program: r0 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x34, 0x0, &(0x7f0000000140)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0), 0x4000, 0x0) mknod$loop(&(0x7f0000000080)='./file0/bus\x00', 0x6210, 0x0) syz_open_dev$loop(&(0x7f0000005180), 0x0, 0x2000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x89901) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) unshare(0x22020600) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000200)={[{@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@usrjquota}, {@journal_dev={'journal_dev', 0x3d, 0xdcc}}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)={0x100, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "3d01060458596287835910a4a9134630440ea97f2ed49875"}, @NL80211_ATTR_MNTR_FLAGS={0x18, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0xc, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MNTR_FLAGS={0x28, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x14, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "a09d4426ee6b57551643119e42dcf1082670aa4baf2552e4"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "e259152e5393eadf5cc7f4ee174cdbe4745f5d6de7aba0f5"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}]]}, 0x100}, 0x1, 0x0, 0x0, 0x40002}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r10, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000440)=ANY=[@ANYBLOB="80000000ffffffffffff080211000001080211000000000000000000000000e36300010005037c20093c040183"], 0x38) syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902"], 0x0) move_mount(r5, 0x0, r4, 0x0, 0x46) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x28c}]}) [ 74.488797][ T5299] Bluetooth: hci0: command tx timeout [ 74.739036][ T5314] loop0: detected capacity change from 0 to 512 [ 74.772311][ T5314] EXT4-fs error (device loop0): ext4_iget_extra_inode:5035: inode #15: comm syz.0.0: corrupted in-inode xattr: invalid ea_ino [ 74.782247][ T5314] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.0: couldn't read orphan inode 15 (err -117) [ 74.788970][ T5314] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.807807][ T5313] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.864609][ T5314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.871589][ T5313] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.877471][ T5313] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 75.120479][ T54] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 75.270606][ T54] usb 5-1: Using ep0 maxpacket: 32 [ 75.278493][ T54] usb 5-1: config index 0 descriptor too short (expected 29657, got 18) [ 75.282436][ T54] usb 5-1: config 244 has too many interfaces: 111, using maximum allowed: 32 [ 75.286305][ T54] usb 5-1: config 244 has an invalid descriptor of length 79, skipping remainder of the config [ 75.291905][ T54] usb 5-1: config 244 has 0 interfaces, different from the descriptor's value: 111 [ 75.295925][ T54] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 75.299938][ T54] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.531360][ T5313] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI [ 75.536833][ T5313] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 75.540679][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: syz.0.0 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 75.545596][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.550215][ T5313] RIP: 0010:do_move_mount+0x27d/0xb10 [ 75.552730][ T5313] Code: e8 c8 c8 81 ff 41 be ea ff ff ff 49 bd 00 00 00 00 00 fc ff df 48 8b 6c 24 18 4c 8b 7c 24 08 48 8d 5d 48 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 34 e6 e4 ff 48 8b 1b 31 ff 48 89 [ 75.561052][ T5313] RSP: 0018:ffffc9000d55fd30 EFLAGS: 00010206 [ 75.563809][ T5313] RAX: 0000000000000006 RBX: 0000000000000032 RCX: 0000000000100000 [ 75.567213][ T5313] RDX: ffffc9000de02000 RSI: 0000000000000073 RDI: 0000000000000074 [ 75.570583][ T5313] RBP: ffffffffffffffea R08: ffffffff8de1683b R09: 1ffffffff1bc2d07 [ 75.574031][ T5313] R10: dffffc0000000000 R11: fffffbfff1bc2d08 R12: 0000000000000004 [ 75.577509][ T5313] R13: dffffc0000000000 R14: 00000000ffffffea R15: ffff888011681c00 [ 75.580777][ T5313] FS: 00007f2b334a06c0(0000) GS:ffff88808d264000(0000) knlGS:0000000000000000 [ 75.584657][ T5313] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.587466][ T5313] CR2: 00007f2b0a4f0140 CR3: 0000000042850000 CR4: 0000000000352ef0 [ 75.590824][ T5313] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.594299][ T5313] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.597706][ T5313] Call Trace: [ 75.599109][ T5313] [ 75.600389][ T5313] __se_sys_move_mount+0x413/0x590 [ 75.602555][ T5313] ? __pfx___se_sys_move_mount+0x10/0x10 [ 75.604886][ T5313] ? rcu_is_watching+0x15/0xb0 [ 75.606892][ T5313] ? do_syscall_64+0xbe/0x3b0 [ 75.608944][ T5313] ? __x64_sys_move_mount+0x20/0xc0 [ 75.611157][ T5313] do_syscall_64+0xfa/0x3b0 [ 75.613105][ T5313] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.615307][ T5313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.617929][ T5313] ? clear_bhb_loop+0x60/0xb0 [ 75.619961][ T5313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.622654][ T5313] RIP: 0033:0x7f2b3258e969 [ 75.624602][ T5313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.632617][ T5313] RSP: 002b:00007f2b334a0038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ad [ 75.636160][ T5313] RAX: ffffffffffffffda RBX: 00007f2b327b5fa0 RCX: 00007f2b3258e969 [ 75.639549][ T5313] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000009 [ 75.642827][ T5313] RBP: 00007f2b32610ab1 R08: 0000000000000046 R09: 0000000000000000 [ 75.646074][ T5313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.649355][ T5313] R13: 0000000000000000 R14: 00007f2b327b5fa0 R15: 00007fff36d61ac8 [ 75.652629][ T5313] [ 75.653982][ T5313] Modules linked in: [ 75.656553][ T5313] ---[ end trace 0000000000000000 ]--- [ 75.693093][ T5313] RIP: 0010:do_move_mount+0x27d/0xb10 [ 75.695603][ T5313] Code: e8 c8 c8 81 ff 41 be ea ff ff ff 49 bd 00 00 00 00 00 fc ff df 48 8b 6c 24 18 4c 8b 7c 24 08 48 8d 5d 48 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 34 e6 e4 ff 48 8b 1b 31 ff 48 89 [ 75.704663][ T5313] RSP: 0018:ffffc9000d55fd30 EFLAGS: 00010206 [ 75.707441][ T5313] RAX: 0000000000000006 RBX: 0000000000000032 RCX: 0000000000100000 [ 75.711895][ T5313] RDX: ffffc9000de02000 RSI: 0000000000000073 RDI: 0000000000000074 [ 75.715438][ T5313] RBP: ffffffffffffffea R08: ffffffff8de1683b R09: 1ffffffff1bc2d07 [ 75.718868][ T5313] R10: dffffc0000000000 R11: fffffbfff1bc2d08 R12: 0000000000000004 [ 75.722669][ T5313] R13: dffffc0000000000 R14: 00000000ffffffea R15: ffff888011681c00 [ 75.726142][ T5313] FS: 00007f2b334a06c0(0000) GS:ffff88808d264000(0000) knlGS:0000000000000000 [ 75.730070][ T5313] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.733433][ T5313] CR2: 00007f2b0a4f0140 CR3: 0000000042850000 CR4: 0000000000352ef0 [ 75.737349][ T5313] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.741049][ T5313] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.744560][ T5313] Kernel panic - not syncing: Fatal exception [ 75.747538][ T5313] Kernel Offset: disabled [ 75.749431][ T5313] Rebooting in 86400 seconds..