last executing test programs: 15.065405443s ago: executing program 1 (id=2): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x10092, &(0x7f0000000080)={[{@nodioread_nolock}]}, 0xff, 0x249, &(0x7f0000000880)="$eJzs3T9oM2UcB/DvXRJr3jfIqy6C+AdERAvldRNcXifhBSlFRFChIuKitEJtcWudXBx0VunkUsTN6ihdiosiOFXtUBdBi4PFQYdIcqnUNuKf1Jz0Ph+43F1yz/2e4+77JBkuCdBYV5JcS9JKMpukk6Q4ucHd1XRltLrZ3V1M+v3HfyyG21XrleN2l5NsJHkoyU5Z5MV2srb99MHPe4/e98Zq5973tp/qTvUgRw4P9h87enf+9Q+vP7j2+Zffzxe5lt4fjuv8FWOeaxfJLf9Fsf+Jol13D/g7Fl794KtB7m9Ncs8w/52UqU7emys37HTywDt/1vatH764fZp9Bc5fv98ZvAdu9IHGKZP0UpRzSarlspybqz7Df926VL60vPLK7AvLq0vP1z1SAedl+L3345mPLp/K/3etKv/AxdVL9p9Y2PpmsHzUqrs3wFTcUc0G+Z99dv3+yD80jvxDc8k/NJf8Q3PJPzTSTOQfGk3+obnkH5pL/qG55B+a62T+AYBm6c+cuSW4GP4sAHDh1T3+AAAAAAAAAAAAAAAAAAAAZ212dxePp2nV/PTt5PCRJO1x9VvD/yNObhw+XvqpGGz2u6JqNpFn7ppwBxN6v+a7r2/6tqbC3Wr22Z011R9ZX0o2Xktytd0+e/0Vo+vv37v5L17vPDdhgX+oOLX+8JPTrX/ar1v11r++l3wyGH+ujht/ytw2nI8ff3qD8zdh/Zd/mXAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATM1vAQAA//8mi2g4") chroot(&(0x7f0000000300)='.\x00') syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file1\x00', 0x0, &(0x7f0000000000), 0xfe, 0x250, &(0x7f0000000300)="$eJzs3T9oJFUcB/DvzO565m7RUxtB/AMiooFwdoLN2SgcyHGICCqciNgod8J5h11iZWOhtUoqmyB2RktJE2wUwSpqitgIGiwMFlqs7M4G8mc1ZnfdkcznA5OZybyZ3xt2vm+3ebsBGutskvNJWknmk3SSFHsb3FctZ4e7y3Prl5Ne7+lfi0G7ar+ye96ZJEtJHk2yVhZ5tZ3cWH1+6/eNJx9853rngY9Wn5ub6U0ObW9tPrXz4cW3P73wyI2vv/35YpHz6e67r+krRvyvXSS3/xfF/ieKdt094N+49OYn3/Vzf0eS+wf576RM9eK9e+2mtU4e/uDvzn3vl2/ummVfgenr9Tr998ClHtA4ZZJuinIhSbVdlgsL1Wf471uny9euXntj/pWr16+8XPdIBUxLN9l84vNTn505kP+fWlX+gZOrn/9nLq380N/eadXdG2Am7q5W/fzPv7j4UOQfGkf+obnkH5pL/qG55B+aS/6hueQfTrDOPx+Wf2gu+Yfmkn9orr35BwCapXdqnFnDt05/IjIwc3WPPwAAAAAAAAAAAAAAAAAAwGHLc+uXd5dxr1Ecs/2X7yfbjydpj6rfGvwecXLz4O/p34p+s3212uN2dOiFeye8wIQ+rnn29S0/1lv/q3vqrb94JVl6K8m5dvvw81cMn7/x3XbE8c5LExY4poP5fOzZ2dY/6M+Veutf2Ei+6I8/50aNP2XuHKxHjz/do79i+Uiv/zHhBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJiZvwIAAP//1rxsXQ==") openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file1\x00', 0x0, &(0x7f0000000000), 0xfe, 0x250, &(0x7f0000000300)="$eJzs3T9oJFUcB/DvzO565m7RUxtB/AMiooFwdoLN2SgcyHGICCqciNgod8J5h11iZWOhtUoqmyB2RktJE2wUwSpqitgIGiwMFlqs7M4G8mc1ZnfdkcznA5OZybyZ3xt2vm+3ebsBGutskvNJWknmk3SSFHsb3FctZ4e7y3Prl5Ne7+lfi0G7ar+ye96ZJEtJHk2yVhZ5tZ3cWH1+6/eNJx9853rngY9Wn5ub6U0ObW9tPrXz4cW3P73wyI2vv/35YpHz6e67r+krRvyvXSS3/xfF/ieKdt094N+49OYn3/Vzf0eS+wf576RM9eK9e+2mtU4e/uDvzn3vl2/ummVfgenr9Tr998ClHtA4ZZJuinIhSbVdlgsL1Wf471uny9euXntj/pWr16+8XPdIBUxLN9l84vNTn505kP+fWlX+gZOrn/9nLq380N/eadXdG2Am7q5W/fzPv7j4UOQfGkf+obnkH5pL/qG55B+aS/6hueQfTrDOPx+Wf2gu+Yfmkn9orr35BwCapXdqnFnDt05/IjIwc3WPPwAAAAAAAAAAAAAAAAAAwGHLc+uXd5dxr1Ecs/2X7yfbjydpj6rfGvwecXLz4O/p34p+s3212uN2dOiFeye8wIQ+rnn29S0/1lv/q3vqrb94JVl6K8m5dvvw81cMn7/x3XbE8c5LExY4poP5fOzZ2dY/6M+Veutf2Ei+6I8/50aNP2XuHKxHjz/do79i+Uiv/zHhBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJiZvwIAAP//1rxsXQ==") r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/tty/ldiscs\x00', 0x0, 0x0) read$hiddev(r0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804071, 0x0, 0x0, 0x0, &(0x7f0000000140)) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x142, 0x184) mknod$loop(&(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8, 0x1) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") 13.847662288s ago: executing program 1 (id=5): syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000000)='./file0\x00', 0x1810882, &(0x7f0000000040)=ANY=[@ANYBLOB="756e695f786c6174653d312c726f6469722c757466383d302c73686f72746e616d653d77696e6e742c757466383d302c757466383d312c756e695f786c6174653d302c696f636861727365743d63703433372c756e695f786c6174653d302c6572726f72733d72656d6f756e742d726f2c757466383d312c757466383d312c73686f72746e616d653d77696e39352c6e66733d6e6f7374616c655f726f2c756e695f786c6174653d312c73686f72746e616d653d77696e39352c646973636172642c004338cb8631b26441e86414f461975e105d02960776fcb7ddfd80b96c1b2ffd13d5cc37784797dbc9e26b7c39310b49940995ce6e6ce1c218890b59506de99e2dd234abcde0be50d3de656741fee78f74e94ee73bd6d7162f0d2a8275e0a6125615ce223c21fe303d561d81b2681dce1c0b7061c5a347b2040e7b6c9210507527467dad005f3e38c47d4daa9d76c69f51ffeb2f81123fe54df14c6c02413e51ba63c35f11"], 0x0, 0x2b9, &(0x7f0000000280)="$eJzs3T9rc1UYAPDnpmkSdUgGJxG8oIPTy9t3dUmVFqqZlAzqoMW2IE0QWij4B9NOri6OfgJBcHP1A7j4DQRXwc0OhSv35t4kbdPYaNP65/db+vTc85zznNPTlA45ef/54eFeGgdnn/0crVYStW504zyJTtSichqXdL8MAODf7DzL4rdsbJm8JCJaqysLAFihpf/+f7fykgCAFXvr7Xfe2Oz1tt5M01ZsD7846ef/2edfx883D+LDGMR+PI52XERkE+N4O8uyUT3NdeKl4eikn2cO3/uxHH/z14gifyPa0SmaLufv9LY20rGZ/FFex9Pl/N08/0m049k58+/0tp7MyY9+I15+cab+R9GOnz6Ij2IQe0UR0/zPN9L0teyr3z99Ny8vz09GJ/1m0W8qW7vnHw0AAAAAAAAAAAAAAAAAAAAAAP9hj8q7c5pR3N+TN5X376xd5N+sR1rpXL6fZ5yfVANduR9olMXX1f06j9M0zcqO0/x6PFeP+sOsGgAAAAAAAAAAAAAAAAAAAP5Zjj/+5HB3MNg/KoLXszKYtCwXVLcBVG/r/6vjdCct9aMXYnHn5nSuWhkuGDnWqj5JxMIy8kX8vd24dfDUTTV/8+2yA7b+vM/6dK7olJtxx+uqTtfhbjJ/D5tRtbSqQ/L9bJ9G3HKuxk2PsqWOX2Puo/bSa288UwSjBX0iWVTYK7+Md65sKX+hTid9GsWuzk1fL4OZ9CtnY6nzfP21Iknu/OUHAAAAAAAAAAAAAAAAAACYMX3T75yHZwtTa1lzZWUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwL2afv7/JKhfa7kajMrkccsPry7o3Iij4wdeIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8DfwQAAP//4wFdTQ==") syz_mount_image$fuse(&(0x7f0000000700), &(0x7f00000000c0)='./file0\x00', 0x30c407a, &(0x7f00000006c0)=ANY=[], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x1, &(0x7f00000000c0)=0x3, 0x4) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0) 13.20254453s ago: executing program 3 (id=4): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0xc) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_int(r5, &(0x7f00000002c0)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) sendfile(r6, r6, 0x0, 0x7ffff002) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x100000000000000, 0x80, &(0x7f00000001c0)=@broute={'broute\x00', 0x4000, 0x0, 0x90, [], 0x2, 0x0, &(0x7f0000000100)=[{}, {}, {}]}, 0x108) 12.904676438s ago: executing program 0 (id=1): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = fsopen(&(0x7f0000000400)='ceph\x00', 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setuid(0xee01) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x103400, 0x0) ioctl$TIOCMIWAIT(r6, 0x545c, 0x0) r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r7) mount(0x0, &(0x7f0000000340)='.\x00', &(0x7f00000002c0)='proc\x00', 0x1000189, 0x0) r8 = syz_open_procfs(r5, &(0x7f0000000000)='map_files\x00') fchdir(r8) r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r9, &(0x7f0000000a80)=""/4071, 0xfe7) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='\xd1S{O', &(0x7f0000000080)='\x1e\x00', 0x0) 9.460993066s ago: executing program 3 (id=7): syz_open_dev$vbi(&(0x7f0000000cc0), 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000040)={0xa, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x669f, 0x8, 0x0, 0xfffffffc}, &(0x7f0000000380)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = socket$packet(0x11, 0x2, 0x300) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r6, 0x0, &(0x7f00000019c0)={0x0, 0x0, 0x0}, 0x0, 0x6040, 0x1, {0x1}}) io_uring_enter(r3, 0x47f9, 0x3f, 0x0, 0x0, 0x0) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) socket$nl_generic(0x10, 0x3, 0x10) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r8, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0xa00, 0x0, 0x303, 0x300}}) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r7}, 0x4) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x6, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18020000e20000800000000000000002b7080000000000007b8af8ff00000000b7080000068000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70500000800000085000000a5000000d761000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x5c298795369ca04f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r10 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000800)={r9, r11, 0x25, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x40) syz_emit_ethernet(0xfdef, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbb9f3846fe0e925f450e5302bbbbbbaaaaaaaaaaaa08004510003e00660000070290780a060102ac"], 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="12011b0003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) 9.436767269s ago: executing program 0 (id=8): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_mount_image$ext4(&(0x7f00000000c0)='ext3\x00', &(0x7f0000000000)='./file0\x00', 0x140c040, &(0x7f0000000080)={[{@data_journal}]}, 0x3e, 0x514, &(0x7f0000000140)="$eJzs3d9rY1kdAPDvvW1mOzPdaRd9WBdci7vSWbRJO3Vniw+jC+LbgrK+j7VNS2nalCbdnZbFafEPEERU8MknHxT8AwTZP0GEBX0XFUV0Vh980L2Sm6TTSRPbnUl7If184Cbn3F/fc5qbk5x7T3MDuLJmIuJORHyUZVkrP3ViWdp6SCLisL3eh4/eW2lNSWTZ239P8kWtfHe1rpvtTWJuNst9Ozkdt7F/sLlcq1V3O/lKc2un0tg/mNvYWl6vrle3FxcX7i69sfT60vxQ6jkZEfe++ucffu9nX7v36y+8+4f7f739neREubv1GIqfP06291+KiROLxyNid2jBijXWqU/p7FUnbz2Zn+lzWAAAcMHSzvTZiHgtpmIs/zYHAAAAjJLsy5PxnyQiO6XPrD6e68mXot++AAAAgCKl+djYJC13xgFMRpqWy+0xvJ+MG2mt3mh+fq2+t73aHkM7HaV0baNWne+MFZ6OUtLKL+Tpx/k7PfnFiHghIn4wdT3Pl1fqtdWiT34AAADAFXGzp///r6l2/x8AAAAYMdNFFwAAAAC4cPr/AAAAMPr0/wEAAGCkff2tt1pT1r3/9eo7+3ub9XfmVquNzfLW3ko5q+/ulNfr9fX8N/u2ztpfrV7f+WJs7z2oNKuNZqWxf3B/q7633by/8cQtsAEAAIBL9MJn3v99EhGHX7qeTy3Xii4UcCnGjx/O4U8XWxbgco0VXQCgMOf96AdGT6noAgCFS85YPnDwzm+GXxYAAOBizH6q//X/5MxzA4fpJRURuCDO/8HV5fo/XF1Pcf3f//HCiCjFWOjIw9V28df/s+xjFQgAABi6yXxK0nJEfh5gMtK0XI54Pr8tQClZ26hV5yPiVkT8bqr0XCu/kG+ZnNlnAAAAAAAAAAAAAAAAAAAAAAAAAADasiyJDAAAABhpEelfks79v2anXp3sPT9wLfn3VP4cEe/+5O0fPVhuNncXWvP/cTy/+ePO/DvtbZ7inqIAAADAEHX76d1+PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM04eP3lvpTpcZ929vRsR0v/jjMZE/T0QpIm78M4nxE9slETE2hPiHRxHxYr/4SatYMd0pRb/41wuMn0bEzSHEh6vs/Vb785V+7780ZvLn/u+/u3kL9ewGtn9Jd42JvJ3r1/48f84YL33wy8rA+EcRL433b3+67W/SiX+rJ/4rffb35r3T8771zYODQfGzn0bM9v38SZ6IVWlu7VQa+wdzG1vL69X16vbi4sLdpTeWXl+ar6xt1KqdxxNN8sxx6vuf/tVHA+ufPYwbA+JP99S/9+//6qCd9vjvBw8efaKdLJ2KfxRx+5X+x9+LA+Knnc++z3XSreWz3fRhO33Sy7/47csD638Usdqu//hZr39v/W+fs/6vfeO7fzznqgDAJWjsH2wu12rV3QITY1Fk9Fbimf4ara9F51g5jacp2GHhr84oJx4WGv3aeQ6b40T2sH2MDvmtN3CHBTZKAADAhWjsJ0UXAQAAAAAAAAAAAAAAAAAAAK68y/x1va7DYqoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPB//S8AAP//9+fMRw==") 8.164633031s ago: executing program 2 (id=10): creat(&(0x7f00000000c0)='./file0\x00', 0x2) socket$packet(0x11, 0x3, 0x300) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x36, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x94}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) 7.411580167s ago: executing program 1 (id=11): mkdir(0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, 0x0, 0x26}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200)={0x2}, 0x10, 0x0, r0}, 0x94) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[], 0x34}}, 0x20048000) mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) getpgid(0x0) socket$netlink(0x10, 0x3, 0x8000000004) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e23, 0xc, @mcast2, 0x8f}, 0x1c) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000001000/0x400000)=nil) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_int(r2, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6, 0x1, 0x8, 0x6381}]}, 0x10) recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 7.038942644s ago: executing program 0 (id=12): bind$inet6(0xffffffffffffffff, 0x0, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0xd) io_setup(0x4, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x8943, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000003000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f0000000240)="f30f214a660f585e00f30f1edd2e0f21feba4200b80050ef66b9e308000066b80000000066ba008000000f3066b9800000c00f326635000800000f30dfca0f32baf80c66b8aaf5b58666efbafc0cb000ee", 0x51}], 0x1, 0x11, 0x0, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 6.750321591s ago: executing program 2 (id=13): pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) close_range(r0, r0, 0x2) tee(r0, 0xffffffffffffffff, 0x7f, 0x0) 6.376804318s ago: executing program 2 (id=14): syz_open_dev$vbi(&(0x7f0000000cc0), 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000040)={0xa, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x669f, 0x8, 0x0, 0xfffffffc}, &(0x7f0000000380)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = socket$packet(0x11, 0x2, 0x300) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r6, 0x0, &(0x7f00000019c0)={0x0, 0x0, 0x0}, 0x0, 0x6040, 0x1, {0x1}}) io_uring_enter(r3, 0x47f9, 0x3f, 0x0, 0x0, 0x0) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) socket$nl_generic(0x10, 0x3, 0x10) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r8, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0xa00, 0x0, 0x303, 0x300}}) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r7}, 0x4) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x6, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18020000e20000800000000000000002b7080000000000007b8af8ff00000000b7080000068000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70500000800000085000000a5000000d761000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x5c298795369ca04f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r10 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000800)={r9, r11, 0x25, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x40) syz_emit_ethernet(0xfdef, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbb9f3846fe0e925f450e5302bbbbbbaaaaaaaaaaaa08004510003e00660000070290780a060102ac"], 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="12011b0003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) 6.169598735s ago: executing program 3 (id=15): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setuid(0xee01) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x103400, 0x0) ioctl$TIOCMIWAIT(r4, 0x545c, 0x0) r5 = syz_open_procfs(0x0, 0x0) fchdir(r5) mount(0x0, &(0x7f0000000340)='.\x00', &(0x7f00000002c0)='proc\x00', 0x1000189, 0x0) r6 = syz_open_procfs(r3, &(0x7f0000000000)='map_files\x00') fchdir(r6) r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r7, &(0x7f0000000a80)=""/4071, 0xfe7) 4.459990803s ago: executing program 0 (id=16): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000fedbdf252100000008000300", @ANYRES32=r2, @ANYBLOB="14002c80080000008009"], 0x30}, 0x1, 0x0, 0x0, 0x14001}, 0x9590f6cc3ea35512) 4.08385302s ago: executing program 0 (id=17): syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000005c0), 0x1, 0x538, &(0x7f0000000600)="$eJzs3c1rHGUYAPBnZrPWttFU/EA9FbRUKd2kTYvk1hw8VqrBo8Sw2YaQSTZkN7UJObTgXUFBUQT15N2riPgHeBbRf0ARGyytt8hkd9Oaj3WtTVczvx/M7vsx5HnfzD4vO8MMG0BhHc9f0ohnIuJSEjF0V99AtDuPt/a7tb5Wvb2+Vk1iY2PitySSiLi5vlbt7J+0349GxLWIeDoivi1HnEp3xm2srM5NZVltqV0fbs4vDjdWVk/Pzk/N1GZqC6Nj58dGx14aOzd63+Y6MTn26okfXkm+TsZfvvnJGzeSuBCD7b6753E/tf4n5biwrf3cfgTro6TfA+CelNp5Xo6IJ2MoSu2sBw6+jUMRG0BBJfIfCqrzPSA//+1sD/L7x6/jrROQPO6t9tbqGWhdm4iHN89Njvye/OXMJD/fPPYgB8qBdO16RIwMDOz8/Cftz9+9G7kfA2RffTPeOlA7j3+6tf7ELuvPYOfa6b/UWf9u7Vj/7sQv7bH+XeoxxsLYd0/tGf96xLO7xk+24ie7xE8j4s0e4098+cvne/VtfBZxMnaP35F0vz48fHk2q420XneN8c5rI190m/+RPeJf6DL/vG2xx/nH64//eK1L/Bee6378d4t/OCLe7TH8Tx+99/ZefXn86T3m3y1+3vZpj/FPvPjVeI+7AgAAAAAAAAAA/0C6eS9bkla2ymlaqbSe4X0ijqRZvdE8dbm+vDDduuftWJTTzp1WQ616ktfPtO/H7dTPbquPRsRjEfF+6fBmvVKtZ9P9njwAAAAAAAAAAAAAAAAAAAD8Rxzd9vz/zVLr+X+gIPzkNxSX/Ifikv9QXPIfikv+Q3HJfygu+Q/FJf+huOQ/FJf8h+KS/wAAAAAAAAAAAAAAAAAAAAAAAAAAsC8uXbyYbxu319eqeX36ysryXP3K6elaY64yv1ytVOtLi5WZen0mq1Wq9fm/+3tZvb54PhaWrw43a43mcGNldXK+vrzQnJydn5qpTdbKD2RWAAAAAAAAAAAAAAAAAAAA8P8yuLklaSUi0s1ymlYqEY9ExLEoJ5dns9pIRDwaEd+Xyofy+pl+DxoAAAAAAAAAAAAAAAAAAAAOmMbK6txUltWWFBQUFLYK/V6ZAAAAAAAAAAAAAAAAAACgeO489NvvkQAAAAAAAAAAAAAAAAAAAECRpT8nEZFvJ4eeH9ze+1DyR2nzPSLe+njig6tTzebSmbz9xlZ788N2+9l+jB/oVSdPO3kMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3NFYWZ2byrLa0j4W+j1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHvxZwAAAP//YVnXuQ==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) ioctl$MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f0000000080)={0x0}) syz_open_dev$usbfs(&(0x7f0000000000), 0x205, 0x44680) close(0x3) r4 = getpid() setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000100), 0x24, 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x24020000) r6 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r6, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) umount2(&(0x7f0000000040)='.\x00', 0x2) 3.826455113s ago: executing program 3 (id=18): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_mount_image$ext4(&(0x7f00000000c0)='ext3\x00', &(0x7f0000000000)='./file0\x00', 0x140c040, &(0x7f0000000080)={[{@data_journal}]}, 0x3e, 0x514, &(0x7f0000000140)="$eJzs3d9rY1kdAPDvvW1mOzPdaRd9WBdci7vSWbRJO3Vniw+jC+LbgrK+j7VNS2nalCbdnZbFafEPEERU8MknHxT8AwTZP0GEBX0XFUV0Vh980L2Sm6TTSRPbnUl7If184Cbn3F/fc5qbk5x7T3MDuLJmIuJORHyUZVkrP3ViWdp6SCLisL3eh4/eW2lNSWTZ239P8kWtfHe1rpvtTWJuNst9Ozkdt7F/sLlcq1V3O/lKc2un0tg/mNvYWl6vrle3FxcX7i69sfT60vxQ6jkZEfe++ucffu9nX7v36y+8+4f7f739neREubv1GIqfP06291+KiROLxyNid2jBijXWqU/p7FUnbz2Zn+lzWAAAcMHSzvTZiHgtpmIs/zYHAAAAjJLsy5PxnyQiO6XPrD6e68mXot++AAAAgCKl+djYJC13xgFMRpqWy+0xvJ+MG2mt3mh+fq2+t73aHkM7HaV0baNWne+MFZ6OUtLKL+Tpx/k7PfnFiHghIn4wdT3Pl1fqtdWiT34AAADAFXGzp///r6l2/x8AAAAYMdNFFwAAAAC4cPr/AAAAMPr0/wEAAGCkff2tt1pT1r3/9eo7+3ub9XfmVquNzfLW3ko5q+/ulNfr9fX8N/u2ztpfrV7f+WJs7z2oNKuNZqWxf3B/q7633by/8cQtsAEAAIBL9MJn3v99EhGHX7qeTy3Xii4UcCnGjx/O4U8XWxbgco0VXQCgMOf96AdGT6noAgCFS85YPnDwzm+GXxYAAOBizH6q//X/5MxzA4fpJRURuCDO/8HV5fo/XF1Pcf3f//HCiCjFWOjIw9V28df/s+xjFQgAABi6yXxK0nJEfh5gMtK0XI54Pr8tQClZ26hV5yPiVkT8bqr0XCu/kG+ZnNlnAAAAAAAAAAAAAAAAAAAAAAAAAADasiyJDAAAABhpEelfks79v2anXp3sPT9wLfn3VP4cEe/+5O0fPVhuNncXWvP/cTy/+ePO/DvtbZ7inqIAAADAEHX76d1+PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM04eP3lvpTpcZ929vRsR0v/jjMZE/T0QpIm78M4nxE9slETE2hPiHRxHxYr/4SatYMd0pRb/41wuMn0bEzSHEh6vs/Vb785V+7780ZvLn/u+/u3kL9ewGtn9Jd42JvJ3r1/48f84YL33wy8rA+EcRL433b3+67W/SiX+rJ/4rffb35r3T8771zYODQfGzn0bM9v38SZ6IVWlu7VQa+wdzG1vL69X16vbi4sLdpTeWXl+ar6xt1KqdxxNN8sxx6vuf/tVHA+ufPYwbA+JP99S/9+//6qCd9vjvBw8efaKdLJ2KfxRx+5X+x9+LA+Knnc++z3XSreWz3fRhO33Sy7/47csD638Usdqu//hZr39v/W+fs/6vfeO7fzznqgDAJWjsH2wu12rV3QITY1Fk9Fbimf4ara9F51g5jacp2GHhr84oJx4WGv3aeQ6b40T2sH2MDvmtN3CHBTZKAADAhWjsJ0UXAQAAAAAAAAAAAAAAAAAAAK68y/x1va7DYqoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPB//S8AAP//9+fMRw==") 1.116072538s ago: executing program 0 (id=19): syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000000)='./file0\x00', 0x1810882, &(0x7f0000000040)=ANY=[@ANYBLOB="756e695f786c6174653d312c726f6469722c757466383d302c73686f72746e616d653d77696e6e742c757466383d302c757466383d312c756e695f786c6174653d302c696f636861727365743d63703433372c756e695f786c6174653d302c6572726f72733d72656d6f756e742d726f2c757466383d312c757466383d312c73686f72746e616d653d77696e39352c6e66733d6e6f7374616c655f726f2c756e695f786c6174653d312c73686f72746e616d653d77696e39352c646973636172642c004338cb8631b26441e86414f461975e105d02960776fcb7ddfd80b96c1b2ffd13d5cc37784797dbc9e26b7c39310b49940995ce6e6ce1c218890b59506de99e2dd234abcde0be50d3de656741fee78f74e94ee73bd6d7162f0d2a8275e0a6125615ce223c21fe303d561d81b2681dce1c0b7061c5a347b2040e7b6c9210507527467dad005f3e38c47d4daa9d76c69f51ffeb2f81123fe54df14c6c02413e51ba63c35f11"], 0x0, 0x2b9, &(0x7f0000000280)="$eJzs3T9rc1UYAPDnpmkSdUgGJxG8oIPTy9t3dUmVFqqZlAzqoMW2IE0QWij4B9NOri6OfgJBcHP1A7j4DQRXwc0OhSv35t4kbdPYaNP65/db+vTc85zznNPTlA45ef/54eFeGgdnn/0crVYStW504zyJTtSichqXdL8MAODf7DzL4rdsbJm8JCJaqysLAFihpf/+f7fykgCAFXvr7Xfe2Oz1tt5M01ZsD7846ef/2edfx883D+LDGMR+PI52XERkE+N4O8uyUT3NdeKl4eikn2cO3/uxHH/z14gifyPa0SmaLufv9LY20rGZ/FFex9Pl/N08/0m049k58+/0tp7MyY9+I15+cab+R9GOnz6Ij2IQe0UR0/zPN9L0teyr3z99Ny8vz09GJ/1m0W8qW7vnHw0AAAAAAAAAAAAAAAAAAAAAAP9hj8q7c5pR3N+TN5X376xd5N+sR1rpXL6fZ5yfVANduR9olMXX1f06j9M0zcqO0/x6PFeP+sOsGgAAAAAAAAAAAAAAAAAAAP5Zjj/+5HB3MNg/KoLXszKYtCwXVLcBVG/r/6vjdCct9aMXYnHn5nSuWhkuGDnWqj5JxMIy8kX8vd24dfDUTTV/8+2yA7b+vM/6dK7olJtxx+uqTtfhbjJ/D5tRtbSqQ/L9bJ9G3HKuxk2PsqWOX2Puo/bSa288UwSjBX0iWVTYK7+Md65sKX+hTid9GsWuzk1fL4OZ9CtnY6nzfP21Iknu/OUHAAAAAAAAAAAAAAAAAACYMX3T75yHZwtTa1lzZWUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwL2afv7/JKhfa7kajMrkccsPry7o3Iij4wdeIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8DfwQAAP//4wFdTQ==") syz_mount_image$fuse(&(0x7f0000000700), &(0x7f00000000c0)='./file0\x00', 0x30c407a, &(0x7f00000006c0)=ANY=[], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x1, &(0x7f00000000c0)=0x3, 0x4) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0) 1.115883658s ago: executing program 1 (id=20): r0 = socket$inet6(0xa, 0x3, 0x84) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000540)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@rand_addr=0x64010102, 0x4e24, 0x0, 0x1, 0x0, 0xa}, {0x0, 0x1, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x40000000000000}, {0xffffffffffffffff, 0x1000000000, 0x8, 0x20}, 0xfffffff7, 0x1, 0x1, 0x0, 0x3, 0x2}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x1, 0x32}, 0x2, @in=@private=0xa010100, 0x1502, 0x4, 0x0, 0x0, 0xc36, 0xfffffffd}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) 1.009556201s ago: executing program 3 (id=21): syz_mount_image$vfat(&(0x7f0000000780), &(0x7f0000000000)='./bus\x00', 0x90, &(0x7f0000000140)=ANY=[], 0x1, 0x2e4, &(0x7f00000007c0)="$eJzs3b+LHFUcAPDv7M3ujlrsFVYiOKCFVciltblTEhCvMmwRLfQwCcjtKiRw4g+cpBI7G0v/AkHwD7GxsxRsBTsjBEbm1+3u3Xi3keyJyedTJO/efL/vfd+8ubtp9t37L84Pb+Zx+/4Xv0aWJTHYHUc8SGI7BtG5Fyt2vwkA4P/sQVnGH2Wj5/IvX5+Rm22wLgBgc875/d9K639vVBE/XlxtAMBmXL/xzlt7+/tX387zLK7NvzqaJhFR/d9c37sdH8YsbsXlmMTDiPpFYRj120LVvFaWZZHmle14ZV4cTavM+Xs/tePv/R5R5+/EJLbrruO3jTr/zf2rO3ljKb+o6ni2nX+3yr8Sk3j+OHkl/0pPfkxH8erLS/Vfikn8/EF8HLO4WRexyP9yJ8/fKL/98/N3q/Kq/KQ4mo7ruIVyq5u8uOA9AgAAAAAAAAAAAAAAAAAAAADgyXMpsog8z8dRn99TdU0j5nE03XpYfTGMvLM43+ejQdGdD5R0Ay3OB4pBWZZFGd915+tczvO8bAMX5/uk8ULaHiwIAAAAAAAAAAAAAAAAAAAAT7m7n352eDCb3brzWBrJsBk1jYi/rkf823F2l3peirODx+1KDmazQdtcjUmXe2Kri0kiuphx3xTVIh7TbTmv8cypmtvG9z+cDk7uNRuXRt+A2fmTDvvnesTGJ+1W98Z0T9fhQdJ/D8fHxWfVxsXJjRtF/+zDONEz+qcKu4Mp1lvOqPfS5JFvy+i5ulGcERPJWd8Xr/3WlL20ipWYUX1Xe9OHbWMp/cSzsdbzHFmTfvpnReK0DgAAAAAAAAAAAAAAAAAA2KjFp397Lt7vz3m9+cj9oBxvtjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuCiLv/+/TiNdTV4jaxR37v5XawMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODp8XcAAAD//wSSU4U=") r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x4000, 0xa00}]) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bind$inet(r0, 0x0, 0x0) syncfs(r0) 979.744705ms ago: executing program 2 (id=22): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") 719.113718ms ago: executing program 1 (id=23): r0 = fanotify_init(0x1, 0x80000) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x455, 0x40001010, r1, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000140)=ANY=[], 0xee, 0x0, 0x0) pipe2$9p(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = dup(0xffffffffffffffff) write$FUSE_BMAP(r2, 0x0, 0x0) write$FUSE_NOTIFY_RETRIEVE(r2, 0x0, 0x0) utimensat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) 503.245136ms ago: executing program 2 (id=24): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_GET_DEBUGREGS(r2, 0x8080aea1, &(0x7f0000000000)) 428.226465ms ago: executing program 1 (id=25): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080)={[{@auto_da_alloc}, {@mblk_io_submit}]}, 0x1, 0x569, &(0x7f0000000a00)="$eJzs3d1rm9UfAPDvkzZ7//3WwRgqIgUvnMyla+vLBC/mtQ4Gej9D+6yMpsto0rHWgduFu5bhnQPxXrz2UvwHvPBvGOhgyCiCeBN50idZ2iZtuqUvms8HnnK+z0vPOXlyTs7JSUgAQ2s8+1OIeDkivkoiTkZEkh8bjfzg+Np5q0/vzGRbEo3GJ38kzfOyuPW/Wtcdz4OXIuLnLyPOFTbnW1temS9XKuliHk/UF25O1JZXzl9fKM+lc+mNqenpi+9MT73/3rsDq+ubV7KCjOTRqQdJXIoTedRZjxdwtzMYj/H8MSnGpQ0nTg4gs4Mk6br3hz0vBzszkrfzYmR9wMkYyVs98N/3RUQ0gCGV7Lj9/1rcnZIAe6s1DmjN7Qc0D/7XePLh2gRoc/1H194biSPNudGx1WTdzCib744NIP8sjx9/f/gg22Jw70MAbOvuvYi4MDq6uf9L8v7v+V3o45yNeej/YO/8lI1/3uo2/im0xz/RZfxzvEvbfR7bt//C4wFk01M2/vug6/i3vWg1NpJH/2uO+YrJteuVNOvb/h8RZ6N4OIu3Ws+5uPqo0etY5/gv27L8W2PBvByPRw+vv2a2XC+/SJ07PbkX8UrX8W/Svv/J2v1ft8STPR5X+szjTPrwtV7Htq//7mp8F/FG1/v/rLrJ1uuTE83nw0TrWbHZn/fP/NIr//2uf3b/j21d/7Gkc722tvM8vj3ydxrt9eT11tU/+n/+H0o+baYP5ftul+v1xcmIQ8nH7f2F1v6pZ9e24tb5Wf3Pvr51/5d06f+ORsRnfdb//unvX+117CDc/9mu9789u91w/3eeePTR59/0yr+//u/tZupsvqef/q/fAr7IYwcAAAAAAAAHTSEiTkRSKLXThUKptPb5jtNxrFCp1urnrlWXbsxG87uyY1EstFa6T3Z8HmIyXzFsxVMb4umIOBURX48cbcalmWpldr8rDwAAAAAAAAAAAAAAAAAAAAfE8R7f/8/8NrLfpQN2nZ/8huG1bfsfxC89AQeS138YXto/DK++2n9x98sB7D2v/zC8tH8YXto/DC/tH4aX9g8AAAAAAAAAAAAAAAAAAAAAAAAAAAADdeXy5WxrrD69M5PFs7eWl+art87PprX50sLSTGmmunizNFetzlXS0kx1Ybv/V6lWb05OxdLtiXpaq0/UlleuLlSXbtSvXl8oz6VXU78iBgAAAAAAAAAAAAAAAAAAAJvVllfmy5VKuigxxIm/Go3G814+ut+Fl9iVxH73TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwzD8BAAD//1hdMq0=") setxattr$incfs_metadata(&(0x7f0000000240)='./file1\x00', &(0x7f0000000280), &(0x7f00000002c0)="30573472b621739991c336124406e8a5c812ca847e3bf9b837c91d46ab", 0x1d, 0x1) unshare(0x20000600) syz_emit_ethernet(0x22, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @random, @void, {@llc={0x4, {@snap={0xaa, 0x0, "95", "cc5149", 0x17, "813f5b24603720848d97371b"}}}}}, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f0000000000)=ANY=[], 0x361, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000340)='./file1\x00', &(0x7f0000000400), 0x0, 0x0, 0x2) ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000440)=ANY=[], 0xfe37, 0x0) 319.124639ms ago: executing program 3 (id=26): creat(&(0x7f00000000c0)='./file0\x00', 0x2) socket$packet(0x11, 0x3, 0x300) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x36, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x94}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) 0s ago: executing program 2 (id=27): mkdir(0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, 0x0, 0x26}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200)={0x2}, 0x10, 0x0, r0}, 0x94) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[], 0x34}}, 0x20048000) mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) getpgid(0x0) socket$netlink(0x10, 0x3, 0x8000000004) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e23, 0xc, @mcast2, 0x8f}, 0x1c) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000001000/0x400000)=nil) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) setsockopt$inet_tcp_int(r2, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6, 0x1, 0x8, 0x6381}]}, 0x10) recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.238' (ED25519) to the list of known hosts. [ 82.416543][ T5758] cgroup: Unknown subsys name 'net' [ 82.527639][ T5758] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.266108][ T5758] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.087112][ T5772] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.097557][ T5772] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.106459][ T5772] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.114729][ T5772] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.124577][ T5772] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.139239][ T5772] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.149581][ T5772] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.169402][ T5772] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.178471][ T5784] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.186235][ T5784] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.194448][ T5784] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 86.202561][ T5784] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 86.216198][ T5782] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.229392][ T5784] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.249044][ T5782] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.257575][ T5780] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.266445][ T5780] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.275080][ T5780] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.283723][ T5780] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.291209][ T5782] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.297013][ T5783] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.302607][ T5780] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.315454][ T5783] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 86.336815][ T5081] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.800273][ T5775] chnl_net:caif_netlink_parms(): no params data found [ 86.991660][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 87.002420][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 87.027011][ T5775] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.035418][ T5775] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.043714][ T5775] bridge_slave_0: entered allmulticast mode [ 87.051729][ T5775] bridge_slave_0: entered promiscuous mode [ 87.075503][ T5775] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.084859][ T5775] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.092385][ T5775] bridge_slave_1: entered allmulticast mode [ 87.101679][ T5775] bridge_slave_1: entered promiscuous mode [ 87.224653][ T5775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.252982][ T5775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.290494][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 87.441678][ T5775] team0: Port device team_slave_0 added [ 87.448064][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.463085][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.474236][ T5770] bridge_slave_0: entered allmulticast mode [ 87.484497][ T5770] bridge_slave_0: entered promiscuous mode [ 87.515693][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.525718][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.533375][ T5767] bridge_slave_0: entered allmulticast mode [ 87.545409][ T5767] bridge_slave_0: entered promiscuous mode [ 87.556727][ T5775] team0: Port device team_slave_1 added [ 87.569949][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.577199][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.585613][ T5770] bridge_slave_1: entered allmulticast mode [ 87.593282][ T5770] bridge_slave_1: entered promiscuous mode [ 87.606837][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.614507][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.622290][ T5767] bridge_slave_1: entered allmulticast mode [ 87.630055][ T5767] bridge_slave_1: entered promiscuous mode [ 87.734415][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.748980][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.775388][ T5775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.826454][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.836634][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.846689][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.873037][ T5775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.893886][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.905981][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.930698][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.010374][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.017619][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.025884][ T5768] bridge_slave_0: entered allmulticast mode [ 88.033879][ T5768] bridge_slave_0: entered promiscuous mode [ 88.045266][ T5767] team0: Port device team_slave_0 added [ 88.054583][ T5767] team0: Port device team_slave_1 added [ 88.085432][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.094228][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.101614][ T5768] bridge_slave_1: entered allmulticast mode [ 88.108703][ T5768] bridge_slave_1: entered promiscuous mode [ 88.159433][ T5775] hsr_slave_0: entered promiscuous mode [ 88.166084][ T5775] hsr_slave_1: entered promiscuous mode [ 88.178329][ T5770] team0: Port device team_slave_0 added [ 88.198229][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.205886][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.235169][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.261698][ T5770] team0: Port device team_slave_1 added [ 88.277442][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.287406][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.294818][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.322004][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.360241][ T5081] Bluetooth: hci0: command tx timeout [ 88.360259][ T5774] Bluetooth: hci3: command tx timeout [ 88.361942][ T51] Bluetooth: hci1: command tx timeout [ 88.403704][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.434767][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.442107][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.451825][ T51] Bluetooth: hci2: command tx timeout [ 88.476681][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.507759][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.514976][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.541544][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.576110][ T5768] team0: Port device team_slave_0 added [ 88.585520][ T5768] team0: Port device team_slave_1 added [ 88.672491][ T5767] hsr_slave_0: entered promiscuous mode [ 88.679132][ T5767] hsr_slave_1: entered promiscuous mode [ 88.685412][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.695050][ T5767] Cannot create hsr debugfs directory [ 88.733545][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.741939][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.773973][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.791721][ T5770] hsr_slave_0: entered promiscuous mode [ 88.798291][ T5770] hsr_slave_1: entered promiscuous mode [ 88.805201][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.815090][ T5770] Cannot create hsr debugfs directory [ 88.837697][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.845525][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.871745][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.988745][ T5768] hsr_slave_0: entered promiscuous mode [ 88.997643][ T5768] hsr_slave_1: entered promiscuous mode [ 89.010534][ T5768] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.018139][ T5768] Cannot create hsr debugfs directory [ 89.192094][ T5775] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.241551][ T5775] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.252677][ T5775] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.321722][ T5775] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.485854][ T5767] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.500696][ T5767] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.544740][ T5767] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.557408][ T5767] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.653672][ T5768] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.664430][ T5768] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.687965][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.710116][ T5768] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.723385][ T5768] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.769904][ T5775] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.807342][ T5770] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.818221][ T5770] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.831478][ T5770] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.845692][ T5770] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.869327][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.876694][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.918164][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.925402][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.145719][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.209478][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.243745][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.262266][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.311328][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.324848][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.332110][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.354431][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.391292][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.398549][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.414655][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.421846][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.439227][ T51] Bluetooth: hci1: command tx timeout [ 90.442783][ T5081] Bluetooth: hci3: command tx timeout [ 90.444703][ T5774] Bluetooth: hci0: command tx timeout [ 90.474313][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.481580][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.495220][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.502544][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.519033][ T5774] Bluetooth: hci2: command tx timeout [ 90.529284][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.536477][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.682700][ T5775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.825311][ T5775] veth0_vlan: entered promiscuous mode [ 90.872307][ T5775] veth1_vlan: entered promiscuous mode [ 90.993062][ T5775] veth0_macvtap: entered promiscuous mode [ 91.035976][ T5775] veth1_macvtap: entered promiscuous mode [ 91.111667][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.145302][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.193652][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.222674][ T5775] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.232581][ T5775] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.243125][ T5775] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.252312][ T5775] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.300650][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.325846][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.472737][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.480695][ T5768] veth0_vlan: entered promiscuous mode [ 91.489880][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.513695][ T5768] veth1_vlan: entered promiscuous mode [ 91.584271][ T5770] veth0_vlan: entered promiscuous mode [ 91.592134][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.600948][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.617445][ T5767] veth0_vlan: entered promiscuous mode [ 91.646646][ T5770] veth1_vlan: entered promiscuous mode [ 91.659529][ T5767] veth1_vlan: entered promiscuous mode [ 91.706947][ T5768] veth0_macvtap: entered promiscuous mode [ 91.735712][ T5768] veth1_macvtap: entered promiscuous mode [ 91.766928][ T5770] veth0_macvtap: entered promiscuous mode [ 91.807822][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.845445][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.861638][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.883397][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.897475][ T5863] syz.1.2[5863]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 91.907485][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.923888][ T5863] loop1: detected capacity change from 0 to 128 [ 91.932268][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.948493][ T5768] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.969445][ T5768] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.983628][ T5768] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.996055][ T5768] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.006385][ T5863] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 92.019286][ T5767] veth0_macvtap: entered promiscuous mode [ 92.035187][ T5770] veth1_macvtap: entered promiscuous mode [ 92.053745][ T5863] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.085247][ T5767] veth1_macvtap: entered promiscuous mode [ 92.127022][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.139879][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.150286][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.160950][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.173937][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.192716][ T5863] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.2: No space for directory leaf checksum. Please run e2fsck -D. [ 92.211873][ T5863] EXT4-fs error (device loop1): __ext4_find_entry:1696: inode #2: comm syz.1.2: checksumming directory block 0 [ 92.239679][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.252901][ T5863] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.2: No space for directory leaf checksum. Please run e2fsck -D. [ 92.268425][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.279541][ T5863] EXT4-fs error (device loop1): __ext4_find_entry:1696: inode #2: comm syz.1.2: checksumming directory block 0 [ 92.293356][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.305700][ T968] cfg80211: failed to load regulatory.db [ 92.312496][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.325671][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.334992][ T5866] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.2: No space for directory leaf checksum. Please run e2fsck -D. [ 92.352024][ T5866] EXT4-fs error (device loop1): __ext4_find_entry:1696: inode #2: comm syz.1.2: checksumming directory block 0 [ 92.384377][ T5767] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.396415][ T5767] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.410807][ T5767] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.411102][ T5863] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.2: No space for directory leaf checksum. Please run e2fsck -D. [ 92.420507][ T5767] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.447588][ T5863] EXT4-fs error (device loop1): __ext4_find_entry:1696: inode #2: comm syz.1.2: checksumming directory block 0 [ 92.465118][ T5863] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.2: No space for directory leaf checksum. Please run e2fsck -D. [ 92.499634][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.517296][ T5863] EXT4-fs error (device loop1): __ext4_find_entry:1696: inode #2: comm syz.1.2: checksumming directory block 0 [ 92.524188][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.532871][ T5774] Bluetooth: hci0: command tx timeout [ 92.544640][ T51] Bluetooth: hci1: command tx timeout [ 92.545222][ T5081] Bluetooth: hci3: command tx timeout [ 92.558893][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.570110][ T5866] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.2: No space for directory leaf checksum. Please run e2fsck -D. [ 92.586083][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.596033][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.608295][ T5081] Bluetooth: hci2: command tx timeout [ 92.614076][ T5866] EXT4-fs error (device loop1): __ext4_find_entry:1696: inode #2: comm syz.1.2: checksumming directory block 0 [ 92.620095][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.641103][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.661667][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.678327][ T5863] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.2: No space for directory leaf checksum. Please run e2fsck -D. [ 92.695731][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.706049][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.709077][ T5863] EXT4-fs error (device loop1): __ext4_find_entry:1696: inode #2: comm syz.1.2: checksumming directory block 0 [ 92.722606][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.740222][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.751064][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.763193][ T5866] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.2: No space for directory leaf checksum. Please run e2fsck -D. [ 92.777406][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.794930][ T5866] EXT4-fs error (device loop1): __ext4_find_entry:1696: inode #2: comm syz.1.2: checksumming directory block 0 [ 92.822640][ T5863] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.2: No space for directory leaf checksum. Please run e2fsck -D. [ 92.830689][ T5770] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.848473][ T5863] EXT4-fs error (device loop1): __ext4_find_entry:1696: inode #2: comm syz.1.2: checksumming directory block 0 [ 92.850245][ T5770] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.872253][ T5770] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.873915][ T5866] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.2: No space for directory leaf checksum. Please run e2fsck -D. [ 92.882145][ T5770] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.910951][ T5866] EXT4-fs error (device loop1): __ext4_find_entry:1696: inode #2: comm syz.1.2: checksumming directory block 0 [ 92.959685][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.967776][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.066058][ T5775] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 93.167489][ T145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.176962][ T5869] loop1: detected capacity change from 0 to 256 [ 93.193270][ T145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.208422][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.222123][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.275970][ T5869] ======================================================= [ 93.275970][ T5869] WARNING: The mand mount option has been deprecated and [ 93.275970][ T5869] and is ignored by this kernel. Remove the mand [ 93.275970][ T5869] option from the mount to silence this warning. [ 93.275970][ T5869] ======================================================= [ 93.384421][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.409204][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.526779][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.553694][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.625921][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.659872][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.529938][ T5874] binder: 5873:5874 ioctl 4018620d 0 returned -22 [ 94.718924][ T5081] Bluetooth: hci0: command tx timeout [ 94.724430][ T5081] Bluetooth: hci1: command tx timeout [ 94.730113][ T5081] Bluetooth: hci3: command tx timeout [ 94.735650][ T5081] Bluetooth: hci2: command tx timeout [ 98.829828][ T5906] loop0: detected capacity change from 0 to 512 [ 98.874763][ T5906] EXT4-fs (loop0): Using encoding defined by superblock: utf8-12.1.0 with flags 0x0 [ 98.884781][ T5906] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 98.899024][ T5906] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 98.909297][ T5906] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 98.918437][ T5906] EXT4-fs (loop0): The Hurd can't support 64-bit file systems [ 98.933437][ T5890] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 99.280374][ T5890] usb 4-1: device descriptor read/64, error -71 [ 99.562954][ T5777] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 99.624147][ T5911] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 99.875031][ T5890] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 100.249744][ T5890] usb 4-1: device descriptor read/64, error -71 [ 100.393966][ T5918] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 100.420943][ T5890] usb usb4-port1: attempt power cycle [ 102.609061][ T8] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 102.789005][ T8] usb 3-1: device descriptor read/64, error -71 [ 103.053136][ T5937] loop0: detected capacity change from 0 to 1024 [ 103.071936][ T8] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 103.193689][ T5937] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.233312][ T5937] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.278937][ T8] usb 3-1: device descriptor read/64, error -71 [ 103.407510][ T8] usb usb3-port1: attempt power cycle [ 104.455204][ T5949] loop3: detected capacity change from 0 to 512 [ 105.259323][ T5949] EXT4-fs (loop3): Using encoding defined by superblock: utf8-12.1.0 with flags 0x0 [ 105.268943][ T5949] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 105.278867][ T5949] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 105.287928][ T5949] EXT4-fs (loop3): The Hurd can't support 64-bit file systems [ 105.574455][ T5945] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.881274][ T8] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 106.022629][ T5958] loop3: detected capacity change from 0 to 256 [ 106.032859][ T5956] loop2: detected capacity change from 0 to 128 [ 106.107215][ T5956] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 106.149186][ T8] usb 3-1: device not accepting address 4, error -71 [ 106.215923][ T5956] ext4 filesystem being mounted at /6/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 106.261512][ T1324] kworker/u4:8: attempt to access beyond end of device [ 106.261512][ T1324] loop3: rw=1, sector=256, nr_sectors = 32 limit=256 [ 106.288654][ T5958] syz.3.21: attempt to access beyond end of device [ 106.288654][ T5958] loop3: rw=2049, sector=288, nr_sectors = 8 limit=256 [ 106.388694][ T5768] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 106.561317][ T5967] loop1: detected capacity change from 0 to 1024 [ 106.622503][ T5967] EXT4-fs: Ignoring removed mblk_io_submit option [ 106.850961][ T5967] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.622200][ T5967] ================================================================== [ 107.630359][ T5967] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 107.638157][ T5967] Read of size 18446744073709551588 at addr ffff88805ecaf840 by task syz.1.25/5967 [ 107.647503][ T5967] [ 107.649911][ T5967] CPU: 1 PID: 5967 Comm: syz.1.25 Not tainted syzkaller #0 [ 107.657170][ T5967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 107.667295][ T5967] Call Trace: [ 107.670633][ T5967] [ 107.673970][ T5967] dump_stack_lvl+0x16c/0x230 [ 107.678994][ T5967] ? read_lock_is_recursive+0x20/0x20 [ 107.684558][ T5967] ? show_regs_print_info+0x20/0x20 [ 107.689837][ T5967] ? load_image+0x3b0/0x3b0 [ 107.694413][ T5967] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 107.700361][ T5967] ? __virt_addr_valid+0x18c/0x540 [ 107.705616][ T5967] ? __virt_addr_valid+0x469/0x540 [ 107.710784][ T5967] print_report+0xac/0x220 [ 107.715259][ T5967] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 107.720771][ T5967] kasan_report+0x117/0x150 [ 107.725322][ T5967] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 107.730854][ T5967] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 107.736378][ T5967] kasan_check_range+0x288/0x290 [ 107.741466][ T5967] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 107.746991][ T5967] __asan_memmove+0x29/0x70 [ 107.751644][ T5967] ext4_xattr_set_entry+0x94b/0x1e90 [ 107.756998][ T5967] ext4_xattr_block_set+0xae3/0x32a0 [ 107.762340][ T5967] ? ext4_destroy_inode+0x200/0x200 [ 107.767595][ T5967] ? proc_nr_inodes+0x230/0x230 [ 107.772507][ T5967] ? do_raw_spin_unlock+0x121/0x230 [ 107.777847][ T5967] ? _raw_spin_unlock+0x28/0x40 [ 107.782751][ T5967] ? ext4_xattr_block_find+0x350/0x350 [ 107.788264][ T5967] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 107.794049][ T5967] ext4_xattr_set_handle+0x1346/0x1580 [ 107.799579][ T5967] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 107.805993][ T5967] ? __ext4_journal_start_sb+0x259/0x570 [ 107.811818][ T5967] ext4_xattr_set+0x22d/0x320 [ 107.816565][ T5967] ? end_current_label_crit_section+0x170/0x170 [ 107.822868][ T5967] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 107.828573][ T5967] ? posix_xattr_acl+0x93/0xb0 [ 107.833452][ T5967] ? evm_protect_xattr+0x36d/0x7a0 [ 107.838625][ T5967] ? ext4_xattr_trusted_get+0x40/0x40 [ 107.844063][ T5967] __vfs_setxattr+0x431/0x470 [ 107.848892][ T5967] __vfs_setxattr_noperm+0x12d/0x5e0 [ 107.854241][ T5967] vfs_setxattr+0x16c/0x2f0 [ 107.859147][ T5967] ? xattr_permission+0x470/0x470 [ 107.864240][ T5967] ? __mnt_want_write+0x223/0x2a0 [ 107.869316][ T5967] ? path_setxattr+0x314/0x550 [ 107.874148][ T5967] path_setxattr+0x362/0x550 [ 107.878795][ T5967] ? simple_xattrs_free+0x150/0x150 [ 107.884955][ T5967] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 107.891264][ T5967] ? lock_chain_count+0x20/0x20 [ 107.896248][ T5967] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 107.902413][ T5967] __x64_sys_lsetxattr+0xb8/0xd0 [ 107.907431][ T5967] do_syscall_64+0x55/0xb0 [ 107.911909][ T5967] ? clear_bhb_loop+0x40/0x90 [ 107.916737][ T5967] ? clear_bhb_loop+0x40/0x90 [ 107.921639][ T5967] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 107.927588][ T5967] RIP: 0033:0x7f6d97d8f749 [ 107.932059][ T5967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.952082][ T5967] RSP: 002b:00007f6d98c2a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 107.960728][ T5967] RAX: ffffffffffffffda RBX: 00007f6d97fe5fa0 RCX: 00007f6d97d8f749 [ 107.968830][ T5967] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0 [ 107.976857][ T5967] RBP: 00007f6d97e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 107.984964][ T5967] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 107.992998][ T5967] R13: 00007f6d97fe6038 R14: 00007f6d97fe5fa0 R15: 00007ffd7e4235c8 [ 108.001246][ T5967] [ 108.004304][ T5967] [ 108.006672][ T5967] Allocated by task 5967: [ 108.011144][ T5967] kasan_set_track+0x4e/0x70 [ 108.015840][ T5967] __kasan_kmalloc+0x8f/0xa0 [ 108.020594][ T5967] __kmalloc_node_track_caller+0xb2/0x230 [ 108.026460][ T5967] kmemdup+0x2b/0x70 [ 108.030422][ T5967] ext4_xattr_block_set+0x9e5/0x32a0 [ 108.035870][ T5967] ext4_xattr_set_handle+0x1346/0x1580 [ 108.041473][ T5967] ext4_xattr_set+0x22d/0x320 [ 108.046298][ T5967] __vfs_setxattr+0x431/0x470 [ 108.051063][ T5967] __vfs_setxattr_noperm+0x12d/0x5e0 [ 108.056580][ T5967] vfs_setxattr+0x16c/0x2f0 [ 108.061187][ T5967] path_setxattr+0x362/0x550 [ 108.066258][ T5967] __x64_sys_lsetxattr+0xb8/0xd0 [ 108.071252][ T5967] do_syscall_64+0x55/0xb0 [ 108.075815][ T5967] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 108.081761][ T5967] [ 108.084115][ T5967] The buggy address belongs to the object at ffff88805ecaf800 [ 108.084115][ T5967] which belongs to the cache kmalloc-1k of size 1024 [ 108.098220][ T5967] The buggy address is located 64 bytes inside of [ 108.098220][ T5967] 1024-byte region [ffff88805ecaf800, ffff88805ecafc00) [ 108.111644][ T5967] [ 108.114003][ T5967] The buggy address belongs to the physical page: [ 108.120472][ T5967] page:ffffea00017b2a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5eca8 [ 108.131104][ T5967] head:ffffea00017b2a00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 108.140190][ T5967] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 108.148237][ T5967] page_type: 0xffffffff() [ 108.152609][ T5967] raw: 00fff00000000840 ffff888017841dc0 dead000000000100 dead000000000122 [ 108.161240][ T5967] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 108.169859][ T5967] page dumped because: kasan: bad access detected [ 108.176316][ T5967] page_owner tracks the page as allocated [ 108.182157][ T5967] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 1324, tgid 1324 (kworker/u4:8), ts 107398697626, free_ts 107355085320 [ 108.203050][ T5967] post_alloc_hook+0x1cd/0x210 [ 108.208329][ T5967] get_page_from_freelist+0x195c/0x19f0 [ 108.213937][ T5967] __alloc_pages+0x1e3/0x460 [ 108.218621][ T5967] alloc_slab_page+0x5d/0x170 [ 108.218894][ C0] sched: RT throttling activated [ 108.228440][ T5967] new_slab+0x87/0x2e0 [ 108.232571][ T5967] ___slab_alloc+0xc6d/0x1300 [ 108.237300][ T5967] __kmem_cache_alloc_node+0x1a2/0x260 [ 108.242814][ T5967] __kmalloc+0xa4/0x240 [ 108.247020][ T5967] ieee802_11_parse_elems_full+0xb9/0x2080 [ 108.253057][ T5967] ieee80211_inform_bss+0x107/0x1060 [ 108.258400][ T5967] rdev_inform_bss+0x106/0x410 [ 108.263209][ T5967] cfg80211_inform_bss_frame_data+0xb33/0x12b0 [ 108.269534][ T5967] ieee80211_bss_info_update+0x70b/0x930 [ 108.275322][ T5967] ieee80211_ibss_rx_queued_mgmt+0x17c9/0x2ac0 [ 108.281622][ T5967] ieee80211_iface_work+0x717/0xc70 [ 108.286882][ T5967] cfg80211_wiphy_work+0x225/0x260 [ 108.292043][ T5967] page last free stack trace: [ 108.296747][ T5967] free_unref_page_prepare+0x7ce/0x8e0 [ 108.302333][ T5967] free_unref_page+0x32/0x2e0 [ 108.307191][ T5967] __unfreeze_partials+0x1cf/0x210 [ 108.312711][ T5967] put_cpu_partial+0x17c/0x250 [ 108.317544][ T5967] __slab_free+0x31d/0x410 [ 108.322120][ T5967] qlist_free_all+0x75/0xe0 [ 108.326795][ T5967] kasan_quarantine_reduce+0x143/0x160 [ 108.332669][ T5967] __kasan_slab_alloc+0x22/0x80 [ 108.337658][ T5967] slab_post_alloc_hook+0x6e/0x4d0 [ 108.342833][ T5967] kmem_cache_alloc+0x11e/0x2e0 [ 108.347738][ T5967] flock_lock_inode+0x226/0x17e0 [ 108.352763][ T5967] locks_lock_inode_wait+0x10d/0x460 [ 108.358190][ T5967] __se_sys_flock+0x46d/0x5a0 [ 108.363096][ T5967] do_syscall_64+0x55/0xb0 [ 108.367570][ T5967] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 108.373611][ T5967] [ 108.375963][ T5967] Memory state around the buggy address: [ 108.381634][ T5967] ffff88805ecaf700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.389744][ T5967] ffff88805ecaf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.397850][ T5967] >ffff88805ecaf800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 108.405961][ T5967] ^ [ 108.412244][ T5967] ffff88805ecaf880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 108.420364][ T5967] ffff88805ecaf900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 108.428465][ T5967] ================================================================== [ 108.588072][ T5967] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 108.595400][ T5967] CPU: 1 PID: 5967 Comm: syz.1.25 Not tainted syzkaller #0 [ 108.602734][ T5967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 108.612841][ T5967] Call Trace: [ 108.616176][ T5967] [ 108.619164][ T5967] dump_stack_lvl+0x16c/0x230 [ 108.623892][ T5967] ? show_regs_print_info+0x20/0x20 [ 108.629130][ T5967] ? load_image+0x3b0/0x3b0 [ 108.633728][ T5967] panic+0x2c0/0x710 [ 108.637847][ T5967] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 108.644055][ T5967] ? bpf_jit_dump+0xd0/0xd0 [ 108.648613][ T5967] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 108.654555][ T5967] ? _raw_spin_unlock+0x40/0x40 [ 108.659469][ T5967] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 108.664976][ T5967] check_panic_on_warn+0x84/0xa0 [ 108.669963][ T5967] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 108.675483][ T5967] end_report+0x6f/0x140 [ 108.679776][ T5967] kasan_report+0x128/0x150 [ 108.684329][ T5967] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 108.690042][ T5967] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 108.695603][ T5967] kasan_check_range+0x288/0x290 [ 108.700854][ T5967] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 108.706460][ T5967] __asan_memmove+0x29/0x70 [ 108.711039][ T5967] ext4_xattr_set_entry+0x94b/0x1e90 [ 108.716380][ T5967] ext4_xattr_block_set+0xae3/0x32a0 [ 108.721892][ T5967] ? ext4_destroy_inode+0x200/0x200 [ 108.727324][ T5967] ? proc_nr_inodes+0x230/0x230 [ 108.732229][ T5967] ? do_raw_spin_unlock+0x121/0x230 [ 108.737570][ T5967] ? _raw_spin_unlock+0x28/0x40 [ 108.742559][ T5967] ? ext4_xattr_block_find+0x350/0x350 [ 108.748063][ T5967] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 108.753508][ T5967] ext4_xattr_set_handle+0x1346/0x1580 [ 108.759203][ T5967] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 108.765251][ T5967] ? __ext4_journal_start_sb+0x259/0x570 [ 108.771064][ T5967] ext4_xattr_set+0x22d/0x320 [ 108.775819][ T5967] ? end_current_label_crit_section+0x170/0x170 [ 108.782132][ T5967] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 108.787757][ T5967] ? posix_xattr_acl+0x93/0xb0 [ 108.792604][ T5967] ? evm_protect_xattr+0x36d/0x7a0 [ 108.797791][ T5967] ? ext4_xattr_trusted_get+0x40/0x40 [ 108.803233][ T5967] __vfs_setxattr+0x431/0x470 [ 108.808068][ T5967] __vfs_setxattr_noperm+0x12d/0x5e0 [ 108.813433][ T5967] vfs_setxattr+0x16c/0x2f0 [ 108.818000][ T5967] ? xattr_permission+0x470/0x470 [ 108.823180][ T5967] ? __mnt_want_write+0x223/0x2a0 [ 108.828356][ T5967] ? path_setxattr+0x314/0x550 [ 108.833186][ T5967] path_setxattr+0x362/0x550 [ 108.837877][ T5967] ? simple_xattrs_free+0x150/0x150 [ 108.843376][ T5967] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 108.849452][ T5967] ? lock_chain_count+0x20/0x20 [ 108.854362][ T5967] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 108.860491][ T5967] __x64_sys_lsetxattr+0xb8/0xd0 [ 108.865488][ T5967] do_syscall_64+0x55/0xb0 [ 108.870049][ T5967] ? clear_bhb_loop+0x40/0x90 [ 108.874791][ T5967] ? clear_bhb_loop+0x40/0x90 [ 108.879528][ T5967] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 108.885484][ T5967] RIP: 0033:0x7f6d97d8f749 [ 108.890471][ T5967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.910867][ T5967] RSP: 002b:00007f6d98c2a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 108.919442][ T5967] RAX: ffffffffffffffda RBX: 00007f6d97fe5fa0 RCX: 00007f6d97d8f749 [ 108.927490][ T5967] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0 [ 108.935529][ T5967] RBP: 00007f6d97e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 108.943646][ T5967] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 108.951757][ T5967] R13: 00007f6d97fe6038 R14: 00007f6d97fe5fa0 R15: 00007ffd7e4235c8 [ 108.959796][ T5967] [ 108.963463][ T5967] Kernel Offset: disabled [ 108.967809][ T5967] Rebooting in 86400 seconds..