6196] [ 105.874548][ T6196] CPU: 0 PID: 6196 Comm: syz.1.92 Not tainted syzkaller #0 [ 105.881726][ T6196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 105.891778][ T6196] Call Trace: [ 105.895047][ T6196] [ 105.897961][ T6196] dump_stack_lvl+0x18c/0x250 [ 105.902625][ T6196] ? read_lock_is_recursive+0x20/0x20 [ 105.908004][ T6196] ? show_regs_print_info+0x20/0x20 [ 105.913219][ T6196] ? load_image+0x400/0x400 [ 105.917726][ T6196] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 105.923174][ T6196] ? __virt_addr_valid+0x18c/0x540 [ 105.928281][ T6196] ? __virt_addr_valid+0x469/0x540 [ 105.933385][ T6196] print_report+0xa8/0x210 [ 105.937832][ T6196] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 105.943283][ T6196] kasan_report+0x117/0x150 [ 105.947848][ T6196] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 105.953299][ T6196] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 105.958754][ T6196] kasan_check_range+0x241/0x290 [ 105.963683][ T6196] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 105.969310][ T6196] __asan_memmove+0x29/0x70 [ 105.973805][ T6196] ext4_xattr_set_entry+0x94b/0x1e90 [ 105.979087][ T6196] ext4_xattr_block_set+0xae8/0x32b0 [ 105.984384][ T6196] ? ext4_destroy_inode+0x200/0x200 [ 105.989574][ T6196] ? proc_nr_inodes+0x230/0x230 [ 105.994426][ T6196] ? do_raw_spin_unlock+0x121/0x230 [ 105.999624][ T6196] ? _raw_spin_unlock+0x28/0x40 [ 106.004467][ T6196] ? ext4_xattr_block_find+0x350/0x350 [ 106.009931][ T6196] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 106.015304][ T6196] ext4_xattr_set_handle+0x1280/0x14c0 [ 106.020772][ T6196] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 106.026744][ T6196] ? __ext4_journal_start_sb+0x259/0x560 [ 106.032372][ T6196] ext4_xattr_set+0x252/0x340 [ 106.037044][ T6196] ? end_current_label_crit_section+0x170/0x170 [ 106.043275][ T6196] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 106.048812][ T6196] ? posix_xattr_acl+0x93/0xb0 [ 106.053562][ T6196] ? ext4_xattr_trusted_get+0x40/0x40 [ 106.058945][ T6196] __vfs_setxattr+0x431/0x470 [ 106.063634][ T6196] __vfs_setxattr_noperm+0x12d/0x5e0 [ 106.068922][ T6196] vfs_setxattr+0x16b/0x2f0 [ 106.073429][ T6196] ? xattr_permission+0x470/0x470 [ 106.078448][ T6196] ? __mnt_want_write+0x223/0x2a0 [ 106.083466][ T6196] ? path_setxattr+0x3a1/0x5d0 [ 106.088225][ T6196] path_setxattr+0x3f3/0x5d0 [ 106.092813][ T6196] ? simple_xattrs_free+0x150/0x150 [ 106.098017][ T6196] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 106.103986][ T6196] ? lock_chain_count+0x20/0x20 [ 106.108832][ T6196] __x64_sys_lsetxattr+0xb8/0xd0 [ 106.113768][ T6196] do_syscall_64+0x55/0xa0 [ 106.118174][ T6196] ? clear_bhb_loop+0x40/0x90 [ 106.122835][ T6196] ? clear_bhb_loop+0x40/0x90 [ 106.127499][ T6196] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 106.133383][ T6196] RIP: 0033:0x7f79a0b9aeb9 [ 106.137795][ T6196] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 106.157390][ T6196] RSP: 002b:00007f79a19be028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 106.165795][ T6196] RAX: ffffffffffffffda RBX: 00007f79a0e16090 RCX: 00007f79a0b9aeb9 [ 106.173753][ T6196] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0 [ 106.181710][ T6196] RBP: 00007f79a0c08c1f R08: 0000000000000000 R09: 0000000000000000 [ 106.189668][ T6196] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 106.197630][ T6196] R13: 00007f79a0e16128 R14: 00007f79a0e16090 R15: 00007ffea2261b48 [ 106.205778][ T6196] [ 106.208781][ T6196] [ 106.211098][ T6196] Allocated by task 6196: [ 106.215408][ T6196] kasan_set_track+0x4e/0x70 [ 106.219988][ T6196] __kasan_kmalloc+0x8f/0xa0 [ 106.224566][ T6196] __kmalloc_node_track_caller+0xb2/0x230 [ 106.230285][ T6196] kmemdup+0x2b/0x70 [ 106.234168][ T6196] ext4_xattr_block_set+0x9ea/0x32b0 [ 106.239460][ T6196] ext4_xattr_set_handle+0x1280/0x14c0 [ 106.244906][ T6196] ext4_xattr_set+0x252/0x340 [ 106.249571][ T6196] __vfs_setxattr+0x431/0x470 [ 106.254246][ T6196] __vfs_setxattr_noperm+0x12d/0x5e0 [ 106.259522][ T6196] vfs_setxattr+0x16b/0x2f0 [ 106.264019][ T6196] path_setxattr+0x3f3/0x5d0 [ 106.268608][ T6196] __x64_sys_lsetxattr+0xb8/0xd0 [ 106.273532][ T6196] do_syscall_64+0x55/0xa0 [ 106.277944][ T6196] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 106.283821][ T6196] [ 106.286237][ T6196] The buggy address belongs to the object at ffff8880587ab000 [ 106.286237][ T6196] which belongs to the cache kmalloc-1k of size 1024 [ 106.300277][ T6196] The buggy address is located 64 bytes inside of [ 106.300277][ T6196] 1024-byte region [ffff8880587ab000, ffff8880587ab400) [ 106.313534][ T6196] [ 106.315843][ T6196] The buggy address belongs to the physical page: [ 106.322245][ T6196] page:ffffea000161ea00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x587a8 [ 106.332378][ T6196] head:ffffea000161ea00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 106.341295][ T6196] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 106.349262][ T6196] page_type: 0xffffffff() [ 106.353576][ T6196] raw: 00fff00000000840 ffff888017c41dc0 ffffea0001f74000 0000000000000002 [ 106.362327][ T6196] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 106.370893][ T6196] page dumped because: kasan: bad access detected [ 106.377296][ T6196] page_owner tracks the page as allocated [ 106.383019][ T6196] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 1134, tgid 1134 (kworker/u4:6), ts 82203399866, free_ts 15859101976 [ 106.403666][ T6196] post_alloc_hook+0x1c1/0x200 [ 106.408425][ T6196] get_page_from_freelist+0x1951/0x19e0 [ 106.413954][ T6196] __alloc_pages+0x1f0/0x460 [ 106.418531][ T6196] alloc_slab_page+0x5d/0x160 [ 106.423189][ T6196] new_slab+0x87/0x2d0 [ 106.427269][ T6196] ___slab_alloc+0xc5d/0x12f0 [ 106.431934][ T6196] __kmem_cache_alloc_node+0x19e/0x250 [ 106.437380][ T6196] __kmalloc+0xa4/0x230 [ 106.441520][ T6196] ieee802_11_parse_elems_full+0xb9/0x20c0 [ 106.447314][ T6196] ieee80211_ibss_rx_queued_mgmt+0x4b5/0x2c80 [ 106.453369][ T6196] ieee80211_iface_work+0x717/0xc70 [ 106.458555][ T6196] cfg80211_wiphy_work+0x225/0x260 [ 106.463657][ T6196] process_scheduled_works+0xa5d/0x15d0 [ 106.469190][ T6196] worker_thread+0xa55/0xfc0 [ 106.473767][ T6196] kthread+0x2fa/0x390 [ 106.477821][ T6196] ret_from_fork+0x48/0x80 [ 106.482229][ T6196] page last free stack trace: [ 106.486884][ T6196] free_unref_page_prepare+0x7b2/0x8c0 [ 106.492334][ T6196] free_unref_page+0x32/0x2e0 [ 106.496997][ T6196] free_contig_range+0xa1/0x150 [ 106.501831][ T6196] destroy_args+0x80/0x850 [ 106.506257][ T6196] debug_vm_pgtable+0x411/0x440 [ 106.511096][ T6196] do_one_initcall+0x242/0x790 [ 106.515863][ T6196] do_initcall_level+0x137/0x1f0 [ 106.520786][ T6196] do_initcalls+0x69/0xd0 [ 106.525186][ T6196] kernel_init_freeable+0x3ed/0x580 [ 106.530375][ T6196] kernel_init+0x1d/0x1c0 [ 106.534691][ T6196] ret_from_fork+0x48/0x80 [ 106.539091][ T6196] ret_from_fork_asm+0x11/0x20 [ 106.543841][ T6196] [ 106.546148][ T6196] Memory state around the buggy address: [ 106.551760][ T6196] ffff8880587aaf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 106.559803][ T6196] ffff8880587aaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 106.567844][ T6196] >ffff8880587ab000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 106.575889][ T6196] ^ [ 106.582120][ T6196] ffff8880587ab080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 106.590169][ T6196] ffff8880587ab100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 106.598220][ T6196] ================================================================== [ 106.708487][ T6196] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 106.715721][ T6196] CPU: 0 PID: 6196 Comm: syz.1.92 Not tainted syzkaller #0 [ 106.723020][ T6196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 106.733089][ T6196] Call Trace: [ 106.736399][ T6196] [ 106.739337][ T6196] dump_stack_lvl+0x18c/0x250 [ 106.744031][ T6196] ? show_regs_print_info+0x20/0x20 [ 106.749240][ T6196] ? load_image+0x400/0x400 [ 106.753770][ T6196] panic+0x2dc/0x730 [ 106.757676][ T6196] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 106.763845][ T6196] ? bpf_jit_dump+0xd0/0xd0 [ 106.768363][ T6196] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 106.774355][ T6196] ? _raw_spin_unlock+0x40/0x40 [ 106.779209][ T6196] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 106.784654][ T6196] check_panic_on_warn+0x84/0xa0 [ 106.789767][ T6196] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 106.795295][ T6196] end_report+0x6f/0x130 [ 106.799523][ T6196] kasan_report+0x128/0x150 [ 106.804451][ T6196] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 106.809892][ T6196] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 106.815335][ T6196] kasan_check_range+0x241/0x290 [ 106.820254][ T6196] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 106.825691][ T6196] __asan_memmove+0x29/0x70 [ 106.830173][ T6196] ext4_xattr_set_entry+0x94b/0x1e90 [ 106.835447][ T6196] ext4_xattr_block_set+0xae8/0x32b0 [ 106.840713][ T6196] ? ext4_destroy_inode+0x200/0x200 [ 106.845987][ T6196] ? proc_nr_inodes+0x230/0x230 [ 106.850818][ T6196] ? do_raw_spin_unlock+0x121/0x230 [ 106.855998][ T6196] ? _raw_spin_unlock+0x28/0x40 [ 106.860826][ T6196] ? ext4_xattr_block_find+0x350/0x350 [ 106.866284][ T6196] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 106.871675][ T6196] ext4_xattr_set_handle+0x1280/0x14c0 [ 106.877164][ T6196] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 106.883168][ T6196] ? __ext4_journal_start_sb+0x259/0x560 [ 106.888822][ T6196] ext4_xattr_set+0x252/0x340 [ 106.893511][ T6196] ? end_current_label_crit_section+0x170/0x170 [ 106.899765][ T6196] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 106.905325][ T6196] ? posix_xattr_acl+0x93/0xb0 [ 106.910100][ T6196] ? ext4_xattr_trusted_get+0x40/0x40 [ 106.915512][ T6196] __vfs_setxattr+0x431/0x470 [ 106.920211][ T6196] __vfs_setxattr_noperm+0x12d/0x5e0 [ 106.925511][ T6196] vfs_setxattr+0x16b/0x2f0 [ 106.930031][ T6196] ? xattr_permission+0x470/0x470 [ 106.935068][ T6196] ? __mnt_want_write+0x223/0x2a0 [ 106.940213][ T6196] ? path_setxattr+0x3a1/0x5d0 [ 106.945434][ T6196] path_setxattr+0x3f3/0x5d0 [ 106.950050][ T6196] ? simple_xattrs_free+0x150/0x150 [ 106.955545][ T6196] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 106.961549][ T6196] ? lock_chain_count+0x20/0x20 [ 106.966418][ T6196] __x64_sys_lsetxattr+0xb8/0xd0 [ 106.971373][ T6196] do_syscall_64+0x55/0xa0 [ 106.975807][ T6196] ? clear_bhb_loop+0x40/0x90 [ 106.980496][ T6196] ? clear_bhb_loop+0x40/0x90 [ 106.985190][ T6196] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 106.991127][ T6196] RIP: 0033:0x7f79a0b9aeb9 [ 106.995545][ T6196] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 107.015228][ T6196] RSP: 002b:00007f79a19be028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 107.023642][ T6196] RAX: ffffffffffffffda RBX: 00007f79a0e16090 RCX: 00007f79a0b9aeb9 [ 107.031606][ T6196] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0 [ 107.039571][ T6196] RBP: 00007f79a0c08c1f R08: 0000000000000000 R09: 0000000000000000 [ 107.047534][ T6196] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 107.055494][ T6196] R13: 00007f79a0e16128 R14: 00007f79a0e16090 R15: 00007ffea2261b48 [ 107.063463][ T6196] [ 107.066784][ T6196] Kernel Offset: disabled [ 107.071091][ T6196] Rebooting in 86400 seconds..