last executing test programs: 3.656468389s ago: executing program 2 (id=33): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180002000000000000000000000400009500000000000000ac3483f67bca20d47690a458fe368d42aa720c3ea894f61cc1fe96af5d1b8b82d74d9bf61642dd5e32bac4fedd1437139aaa89b864f47309e4fba5943ad2b684d3ee9badc0081b91e214561267667e297247b3f30d86bfa80febc54b42efff2dc1aa84bb6202de76880eeb8a4cee5dec153627d3323c3e0b875a4de359f7a24ba14e588d38404a87e488dc6a20a6f78bccc53e23f9e5b29b723dc927c1cd4ef6d19f55d02722fc53bd3b570dfdca76102ede78477b7c7bd7b9b4f4f60f06f9e0161bd2e09c7c0d5973712362090168fae51101659d44b8af8e156d707fe9014f4c506388065d395ce5eb9f4dcc0a20fd96b9239ac1929679113155ef8b511681ee09f44912aae6c561577f26db9bfbf3827bb1ff0f88fed316696bf5860e3ab5f4084474fa4311927628effb2089fe5ff42fd34e"], &(0x7f0000000080)='GPL\x00', 0x2, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x18, &(0x7f0000000200), 0x10}, 0x94) 3.500738145s ago: executing program 1 (id=34): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) splice(r2, 0x0, r1, 0x0, 0x1, 0x0) write$RDMA_USER_CM_CMD_CONNECT(r1, 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) getpid() r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80000) io_setup(0x206, 0x0) sendmsg$L2TP_CMD_SESSION_GET(r3, 0x0, 0x24008046) syz_emit_ethernet(0x0, 0x0, 0x0) 3.430309774s ago: executing program 3 (id=35): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000080)='./file1\x00', 0x2000000, &(0x7f0000000b80)=ANY=[@ANYBLOB="636865636b3d7374726963742c757466383d312c757466383d302c757466383d312c6e66732c6572726f72733d72656d6f756e742d726f2c73686f72746e616d653d77696e6e742c00043518f9aad8a4f2c1cdb3e993cf0444d9d2d40bb509d4da042c2c85e3650de97db42c38cafa7a9d7503c3c985486cf7fc80515e9bef7e9e56fb346de370b3eb3ecbc59d343c36bf04efc3d68033308b0014b0c677ae5ef2932cc05f566112668fa4f6844dcf823618a2993da771384e8fc12467a56b33e3b00030dbfd82ea2f8ddbeb1d04bac86815ebe0b9d084d60edf56b15e74589892dce86962f611a4313120b738dddfd38d20b443570197dc795020ecf541601ef9a5618869febf769dd50261849a47e170ba166b97e76a0261d0dc1fb3e2646595f1c8b49057d94f10f7b5e35ead0a38", @ANYRES8=0x0], 0x3, 0x257, &(0x7f0000000300)="$eJzs2s9rHGUYB/Bn0oTUlHQj/qIB8UUP6mVo4tVDgrQgBiraCFWRTs1El4y7YWcJrIjNSa/+CZ7Fozeh9OglF/8CD95yCXjpQRxpN7XdECFRmzX6+Vz2gWe+M+/svvvyHt7dV7/6ZGO9zteLfkxkWUwsxXbcyWIuJuK+7Xj5xWs/PPv2tXffWF5ZufRWSpeXry4sppTOP3frvc++ff52/9w7353/fjp25j7Y3Vv8eefpnQu7v139uF2ndp063X4q0o1ut1/cqMq01q438pTerMqiLlO7U5e9kf561d3cHKSiszY7s9kr6zoVnUHaKAep30393iAVHxXtTsrzPM3OBH/H6jd3mib2mqnr0TTNY1/Hudsx+1O0Ins8ZU8sZU9dz57Zzi7sNU1r3EPlkfD7/789tKifjai+3FrdWh1+DvvL69GOKsq4GK34Ne5Ok33D+vLrK5cupnvm4ovq5n7+5tbqmdH8QrRi7vD8wjCfRvPTMRMxFbGfX4xWPHl4fvHQ/Nl46YWHnp9HK378MLpRxVrczT7If76Q0mtXVg7k5+9dBwDwX5OnPxy6f8vzP+sP88fYHx7YX03G/OR4352IevDpRlFVZe80FFlEHOXiZvq4d37/1tHufNTizKn4eif/QmoiIspePXUqXvBRFPf/Of+W8fwDRUQs/fLKlfmR1njWI07Wg2kw7pEAAAAAAAAAAABwHCdxwHDkgc58AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/weAAD//63XxR4=") close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) creat(&(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x80) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x80, 0x1) rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 3.086275855s ago: executing program 2 (id=37): r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x200000, &(0x7f0000000000), 0x1, 0x566, &(0x7f00000015c0)="$eJzs3V9rW+UfAPDvSdv9//3WwRjqhRR24WQuXVv/TBA2L0WHA72foc3KaLqMJh1rHWy7cDfeyBBEHIgvwHsvh2/AVyHoYMgoeuFN5aQnW9YkTZtlNvN8PnC25znnpN/z5DnPk+/JSUgAuTWR/lOIeDkivkoiDrdsG41s48TGfmuPbsymSxLr65/8kUSSrWvun2T/H8wqL0XEz19EnCy0x62trC6UKpXyUlafrC9enaytrJ66vFiaL8+Xr0zPzJx5a2b63XfeHlhbX7/w17cf3//gzJfH17758cGRu0mci0PZttZ2PINbrZWJmMiek7E4t2nHqQEEGyZJrx06nAPsvpFsnI9FOgccjpFs1AP/fTcjYh3IqcT4h5xq5gHNa/sBXQe/MB6+v3EB1N7+0Y33RmJf49rowFry1JVRer07PoD4aYyffr93N12ix/sQNwcQD6Dp1u2IOD062j7/Jdn817/T23jXb3OMvL3+wG66n+Y/b3TKfwqP85/okP8c7DB2+9F7/BceDCBMV2n+917H/Pfx1DU+ktX+18j5xpJLlyvl0xHx/4g4EWN703q/93Na8790SeM3c8HsOB6M7n36MXOleqnPcG0e3o545Un+m0Tb/L+vketu7v/0+biwzRjHyvde7batd/tbDT4DXv8h4rWO/f/kjlay9f3Jycb5MNk8K9r9eefYL93i76z9g5f2/4Gt2z+etN6vre08xvf7/i5329bv+b8n+bRR3pOtu16q15emIvYkH7Wvn37y2Ga9uX/a/hPHt57/Op3/+yPis222/87R7mnQMPT/3I76f+eFXz/8/Ltu8bfX/282SieyNduZ/7Z7gM/y3AEAAAAAAMCwKUTEoUgKxcflQqFY3Ph8x9E4UKhUa/WTl6rLV+ai8V3Z8RgrNO90H275PMRU9nnYZn16U30mIo5ExNcj+xv14my1MrfbjQcAAAAAAAAAAAAAAAAAAIAhcbDL9/9Tv43s9tEBz52f/Ib86jn+B/FLT8BQ8voP+WX8Q34Z/5Bfxj/kl/EP+WX8Q34Z/5Bfxj8AAAAAAAAAAAAAAAAAAAAAAAAAAAAM1IXz59Nlfe3Rjdm0PndtZXmheu3UXLm2UFxcni3OVpeuFuer1flKuThbXez19yrV6tWp6Vi+Plkv1+qTtZXVi4vV5Sv1i5cXS/Pli+Wxf6VVAAAAAAAAAAAAAAAAAAAA8GKprawulCqV8pJC18LZGIrD6LuQ9Orls9nJ0FeI0d1voMJzKOzyxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALf4JAAD//5CPL9Y=") close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fallocate(r0, 0x0, 0x2a47, 0x8800000) 2.893168788s ago: executing program 3 (id=38): sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, 0x0, 0x20048040) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f0000000240)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@stripe={'stripe', 0x3d, 0x4000}}, {@errors_remount}, {@max_batch_time={'max_batch_time', 0x3d, 0x4}}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0x3af4701e) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000080)) 2.775534391s ago: executing program 0 (id=39): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000940)=@newlink={0x44, 0x10, 0x200, 0xfffffffc, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x75b13, 0x44}, [@IFLA_EVENT={0x8}, @IFLA_NET_NS_PID={0x8}, @IFLA_ALT_IFNAME={0x14, 0x35, 'virt_wifi0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x404c004) syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./file0\x00', 0x180c8, &(0x7f00000006c0)=ANY=[@ANYBLOB="6e66732c646f74732c636865636b3d7374726963742c646f74732c6572726f72733d72656d6f756e742d726f2c00fc403bb14281bbfb9b8213bd6284536d64789a24dd73b98b3e33cb47fed8a736464bb62e9e891aa832722dfc28bfa4489b3a127a503e72326b737d0f67c97be6f37ef46154dec39ef8718946ffc8cd4d735a0b101c1722477bbe2f923577ea51f7116f17c3ddf5c497fba2d0bb3272d123b31e9461d4e2d65a42e1174fa269de92e463fc1ca202650fe2628e15341e45dce6c0de2367bdb50cc5b2b462e1d45fc3265f1a88561ab6afb1b73a3b340b5c73055fc6e601843a59f3cdeb36991cfa985453287d4c9d2d6e21adddc57a607369c682e821b20dc0efd51d12f386f3f8e53c05e696e50c7c3f79b1b0bd7e5cfaf3f63d8949c8dd2fd94aa0f259a4cb9412c30c45f9d4d63d267d2a43f03a47fa56b3"], 0x1, 0x242, &(0x7f0000000300)="$eJzs3bFqFFEUBuBjskmWNKYWiwEbq0WtbBeJIA4IK1No5UC0SUSYNKPVPIbP4CP5GKnSjZhZsklcbczm7s58Hyz3wM/Cuc3eLc6d+fDw8/HRl9NP7c/vMR5nMYpo2jbiILZiOzr35uvWRb0bVzUBAGya2aycpu6B1aqqabkTEXt/JMWPJA0BAAAAAAAAAADw35bN/8e5+X8A6DPz//1XVdNyf/7/7Trz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEA65217v/3HJ3V/AMDtc/4DwPA4/wFgeJz/ADA8b9+9fz3N88NZlo0jzpq6qItu7fKXr/LDJ9mFg8W3zuq62L7Mn3Z5dj3fif15/mxpvhuPH3X57+zFm/xGvhdHq98+AAAAAAAAAAAAAAAAAAAArIVJdmnp/f7J5G95V115PsCN+/ujeDC6s20AAAAAAAAAAAAAAAAAAADARjv9+u24PDn5WCl6U8TztWjjrouItWijL0XqXyYAAAAAAAAAAAAAAAAAABiexaXf1J0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQDqL9/+vroiIpu2k3i4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQY78CAAD//139ms4=") lgetxattr(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trus'], 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181) 2.648431571s ago: executing program 2 (id=41): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000000080), &(0x7f0000000380)=0x4) r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000300)={0x0, 0x7734, 0x1, 0x1, 0x359}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000100)=0xffffffff, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 2.252373609s ago: executing program 0 (id=42): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001}, 0x50) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c000180050002000000000008000400050000000800010002000000240003"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) 2.069740217s ago: executing program 1 (id=44): r0 = syz_open_procfs$userns(0x0, &(0x7f0000000080)) mount_setattr(0xffffffffffffffff, 0x0, 0x8000, &(0x7f0000001dc0)={0x10000a, 0x0, 0x80000, {r0}}, 0x20) 1.874135607s ago: executing program 0 (id=45): close(0x3) syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x3200082, &(0x7f0000000040), 0x1, 0x5d4, &(0x7f0000000bc0)="$eJzs3W2IHGcdAPD/7t2m7V00rdRqqjZXq23sy17urgRTCpKP2qbUvnwyEo9kcwm3l423G+xdWrhShApGQvWTflIQVPwQERREpCDWj4LflFLBIkogFEtRNOrKzM6GTXZzl+vtZZqb3w/m7plnZvd5Zv/5z8uT2bkACmsi+VGK2B4Rr0XEjs7s5StMdH6dnTl3LJlK0W4//VYpXe+FmXPHuqt2Xzee/ChHfDj59ZuI8Up/u82l5fnZer22mM1PthZOTjaXlh86vjA7V5urnZiemdq7Z3rv1N59Q9vWH55+5XNvnH784pkLY99/feeufyb93Z4t692OYZmIiewzqcTHexeUIj4z7MZyMhIRoxHxwbw7wrod/P3Xn+3Gr5Lm/44YSecixmYOvr0jzjyadx+BzdNOXW3pSBvYykqRdw+AfHSP9Mn1b3e6Xuce81vlIvgGdmF/5wLwhWxs5+yl+I9GOVunsknX97v+FjERrfvPffburyZTbNI4DFe38mKkA3X9+V9Kx8Zuzda7JyJ2R8QnIuKTEXFvRNy3wbaf+WIS/z99s7dO/K+va43/pyKiGhH3R8QDEfFgRDy0wbbvOJDEf/xLvXXiXxx3fj7vHpCn372cdw9I9/97RkcH7f/LG3zvu9dY3k7/X3Hlzd46+//ieOrpvHtAnp7Ym3cPyNN33sq7B7y6v3Mx13/8L8cdPesl5Q91LhVjZ3LuHhEfiYiPRsTHIuKuiNjVvZ/oGj3/WLJ+tdZb13/8L5/fyPaxugv7Ix7tubfrbE/8M7eOZHPvS8cDKqWjx+u1PRHx/nRMqHJTMj+1ShtfW/n1Y4Pqf5z8w4mVJ7rjf8mUtN8dC8z6cX70pstfd2S2NbvBzSZz4cWIO0cHxb+U3QnUua+vHRGT77KNl3b/5LeD6j/9VJL/9z64evzZTO3vdsZxB8W/q7T6/ZmT6f5gsrtX6PdS3H5mUP2TF5P4v/lH8c9Pkv9jq8c/3f9ful+3uf42Rs+e/8bA+oUk/n/55bvZ/28rPZN2cFtW99xsq7U4FbGt9Hh//fT6+7xVdT+P7ueVxH/3PYOP/x/IXpN8oElm/zci/hcR/4qIf0fExYj4T0T8PSLeXqXNX7zyyM8H1c88m8T/r6/J//wk8T+yRv6XLsv/9Re+fde+rwxq+wffS+I/Vl07/x9OO7M7q3H+12f0yoprDVA+3QUAAAAAAABg2MrpM/BK5eqlcrlcrXae4Xd7jJXrjWbrgaONUyeORPZ90Eq5e6fXjp77Qaey74p256evmJ+JiNsi4uWRW9L56uFG/UjeGw8FtT3ijZ9++fC28avkf+L1kSte9Kvn8+gqMGRJ/h/91shKUn7nyjwHtrQk/3/0zkL6vSz5D8Ui/6G4Ovl/s/yHAnL8h+KS/1Bc8h+2ptI1rCP/objkPxSX/Ifi6s1/oJiePHAgmdrd536eaMwdnz92ct/0nurCqcPVw43Fk9W5RmMu/cbOwtrvV280Tk49HKeem2zVmq3J5tLyoYXGqROtQ+lzow/VKtdhm4C1/ePPX/jZbbte/UMpIlYeuSWdoufZ2XIVtjaX/lBcfQ+OBwrDOT6w1j1DN19twcFhvDuQh43+jX/gxnXfTuP/UFTG/6G4jP9DcTnHBzZ3/B94LzL+D8VVW2wuLc/P1ut9hbx7BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQTM2l5fnZer22uKFCJXu3weucHh9mWwoKCsMq/D8AAP//mqxB+g==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x14b442, 0x2) quotactl_fd$Q_GETQUOTA(r0, 0xffffffff80000701, 0x0, &(0x7f0000000480)) 1.851324124s ago: executing program 1 (id=46): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@rand_addr=0x64010100, @in=@loopback, 0x0, 0x7, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0xfffffffffffffffc, 0x1, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffff190}, {0x3, 0x0, 0x80, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in=@local, 0x0, 0x32}, 0x0, @in=@broadcast, 0x0, 0x4, 0x1, 0x0, 0xf000000}}, 0xe8) listen(r0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x4}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x100}}}}}}}, 0x0) 1.850578299s ago: executing program 4 (id=47): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x141000, 0x0) ioctl$PTP_EXTTS_REQUEST(r0, 0x40103d02, 0x0) 1.592363287s ago: executing program 3 (id=48): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000080)=0x10001) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)=0x10200) 1.579595476s ago: executing program 1 (id=49): syz_emit_ethernet(0x4e, &(0x7f0000000200)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x28}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x40, 0x0, 0x0, 0x3, 0x6, 0x0, @private=0xa010100, @dev}, {{0x4e22, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x3, {[@exp_fastopen={0x1d, 0x4}, @md5sig={0x13, 0x12, "0cd80e00"}]}}}}}}}, 0x0) 1.538943581s ago: executing program 4 (id=50): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x82, &(0x7f0000000300)=ANY=[], 0x8) 1.284249136s ago: executing program 0 (id=51): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0) ioctl$TIOCMBIC(r0, 0x5417, 0x0) 1.251988823s ago: executing program 3 (id=52): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000940)=@newlink={0x44, 0x10, 0x200, 0xfffffffc, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x75b13, 0x44}, [@IFLA_EVENT={0x8}, @IFLA_NET_NS_PID={0x8}, @IFLA_ALT_IFNAME={0x14, 0x35, 'virt_wifi0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x404c004) syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./file0\x00', 0x180c8, &(0x7f00000006c0)=ANY=[@ANYBLOB="6e66732c646f74732c636865636b3d7374726963742c646f74732c6572726f72733d72656d6f756e742d726f2c00fc403bb14281bbfb9b8213bd6284536d64789a24dd73b98b3e33cb47fed8a736464bb62e9e891aa832722dfc28bfa4489b3a127a503e72326b737d0f67c97be6f37ef46154dec39ef8718946ffc8cd4d735a0b101c1722477bbe2f923577ea51f7116f17c3ddf5c497fba2d0bb3272d123b31e9461d4e2d65a42e1174fa269de92e463fc1ca202650fe2628e15341e45dce6c0de2367bdb50cc5b2b462e1d45fc3265f1a88561ab6afb1b73a3b340b5c73055fc6e601843a59f3cdeb36991cfa985453287d4c9d2d6e21adddc57a607369c682e821b20dc0efd51d12f386f3f8e53c05e696e50c7c3f79b1b0bd7e5cfaf3f63d8949c8dd2fd94aa0f259a4cb9412c30c45f9d4d63d267d2a43f03a47fa56b3"], 0x1, 0x242, &(0x7f0000000300)="$eJzs3bFqFFEUBuBjskmWNKYWiwEbq0WtbBeJIA4IK1No5UC0SUSYNKPVPIbP4CP5GKnSjZhZsklcbczm7s58Hyz3wM/Cuc3eLc6d+fDw8/HRl9NP7c/vMR5nMYpo2jbiILZiOzr35uvWRb0bVzUBAGya2aycpu6B1aqqabkTEXt/JMWPJA0BAAAAAAAAAADw35bN/8e5+X8A6DPz//1XVdNyf/7/7Trz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEA65217v/3HJ3V/AMDtc/4DwPA4/wFgeJz/ADA8b9+9fz3N88NZlo0jzpq6qItu7fKXr/LDJ9mFg8W3zuq62L7Mn3Z5dj3fif15/mxpvhuPH3X57+zFm/xGvhdHq98+AAAAAAAAAAAAAAAAAAAArIVJdmnp/f7J5G95V115PsCN+/ujeDC6s20AAAAAAAAAAAAAAAAAAADARjv9+u24PDn5WCl6U8TztWjjrouItWijL0XqXyYAAAAAAAAAAAAAAAAAABiexaXf1J0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQDqL9/+vroiIpu2k3i4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQY78CAAD//139ms4=") lgetxattr(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trus'], 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181) 1.233594367s ago: executing program 4 (id=53): r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x1, @dev}, 0x1c, 0x0}, 0xfdff) 1.207715468s ago: executing program 1 (id=54): r0 = socket$unix(0x1, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x80, '\x00', r1, 0xffffffffffffffff, 0x1, 0x1}, 0x50) 1.02830582s ago: executing program 2 (id=55): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001}, 0x50) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c000180050002000000000008000400050000000800010002000000240003"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) 942.875632ms ago: executing program 3 (id=56): syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x402, &(0x7f00000010c0)={[{@fat=@errors_remount}, {@nodots}, {@fat=@nfs}, {@nodots}, {@fat=@flush}, {@fat=@usefree}, {@dots}, {@nodots}, {}, {@nodots}, {@dots}]}, 0x1, 0x165, &(0x7f0000000500)="$eJzs28HKElEYBuDPfi3/avGvo8VAm1ZSXUERBtFAUcyiVgXWRkPIzdQmL6UbDMKVuxM2kmIJaU4T+jwbX3g98I2ghyOc1zffDwfjybvxs1l0W61o348s5q24iEtxFpVpAADHZJ5SfEsppSvTOP8SKaVf3vK5kcEAgNr8wf4PABwZ+z8AnB77PwCcnhcvXz15kOf951nWjfg6LYuyqF4XbScePc77d7IfLlarZmfXl2nR3636bK0vy6ITV5f9vd/2l+P2rapfdA+f5hv9tRhExHn9HwEAAAAcvV720/r5viyL6vZfr7etr9La/wMb5/d23Gj/s8cAAHYw+fhp+GY0evthpxCxz6q/CN29Rz106ETEfzCGINQbmv5lAuq2+tI3PQkAAAAAAAAAAAAAALDNoW7gzdP25U0/IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGz6HgAA//8CqEx7") socket$packet(0x11, 0x3, 0x300) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff4000/0x9000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1bc2, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f9}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x501, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50) r1 = socket$inet(0x2, 0x80001, 0x84) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x1) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 907.063543ms ago: executing program 4 (id=57): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000000)={0x6c, r2, 0x1, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0xffffffff, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x6c}}, 0x0) 797.098001ms ago: executing program 1 (id=58): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x3) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x561, &(0x7f0000000f80)="$eJzs3U1rG0cfAPD/ylbenycOhNCWUgw9NCWNHNt9SaGH9NyGBtp7KuyNCZajYMkhdgNNDs25hF5KA6X30nOPoV+gh36GQBsIJZj20IvLyivFL5ItJ7KtVL8frJnZXWl2NPsfz2gkFMDAGs3+FCJejoivk4jjEZHkx4YjPzi6et7yk1tT2ZbEysqnfyaN87J887majzuaZ16KiF++ijhT2FxubXFptlyppPN5fqw+d32strh09upceSadSa9NTE6ef2dy4v333u1ZXd+89Pe3nzwYynMn7iVxIY7lubX1eA6312ZGYzR/TYpxYcOJ4z0orJ8kbff+tOfXwc4M5XFejKwPOB5DedQD/31fRsQKMKCSHcf/b8XduRJgbzXHAc25fY/mwS+Mxx+uToA213949b2RONSYGx1ZTtbNjLL57kgPys/K+PmP+/eyLXr3PgTAtm7fiYhzw8Ob+78k7/+e3bkuztlYhv4P9s6DbPzzVrvxT6E1/ok245+jbWL3WWwf/4VHPSimo2z890Hb8W9r0WpkKM/9rzHmKyZXrlbSrG/7f0ScjuLBLL/Ves755YcrnY6tHf9lW1Z+cyyYX8ej4YPrHzNdrpefp85rPb4T8Urb8W/Sav+kTftnr8elLss4ld5/rdOx7eu/u1Z+iHijbfs/XdFKtl6fHGvcD2PNu2Kzv+6e+rVT+ftd/6z9j2xd/5Fk7XptbedlfH/onzRa68nrrat/dH//H0g+a6QP5Ptuluv1+fGIA8nHrf2F5v6Jp49t5pvnZ/U//frW/V+7+/9wRHzeZf3vnvzx1U7H+qH9p9u2f2t2u6H9d554+NEX33Uqv7v+7+1G6nS+p5v+r9sLfJ7XDgAAAAAAAPpNISKORVIotdKFQqm0+vmOk3GkUKnW6meuVBeuTUfju7IjUSw0V7qPr/k8xHi+YtjMT2zIT0bEiYj4ZuhwI1+aqlam97vyAAAAAAAAAAAAAAAAAAAA0CeOdvj+f+b3of2+OmDX+clvGFzbxn8vfukJ6Ev+/8PgEv8wuMQ/DC7xD4NL/MPgEv8wuMQ/DC7xDwAAAAAAAAAAAAAAAAAAAAAAAAAAAD116eLFbFtZfnJrKstP31hcmK3eODud1mZLcwtTpanq/PXSTLU6U0lLU9W57Z6vUq1eH5+IhZtj9bRWH6stLl2eqy5cq1++OleeSS+nxT2pFQAAAAAAAAAAAAAAAAAAALxYaotLs+VKJZ2XkHimxHB/XIZEjxP73TMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFP/BgAA//9q6zMB") setxattr$incfs_metadata(&(0x7f0000000240)='./file1\x00', &(0x7f0000000280), &(0x7f0000000380)="30573472b621739984c336124406e8a5c812ca847e3bf1b82ec91d46ab", 0x1d, 0x1) lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f0000000000)=ANY=[], 0x361, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000300)=ANY=[], 0xfe37, 0x0) 663.683673ms ago: executing program 0 (id=59): bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in=@rand_addr=0x64010100, @in=@loopback, 0x0, 0x7, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0xfffffffffffffffc, 0x1, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffff190}, {0x3, 0x0, 0x80, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in=@local, 0x0, 0x32}, 0x0, @in=@broadcast, 0x0, 0x4, 0x1, 0x0, 0xf000000}}, 0xe8) listen(0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x4}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x100}}}}}}}, 0x0) 607.52719ms ago: executing program 2 (id=60): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x23}, 0x8005d}) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_buf(r0, 0x6, 0xd, 0x0, 0x0) getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x3, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x88fe) 238.653988ms ago: executing program 2 (id=61): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x218004, &(0x7f00000003c0)={[{@block_validity}, {}, {@resgid}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@norecovery}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020660b, &(0x7f0000000480)={0x47, 0xffffffffffffffff, 0x4, 0x9}) 216.94563ms ago: executing program 3 (id=62): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syslog(0x4, &(0x7f0000000000)=""/19, 0xb12288e90d7c8384) 188.022916ms ago: executing program 4 (id=63): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="39000000140081ae10003c000500018311001f9f660fcf066505acb612f691f3bd3508abca1be6eeb89c44ebb37358582bdbb7d553b4e92155", 0x39}], 0x1}, 0x0) 89.815514ms ago: executing program 0 (id=64): r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e15000)={0x2, 0x4e20, @empty}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2, 0x0, 0x0) listen(r0, 0x80007ffe) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) socketpair(0x1e, 0x800, 0x7f, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000200)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x28}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x40, 0x0, 0x0, 0x3, 0x6, 0x0, @private=0xa010100, @dev}, {{0x4e22, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x3, {[@exp_fastopen={0x1d, 0x4}, @md5sig={0x13, 0x12, "0cd80e00"}]}}}}}}}, 0x0) 0s ago: executing program 4 (id=65): r0 = fsopen(&(0x7f0000000000)='securityfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x1) fchdir(r1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) fspick(r2, &(0x7f0000000200)='.\x00', 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.7' (ED25519) to the list of known hosts. [ 84.052268][ T5809] cgroup: Unknown subsys name 'net' [ 84.192123][ T5809] cgroup: Unknown subsys name 'cpuset' [ 84.203282][ T5809] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.457915][ T5809] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.909892][ T5828] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.937354][ T5828] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.957233][ T5828] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.973434][ T5828] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.982965][ T5828] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.105151][ T5141] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.127977][ T5141] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.147812][ T5141] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.165299][ T5141] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.174512][ T5141] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.205729][ T5828] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.228254][ T5828] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.238025][ T5828] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.252162][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.263160][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.272856][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.281773][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.291261][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.300934][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.301151][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.351662][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.374499][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.386494][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.400287][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.412781][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.830503][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 90.219574][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.228782][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.238014][ T5827] bridge_slave_0: entered allmulticast mode [ 90.247592][ T5827] bridge_slave_0: entered promiscuous mode [ 90.268725][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 90.313133][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.327592][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.335641][ T5827] bridge_slave_1: entered allmulticast mode [ 90.345287][ T5827] bridge_slave_1: entered promiscuous mode [ 90.565592][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.583878][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.710089][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 90.732005][ T5827] team0: Port device team_slave_0 added [ 90.767962][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 90.795178][ T5827] team0: Port device team_slave_1 added [ 90.820964][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 90.837044][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.844480][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.853600][ T5840] bridge_slave_0: entered allmulticast mode [ 90.861810][ T5840] bridge_slave_0: entered promiscuous mode [ 90.918538][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.926294][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.934356][ T5840] bridge_slave_1: entered allmulticast mode [ 90.943218][ T5840] bridge_slave_1: entered promiscuous mode [ 91.066576][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.074394][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.074693][ T5828] Bluetooth: hci0: command tx timeout [ 91.102271][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.163922][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.171897][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.212404][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.227905][ T5828] Bluetooth: hci1: command tx timeout [ 91.242710][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.298965][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.387156][ T51] Bluetooth: hci2: command tx timeout [ 91.393292][ T5828] Bluetooth: hci3: command tx timeout [ 91.426009][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.433936][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.441905][ T5837] bridge_slave_0: entered allmulticast mode [ 91.450444][ T5837] bridge_slave_0: entered promiscuous mode [ 91.467532][ T5828] Bluetooth: hci4: command tx timeout [ 91.483870][ T5840] team0: Port device team_slave_0 added [ 91.524750][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.533083][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.541453][ T5837] bridge_slave_1: entered allmulticast mode [ 91.550049][ T5837] bridge_slave_1: entered promiscuous mode [ 91.559025][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.567280][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.575027][ T5832] bridge_slave_0: entered allmulticast mode [ 91.583932][ T5832] bridge_slave_0: entered promiscuous mode [ 91.598209][ T5840] team0: Port device team_slave_1 added [ 91.604925][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.612828][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.622180][ T5835] bridge_slave_0: entered allmulticast mode [ 91.630735][ T5835] bridge_slave_0: entered promiscuous mode [ 91.675525][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.685783][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.697071][ T5832] bridge_slave_1: entered allmulticast mode [ 91.706195][ T5832] bridge_slave_1: entered promiscuous mode [ 91.731409][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.739120][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.746731][ T5835] bridge_slave_1: entered allmulticast mode [ 91.755406][ T5835] bridge_slave_1: entered promiscuous mode [ 91.772855][ T5827] hsr_slave_0: entered promiscuous mode [ 91.781049][ T5827] hsr_slave_1: entered promiscuous mode [ 91.876619][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.904738][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.912226][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.939831][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.958651][ T24] cfg80211: failed to load regulatory.db [ 91.979643][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.994151][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.027575][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.042794][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.053897][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.061072][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.089698][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.125060][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.221634][ T5832] team0: Port device team_slave_0 added [ 92.260961][ T5837] team0: Port device team_slave_0 added [ 92.274191][ T5837] team0: Port device team_slave_1 added [ 92.286254][ T5832] team0: Port device team_slave_1 added [ 92.422107][ T5835] team0: Port device team_slave_0 added [ 92.433284][ T5835] team0: Port device team_slave_1 added [ 92.468455][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.479226][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.516199][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.534471][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.545845][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.577157][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.639003][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.646284][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.675538][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.698452][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.705657][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.734239][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.780160][ T5840] hsr_slave_0: entered promiscuous mode [ 92.791521][ T5840] hsr_slave_1: entered promiscuous mode [ 92.801603][ T5840] debugfs: 'hsr0' already exists in 'hsr' [ 92.809470][ T5840] Cannot create hsr debugfs directory [ 92.854908][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.865158][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.905658][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.925262][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.933401][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.966549][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.078730][ T5837] hsr_slave_0: entered promiscuous mode [ 93.088104][ T5837] hsr_slave_1: entered promiscuous mode [ 93.099583][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 93.105837][ T5837] Cannot create hsr debugfs directory [ 93.148825][ T5828] Bluetooth: hci0: command tx timeout [ 93.274632][ T5832] hsr_slave_0: entered promiscuous mode [ 93.283132][ T5832] hsr_slave_1: entered promiscuous mode [ 93.291394][ T5832] debugfs: 'hsr0' already exists in 'hsr' [ 93.297950][ T5832] Cannot create hsr debugfs directory [ 93.307049][ T5828] Bluetooth: hci1: command tx timeout [ 93.467975][ T5828] Bluetooth: hci3: command tx timeout [ 93.473654][ T5828] Bluetooth: hci2: command tx timeout [ 93.481596][ T5835] hsr_slave_0: entered promiscuous mode [ 93.489282][ T5835] hsr_slave_1: entered promiscuous mode [ 93.497765][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 93.504502][ T5835] Cannot create hsr debugfs directory [ 93.547006][ T5828] Bluetooth: hci4: command tx timeout [ 93.998747][ T5827] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.019811][ T5827] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.071569][ T5827] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.094536][ T5827] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.298514][ T5840] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.316750][ T5840] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.337578][ T5840] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.356790][ T5840] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.522748][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.556313][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.575225][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.589865][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.708196][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.763434][ T5832] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.779890][ T5832] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.796514][ T5832] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.811148][ T5832] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.922783][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.973192][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.981703][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.011068][ T5835] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 95.026126][ T5835] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 95.042977][ T5835] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 95.055930][ T5835] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.074299][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.082489][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.129801][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.228335][ T5828] Bluetooth: hci0: command tx timeout [ 95.269999][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.301995][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.310226][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.380331][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.389081][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.399961][ T5828] Bluetooth: hci1: command tx timeout [ 95.549384][ T51] Bluetooth: hci3: command tx timeout [ 95.555672][ T5828] Bluetooth: hci2: command tx timeout [ 95.582501][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.628960][ T5828] Bluetooth: hci4: command tx timeout [ 95.749363][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.772033][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.844982][ T82] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.853293][ T82] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.904074][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.932850][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.961178][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.971628][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.986478][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.998335][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.092764][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.102857][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.157363][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.198835][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.255662][ T82] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.263978][ T82] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.283023][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.290447][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.418927][ T5837] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 96.521293][ T5827] veth0_vlan: entered promiscuous mode [ 96.614497][ T5827] veth1_vlan: entered promiscuous mode [ 96.650995][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.930855][ T5827] veth0_macvtap: entered promiscuous mode [ 96.983888][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.008914][ T5827] veth1_macvtap: entered promiscuous mode [ 97.064431][ T5840] veth0_vlan: entered promiscuous mode [ 97.126619][ T5840] veth1_vlan: entered promiscuous mode [ 97.176226][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.215829][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.279589][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.290049][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.309468][ T5828] Bluetooth: hci0: command tx timeout [ 97.335284][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.348454][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.390036][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.424017][ T5837] veth0_vlan: entered promiscuous mode [ 97.460165][ T5840] veth0_macvtap: entered promiscuous mode [ 97.477633][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.478251][ T5828] Bluetooth: hci1: command tx timeout [ 97.538675][ T5837] veth1_vlan: entered promiscuous mode [ 97.564181][ T5840] veth1_macvtap: entered promiscuous mode [ 97.627322][ T5828] Bluetooth: hci2: command tx timeout [ 97.632878][ T51] Bluetooth: hci3: command tx timeout [ 97.675349][ T1159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.706675][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.718543][ T1159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.719387][ T51] Bluetooth: hci4: command tx timeout [ 97.794030][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.888095][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.910600][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.921591][ T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.932388][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.970951][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.982541][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.033614][ T5832] veth0_vlan: entered promiscuous mode [ 98.052466][ T5837] veth0_macvtap: entered promiscuous mode [ 98.080788][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 98.106794][ T5837] veth1_macvtap: entered promiscuous mode [ 98.196395][ T5832] veth1_vlan: entered promiscuous mode [ 98.292035][ T5936] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3'. [ 98.316804][ T5936] netlink: 'syz.2.3': attribute type 1 has an invalid length. [ 98.327978][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.336337][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.361819][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.398621][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.426057][ T1159] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.478703][ T5938] loop2: detected capacity change from 0 to 1024 [ 98.525179][ T1159] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.536993][ T1159] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.552923][ T5835] veth0_vlan: entered promiscuous mode [ 98.560712][ T5938] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.573607][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.573655][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.601100][ T1159] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.633219][ T5835] veth1_vlan: entered promiscuous mode [ 98.662111][ T5832] veth0_macvtap: entered promiscuous mode [ 98.701996][ T5832] veth1_macvtap: entered promiscuous mode [ 98.725594][ T5827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.905452][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.956374][ T1159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.974461][ T5835] veth0_macvtap: entered promiscuous mode [ 98.984639][ T1159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.023835][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.106373][ T5835] veth1_macvtap: entered promiscuous mode [ 99.112730][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.132819][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.249696][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.278630][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.345131][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.374617][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.439757][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.568560][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.679528][ T1159] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.697968][ T49] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.784831][ T49] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.784908][ T49] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.793849][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.793875][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.945053][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.986488][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.197057][ T5974] program syz.3.16 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 100.210563][ T1159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.228069][ T1159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.406417][ T5981] tmpfs: Bad value for 'mpol' [ 100.435148][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.487200][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.054328][ T5995] loop3: detected capacity change from 0 to 128 [ 101.114858][ T5995] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 101.203040][ T5995] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 101.732522][ T6004] loop0: detected capacity change from 0 to 8192 [ 101.872465][ T6017] loop4: detected capacity change from 0 to 512 [ 101.960844][ T6017] ======================================================= [ 101.960844][ T6017] WARNING: The mand mount option has been deprecated and [ 101.960844][ T6017] and is ignored by this kernel. Remove the mand [ 101.960844][ T6017] option from the mount to silence this warning. [ 101.960844][ T6017] ======================================================= [ 102.145485][ T6017] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.203278][ T6017] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.275670][ T6024] loop3: detected capacity change from 0 to 128 [ 102.343997][ T6017] EXT4-fs error (device loop4): ext4_validate_block_bitmap:423: comm syz.4.31: bg 0: bad block bitmap checksum [ 102.421953][ T6017] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6685: Filesystem failed CRC [ 102.479218][ T6028] loop2: detected capacity change from 0 to 1024 [ 102.621921][ T6028] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.769584][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.814567][ T5827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.915635][ T6034] loop3: detected capacity change from 0 to 512 [ 103.005548][ T6036] loop0: detected capacity change from 0 to 512 [ 103.027098][ T6034] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 103.128753][ T6034] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 103.200520][ T6034] EXT4-fs (loop3): 1 truncate cleaned up [ 103.266306][ T6034] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.784682][ T6052] loop0: detected capacity change from 0 to 512 [ 103.878308][ T6052] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.912749][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.212380][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.345640][ T6065] loop3: detected capacity change from 0 to 512 [ 104.843240][ T6078] loop3: detected capacity change from 0 to 128 [ 104.852310][ T6079] tipc: Started in network mode [ 104.861005][ T6079] tipc: Node identity 7f000001, cluster identity 4711 [ 104.898079][ T6079] tipc: Enabling of bearer rejected, failed to enable media [ 104.968320][ T6080] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 104.983305][ T6077] loop1: detected capacity change from 0 to 1024 [ 105.034054][ T6080] tipc: Enabled bearer , priority 10 [ 105.176532][ T6077] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.257496][ T6089] loop2: detected capacity change from 0 to 1024 [ 105.279034][ T6089] EXT4-fs: Ignoring removed orlov option [ 105.419517][ T6089] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.542210][ T6077] ================================================================== [ 105.553807][ T6077] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x8e9/0x1e20 [ 105.561837][ T6077] Read of size 18446744073709551588 at addr ffff88801bf06040 by task syz.1.58/6077 [ 105.571435][ T6077] [ 105.573842][ T6077] CPU: 1 UID: 0 PID: 6077 Comm: syz.1.58 Not tainted syzkaller #0 PREEMPT(full) [ 105.573871][ T6077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 105.573894][ T6077] Call Trace: [ 105.573907][ T6077] [ 105.573919][ T6077] dump_stack_lvl+0xe8/0x150 [ 105.573958][ T6077] print_report+0xba/0x230 [ 105.573986][ T6077] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 105.574015][ T6077] kasan_report+0x117/0x150 [ 105.574052][ T6077] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 105.574083][ T6077] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 105.574113][ T6077] kasan_check_range+0x264/0x2c0 [ 105.574139][ T6077] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 105.574168][ T6077] __asan_memmove+0x29/0x70 [ 105.574190][ T6077] ext4_xattr_set_entry+0x8e9/0x1e20 [ 105.574231][ T6077] ext4_xattr_block_set+0x878/0x2ad0 [ 105.574261][ T6077] ? __pfx_ext4_free_in_core_inode+0x10/0x10 [ 105.574291][ T6077] ? __pfx_evict+0x10/0x10 [ 105.574315][ T6077] ? do_raw_spin_unlock+0xf5/0x210 [ 105.574340][ T6077] ? _raw_spin_unlock+0x28/0x50 [ 105.574372][ T6077] ? iput+0xb25/0xe80 [ 105.574406][ T6077] ? __pfx_ext4_xattr_block_set+0x10/0x10 [ 105.574435][ T6077] ? ext4_xattr_ibody_set+0x510/0x6a0 [ 105.574468][ T6077] ext4_xattr_set_handle+0x1286/0x14c0 [ 105.574508][ T6077] ? __pfx_ext4_xattr_set_handle+0x10/0x10 [ 105.574547][ T6077] ext4_xattr_set+0x255/0x340 [ 105.574581][ T6077] ? __pfx_ext4_xattr_set+0x10/0x10 [ 105.574612][ T6077] ? __pfx_evm_protect_xattr+0x10/0x10 [ 105.574645][ T6077] ? __pfx_ext4_xattr_trusted_set+0x10/0x10 [ 105.574686][ T6077] __vfs_setxattr+0x43c/0x480 [ 105.574726][ T6077] __vfs_setxattr_noperm+0x12d/0x660 [ 105.574763][ T6077] vfs_setxattr+0x163/0x360 [ 105.574799][ T6077] ? __pfx_vfs_setxattr+0x10/0x10 [ 105.574841][ T6077] filename_setxattr+0x296/0x630 [ 105.574880][ T6077] ? __pfx_filename_setxattr+0x10/0x10 [ 105.574916][ T6077] ? do_getname+0x151/0x250 [ 105.574946][ T6077] path_setxattrat+0x3eb/0x440 [ 105.574977][ T6077] ? __pfx_path_setxattrat+0x10/0x10 [ 105.575001][ T6077] ? do_futex+0x395/0x420 [ 105.575044][ T6077] ? rcu_is_watching+0x15/0xb0 [ 105.575078][ T6077] __x64_sys_lsetxattr+0xbf/0xe0 [ 105.575100][ T6077] do_syscall_64+0x14d/0xf80 [ 105.575122][ T6077] ? trace_irq_disable+0x3b/0x150 [ 105.575142][ T6077] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.575164][ T6077] ? clear_bhb_loop+0x40/0x90 [ 105.575189][ T6077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.575212][ T6077] RIP: 0033:0x7f3beb39c799 [ 105.575240][ T6077] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.575259][ T6077] RSP: 002b:00007f3bec1c2028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 105.575283][ T6077] RAX: ffffffffffffffda RBX: 00007f3beb615fa0 RCX: 00007f3beb39c799 [ 105.575299][ T6077] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0 [ 105.575315][ T6077] RBP: 00007f3beb432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 105.575329][ T6077] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 105.575343][ T6077] R13: 00007f3beb616038 R14: 00007f3beb615fa0 R15: 00007ffdb958f918 [ 105.575368][ T6077] [ 105.575377][ T6077] [ 105.984607][ T6077] Allocated by task 6077: [ 105.989610][ T6077] kasan_save_track+0x3e/0x80 [ 105.994629][ T6077] __kasan_kmalloc+0x93/0xb0 [ 106.000071][ T6077] __kmalloc_node_track_caller_noprof+0x4db/0x7b0 [ 106.009138][ T6077] kmemdup_noprof+0x2b/0x70 [ 106.013702][ T6077] ext4_xattr_block_set+0x787/0x2ad0 [ 106.019693][ T6077] ext4_xattr_set_handle+0x1286/0x14c0 [ 106.026019][ T6077] ext4_xattr_set+0x255/0x340 [ 106.032352][ T6077] __vfs_setxattr+0x43c/0x480 [ 106.038497][ T6077] __vfs_setxattr_noperm+0x12d/0x660 [ 106.046109][ T6077] vfs_setxattr+0x163/0x360 [ 106.054337][ T6077] filename_setxattr+0x296/0x630 [ 106.061571][ T6077] path_setxattrat+0x3eb/0x440 [ 106.068284][ T6077] __x64_sys_lsetxattr+0xbf/0xe0 [ 106.074536][ T6077] do_syscall_64+0x14d/0xf80 [ 106.080888][ T6077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.087720][ T6077] [ 106.090463][ T6077] The buggy address belongs to the object at ffff88801bf06000 [ 106.090463][ T6077] which belongs to the cache kmalloc-1k of size 1024 [ 106.108927][ T6077] The buggy address is located 64 bytes inside of [ 106.108927][ T6077] 1024-byte region [ffff88801bf06000, ffff88801bf06400) [ 106.124888][ T6077] [ 106.127912][ T6077] The buggy address belongs to the physical page: [ 106.135362][ T6077] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1bf00 [ 106.145167][ T6077] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 106.155196][ T6077] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 106.164288][ T6077] page_type: f5(slab) [ 106.168345][ T6077] raw: 00fff00000000040 ffff88801b02edc0 dead000000000100 dead000000000122 [ 106.177074][ T6077] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 106.186765][ T6077] head: 00fff00000000040 ffff88801b02edc0 dead000000000100 dead000000000122 [ 106.196465][ T6077] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 106.207040][ T6077] head: 00fff00000000003 ffffea00006fc001 00000000ffffffff 00000000ffffffff [ 106.216811][ T6077] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 106.227112][ T6077] page dumped because: kasan: bad access detected [ 106.233971][ T6077] page_owner tracks the page as allocated [ 106.241470][ T6077] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1159, tgid 1159 (kworker/u8:10), ts 105500750689, free_ts 105431504838 [ 106.262401][ T6077] post_alloc_hook+0x231/0x280 [ 106.267484][ T6077] get_page_from_freelist+0x23a1/0x2440 [ 106.273184][ T6077] __alloc_frozen_pages_noprof+0x18d/0x380 [ 106.279047][ T6077] alloc_pages_mpol+0x232/0x4a0 [ 106.283955][ T6077] allocate_slab+0x83/0x660 [ 106.288536][ T6077] ___slab_alloc+0x150/0x6b0 [ 106.293274][ T6077] __kmalloc_noprof+0x18a/0x760 [ 106.298173][ T6077] ieee802_11_parse_elems_full+0x159/0x2ab0 [ 106.304131][ T6077] ieee80211_inform_bss+0x161/0x1160 [ 106.309914][ T6077] cfg80211_inform_single_bss_data+0xd08/0x1b70 [ 106.316239][ T6077] cfg80211_inform_bss_data+0x266/0x3c40 [ 106.322108][ T6077] cfg80211_inform_bss_frame_data+0x3c7/0x760 [ 106.328241][ T6077] ieee80211_bss_info_update+0x794/0xa40 [ 106.334037][ T6077] ieee80211_ibss_rx_queued_mgmt+0x1901/0x2cd0 [ 106.340268][ T6077] ieee80211_iface_work+0x84e/0x1340 [ 106.345613][ T6077] cfg80211_wiphy_work+0x2ab/0x4a0 [ 106.350779][ T6077] page last free pid 6084 tgid 6083 stack trace: [ 106.357134][ T6077] __free_frozen_pages+0xbe2/0xd60 [ 106.364297][ T6077] __folio_put+0x414/0x4f0 [ 106.369146][ T6077] do_exit+0x18bd/0x23c0 [ 106.373981][ T6077] do_group_exit+0x21b/0x2d0 [ 106.379769][ T6077] get_signal+0x1284/0x1330 [ 106.384731][ T6077] arch_do_signal_or_restart+0xbc/0x830 [ 106.390913][ T6077] exit_to_user_mode_loop+0x86/0x480 [ 106.397473][ T6077] do_syscall_64+0x32d/0xf80 [ 106.402775][ T6077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.409345][ T6077] [ 106.411829][ T6077] Memory state around the buggy address: [ 106.417592][ T6077] ffff88801bf05f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 106.426686][ T6077] ffff88801bf05f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 106.435501][ T6077] >ffff88801bf06000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 106.443599][ T6077] ^ [ 106.449905][ T6077] ffff88801bf06080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 106.458554][ T6077] ffff88801bf06100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 106.466953][ T6077] ================================================================== [ 106.490777][ T5983] tipc: Node number set to 2130706433 [ 106.625670][ T6077] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 106.635274][ T6077] CPU: 0 UID: 0 PID: 6077 Comm: syz.1.58 Not tainted syzkaller #0 PREEMPT(full) [ 106.648811][ T6077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 106.661051][ T6077] Call Trace: [ 106.664552][ T6077] [ 106.668331][ T6077] vpanic+0x56c/0xa60 [ 106.673527][ T6077] ? __pfx_vpanic+0x10/0x10 [ 106.679245][ T6077] panic+0xc5/0xd0 [ 106.683575][ T6077] ? __pfx_panic+0x10/0x10 [ 106.689482][ T6077] ? preempt_schedule_thunk+0x16/0x30 [ 106.695766][ T6077] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 106.705415][ T6077] ? preempt_schedule_thunk+0x16/0x30 [ 106.714531][ T6077] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 106.721584][ T6077] check_panic_on_warn+0x89/0xb0 [ 106.729302][ T6077] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 106.737319][ T6077] end_report+0x73/0x180 [ 106.745746][ T6077] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 106.752884][ T6077] kasan_report+0x128/0x150 [ 106.760816][ T6077] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 106.766637][ T6077] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 106.773215][ T6077] kasan_check_range+0x264/0x2c0 [ 106.778255][ T6077] ? ext4_xattr_set_entry+0x8e9/0x1e20 [ 106.786065][ T6077] __asan_memmove+0x29/0x70 [ 106.792378][ T6077] ext4_xattr_set_entry+0x8e9/0x1e20 [ 106.800537][ T6077] ext4_xattr_block_set+0x878/0x2ad0 [ 106.806735][ T6077] ? __pfx_ext4_free_in_core_inode+0x10/0x10 [ 106.814451][ T6077] ? __pfx_evict+0x10/0x10 [ 106.820938][ T6077] ? do_raw_spin_unlock+0xf5/0x210 [ 106.828896][ T6077] ? _raw_spin_unlock+0x28/0x50 [ 106.837141][ T6077] ? iput+0xb25/0xe80 [ 106.843702][ T6077] ? __pfx_ext4_xattr_block_set+0x10/0x10 [ 106.853805][ T6077] ? ext4_xattr_ibody_set+0x510/0x6a0 [ 106.861211][ T6077] ext4_xattr_set_handle+0x1286/0x14c0 [ 106.870794][ T6077] ? __pfx_ext4_xattr_set_handle+0x10/0x10 [ 106.879132][ T6077] ext4_xattr_set+0x255/0x340 [ 106.887476][ T6077] ? __pfx_ext4_xattr_set+0x10/0x10 [ 106.894942][ T6077] ? __pfx_evm_protect_xattr+0x10/0x10 [ 106.901114][ T6077] ? __pfx_ext4_xattr_trusted_set+0x10/0x10 [ 106.908515][ T6077] __vfs_setxattr+0x43c/0x480 [ 106.914890][ T6077] __vfs_setxattr_noperm+0x12d/0x660 [ 106.922366][ T6077] vfs_setxattr+0x163/0x360 [ 106.927399][ T6077] ? __pfx_vfs_setxattr+0x10/0x10 [ 106.934343][ T6077] filename_setxattr+0x296/0x630 [ 106.941107][ T6077] ? __pfx_filename_setxattr+0x10/0x10 [ 106.947392][ T6077] ? do_getname+0x151/0x250 [ 106.953219][ T6077] path_setxattrat+0x3eb/0x440 [ 106.959166][ T6077] ? __pfx_path_setxattrat+0x10/0x10 [ 106.968892][ T6077] ? do_futex+0x395/0x420 [ 106.974218][ T6077] ? rcu_is_watching+0x15/0xb0 [ 106.981226][ T6077] __x64_sys_lsetxattr+0xbf/0xe0 [ 106.989015][ T6077] do_syscall_64+0x14d/0xf80 [ 106.994322][ T6077] ? trace_irq_disable+0x3b/0x150 [ 107.003683][ T6077] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.012277][ T6077] ? clear_bhb_loop+0x40/0x90 [ 107.018340][ T6077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.025590][ T6077] RIP: 0033:0x7f3beb39c799 [ 107.031380][ T6077] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 107.059612][ T6077] RSP: 002b:00007f3bec1c2028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 107.070210][ T6077] RAX: ffffffffffffffda RBX: 00007f3beb615fa0 RCX: 00007f3beb39c799 [ 107.079933][ T6077] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0 [ 107.091908][ T6077] RBP: 00007f3beb432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 107.100805][ T6077] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 107.109381][ T6077] R13: 00007f3beb616038 R14: 00007f3beb615fa0 R15: 00007ffdb958f918 [ 107.119158][ T6077] [ 107.124340][ T6077] Kernel Offset: disabled [ 107.130515][ T6077] Rebooting in 86400 seconds..