last executing test programs: 6.065635616s ago: executing program 2 (id=193): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000200)='cpuset.memory_migrate\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000240)=0x4, 0x12) 5.873865498s ago: executing program 2 (id=197): syz_mount_image$exfat(&(0x7f0000000280), &(0x7f0000001800)='./file1\x00', 0x8010, &(0x7f00000018c0)=ANY=[], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==") r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000640)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) open(0x0, 0x480400, 0x2) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) 4.46107671s ago: executing program 0 (id=202): bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000680)={r0}, 0xc) 4.326753648s ago: executing program 0 (id=204): syz_usb_connect$cdc_ecm(0x5, 0x5a, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000020000202505a1a4400000000101090248000101006015090400001a02020000052406000005240004000d240f01800000000100fcff500424020209058103ff0300030609"], 0x0) r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @empty, 0x9}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x659f, 0x4) write$binfmt_script(r0, &(0x7f00000000c0), 0x28) recvmmsg(r0, &(0x7f0000006640)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x40002000, 0x0) 3.007707055s ago: executing program 2 (id=211): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) sendmsg$IPVS_CMD_FLUSH(r2, 0x0, 0x800) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$SNDCTL_MIDI_INFO(r3, 0xc074510c, &(0x7f0000000140)={"37ce7f07583d8ee176f1ff84573b93f549823ebb845077172f2217d45353", 0x1, 0x0, 0x8, [0x2, 0x7, 0x6, 0x2, 0xf675, 0x8, 0x8, 0x725, 0x2, 0x80000000, 0x1, 0x1d8, 0x4, 0x7, 0x5, 0x8, 0x42a70c84, 0x87]}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r4, 0xae80, 0x0) 2.634405646s ago: executing program 0 (id=213): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r2, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="08030000000000001c0012000c000100626f6e64000000000c"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="4800000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0003000000000100200012800e0001006970366772657461700000000c00028008000100", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r3], 0x48}}, 0x0) 2.633866036s ago: executing program 1 (id=214): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed4040, &(0x7f00000006c0)={[{@noblock_validity}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}, {@journal_dev={'journal_dev', 0x3d, 0x803}}, {@grpid}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x2}}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@nolazytime}, {@init_itable_val={'init_itable', 0x3d, 0x5}}]}, 0xf5, 0x47a, &(0x7f0000000ac0)="$eJzs3M9vFFUcAPDvTLel5YdFxB8gaBWMxB8tLT/kYGI0mnjQaKIHjKd1WwhSwEBNhBBFDxjjwZB4Nx5N/As86cWoJxOveDckxHABPa2ZnRnaLrulpQu7uJ9PMux7M7O89903b/fNe7sNoG+NZf8kEesj4mJEjEZEpfmEsfzh2pWztX+unK0lUa+/9XeSPS2uXjlbK/6LxpZZl++o14v8mhblnn83ojo7O3OyyE/MHftg4tTpM88eOVY9PHN45vjUgQN792wf2j+1ryNxZnFd3frxiW1bXn3nwuu1gxfe+/X7rL7ri+NlHJ00lr+6LT3R6cK6bMOCdFLpYkVYkazdBovtYozGQIxcPzYar3zW1coBt1ul1edz4Vwd+B/LBupAPyo/6LP733K7Q+OOnnD5xXzCI4v7WrHlRyqRFucMNt3fdtJwRBw89+832Ra3aR4CAGChH7PxzzOtxn9pPLDgvHuKNZSNEXFvRGyKiPsiYnNE3B/ROPfBiHhoheU3r5DcOP5JLy3K1gdWWMLSsvHf88Xa1uLxXzn6i40DRW5DI/7B5NCR2ZndxWuyKwbXZPnJRU9Z7KeX//iqed+XxTT72ILxX7Zl5S+OML3UPEE3XZ2rrj7y3OVPI7ZWWsWfXF8HTCJiS0RsvcUyjjz13bZ2x1rFX46Fb6oD60z1byOezNv/XDTFX0rark9OPrd/at/EcMzO7J4or4ob/fb7+Tfblb+q+Dsga/+1La//PP7sHjEZjjh1+szRxnrtqVso5M/Pa0mbQ5tvGv+N139tZ8RQ8nYjPVSeVTwOJa9lDyPl/o+qc3Mnp+afW+Ybj5N5/Lt2zMdfjfn+vym/PWu8Eg9HRHYRb4+IRyLi0aLtHouIxyNixxLh//LSzvfbHWvf/kvMyndQFv/0Eu2fveVlqfn2X3li4OjPP7Qrv76s9t/bSO0q9izn/W+5FVzNawcAAAB3i7TxHfgkHb+eTtPx8fw7/JtjbVqJiKcPnfjw+HT+XfmNMZiWM12jC+ZDJ4u54TI/1ZTfU8wbfz0w0siP107MTnc7eOhz69r0/8xfnV1qAXqR32tB/9L/oX/p/9C/9H/oXy90uwJAdwy13v3Jna4H0BUrH/8P35Z6AHee+3/oX/o/9C/9H/pS29/Gp6v6yf/dmqj0RjVaJkZ6oxplItKeqEbnEm98kXeJXqlPmags+49Z3GJiTctD3X5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6Iz/AgAA///NIdoS") r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=ANY=[@ANYBLOB="300000001800dd8d00000000000000000a000000000000060000000008001e0002"], 0x30}}, 0x4090) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x38}, 0x1, 0x300}, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[], 0x24}}, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) 2.40683379s ago: executing program 3 (id=215): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f00000000c0)='./file0\x00', 0x101c08a, &(0x7f00000001c0)=ANY=[], 0x6, 0x2d1, &(0x7f0000000340)="$eJzs3T+LI2UYAPBn8mcyYpErrES4Aa+wOrzrxCaL3IG4lUeK00JX7w5kE4RdCJyK8SpbGwsLP4Eg+EGu8RsItsJ1nnAwMpOZzWzMLcliFM3v1+yz7zzPvO87GbKzRZ58+Mr0+F4eDx598UtkWRKdUYziaRJXohONr+Kc0TcBAPyXPS2KeFIsbFOXRES2u2UBADu02d//3jL86R9ZFgCwQ3fuvvfOweHhrXezyOL29OvZuPzPvvy5OH7wID6JSdyP12MYzyKqB4V+VE8LZXi7KIp5Ly9diWvT+WxcVk4/eFyf/+C3iJh89KQ15dnTRlX/9uGtG/nCWX3rcaOcf1TOfzOG8dJZ8bn6m6v1MZ3HOI3XXm2t/3oM4+eP49OYxL1qEcv6L2/k+VvFt79//n45Y1mfzGfjQZXXWnZ3968GAAAAAAAAAAAAAAAAAAAAAAD74nrdO2cQ+dW4Ni2Hqv45s3H3WaTlr3mj3d9n3vQHSpoTtfsDFUUxL+L7VkvBvKgTl/W9eLnX7vQDAAAAAAAAAAAAAAAAAAAA++v04WfHR5PJ/ZO/JWi6AfQi4o87EZc9z6g1cjUuTh7Ucx5NJp06PJfzOG2PRLfJSSIuXEa5ictdje62VS+srrkJfvix3OA2s2etkTfWb7B/2X1tHjR31/FRsn6uQTQjWX2TfJdGLHPS2HCu9HmHitjm9kvXHhpuvff0xSroRxbPy4mkvbDkbufk9GExbEbe/HVx5erkZHUXaXVV1565Xwet8pV7Y6PXPbJF+V/fK5KqW8dgd29GAAAAAAAAAAAAAAAAAACw55af/l1z8NGFpZ3CR4EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+J9Yfv//FsG8Lt4gOY2T0395iwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyBPwMAAP///I1UqA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r0, 0xfffffffffffffffe, 0x29) 2.342250163s ago: executing program 1 (id=216): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007b000000850000004000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sock_addr=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x88840, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x40, 0xc58, 0x8, 0x4, 0xffffffffffffffff, 0x7, 0x8000000000000000, 0x3, 0x7, 0x5, 0x9, 0x8, 0x40, 0xfffffffeffffffff, 0x2, 0x4680], 0xd000, 0xe0000}) syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000fce000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x3, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000000580)=@vmx={0x104, 0x0, 0x2080, {0x200000000000000, 0xffff1000}, {'\x00', "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008bc584c800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f6f38740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a4900"}}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=@newqdisc={0xac, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x5}, {0xfff1, 0xffff}, {0x0, 0xd}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0xc993}, @TCA_STAB={0x74, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x7f, 0x8, 0xfffd, 0x8, 0x0, 0x8, 0x1000, 0x3}}, {0xa, 0x2, [0xfffb, 0x20, 0x1]}}, {{0x1c, 0x1, {0x8, 0xe, 0x1000, 0x9221, 0x2, 0x6, 0xc, 0x1}}, {0x6, 0x2, [0xfe1c]}}, {{0x1c, 0x1, {0x4, 0x0, 0x200, 0x2, 0x0, 0x9, 0x2, 0x2}}, {0x8, 0x2, [0x9, 0x9]}}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x8d0}, 0x4000000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r6) r8 = socket$nl_route(0x10, 0x3, 0x0) close_range(r8, r8, 0x2) ioctl$SNDRV_PCM_IOCTL_UNLINK(0xffffffffffffffff, 0x40044160, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='T\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r9, @ANYBLOB="30003300c0000000ffffffffffff080211"], 0x54}}, 0x0) stat(0x0, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x4000050) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x10, &(0x7f0000000080)={[{@delalloc}, {@init_itable}, {@bh}, {@journal_path={'journal_path', 0x3d, './file0'}}, {@nouid32}, {@barrier}]}, 0x6, 0x5fc, &(0x7f0000000c00)="$eJzs3c9rHGUfAPDvzCZ5kzavaUXEFsWAhxakaVKLVS+29WAPBQv2IOKhoUlq6PYHTQq2FkzBg4KCiFeRXvwHvEvv3kRQb56FKlJRUOnK7M62m2Q3XdPsTpr5fGCzz/PM7D7PdydP5pmZPDsBlNZ49iON2BVx51QSMdaybDQaC8fz9W7/du109kiiVnv91ySSvKy5fpI/b88zwxHx7dGIRyur6124cvXsdLXW8F7E/sVzF/cvXLm6b/7c9JnZM7Pnpw68cPDQ5ItTB6c2JM7t+fOx4689+fH7bz8/9111XxKH4+TguzOxIo6NMh7jcScPsbV8ICIOZYk2n8vDZguEUGqV/PdxMCIej7Go1HMNYzH/UaGNA3qqVomoASWV6P9QUs1xQPPYvrvj4JM9HpX0z60jjQOg1fEPNM6NxHD92Gjb7aTlyKhxbmPHBtSf1fHPtd2fZ49Ydh7iz7tbZ2AD6ulk6XpEPNEu/qTeth31SLP402XtSCJiMiKG8va98gBtSFrSvTgPs5b1xp9GxOH8OSs/us76x1fk+x0/AOV080i+I1/Kcvf2f9nYozn+iTbjn9E2+671KHr/13n819zfD9fPkacrxmHZmOVE+7ccXFnw04fHPu1Uf+v4L3tk9TfHgv1w63rE7hXxf5AFm49/sviTNts/W+XU4e7qePX7X451WlZ0/LUbEXvaHv/cG5VmqTWuT+6fm6/OTjZ+tq3j62/e+rJT/UXHn23/bR3ib9n+6crXZZ/JxS7r+OrEjXOdlo3eN/7056Gkcbw5lJe8M724eGkqYig5nq/SUn5g7bY012m+Rxb/3mfa9/9lv//Xl7/PSPNPZhcuvnH2dqdl69n+LReT79S6bEMnWfwz99/+q/p/VvZJl3X88eblpzotWyv+kQcJDAAAAAAAAEoorV+DTdKJu+k0nZhozJd9LLal1QsLi8/OXbh8fiZib/3/IQfT5pXusUY+yfJT+f/DNvMHVuSfi4idEfFZZaSenzh9oTpTdPAAAAAAAAAAAAAAAAAAAACwSWzP5/8371P9e6Ux/x8oiV7eYA7Y3PR/KK96/191iyegDOz/obz0fygv/R/KS/+H8tL/obz0fygv/R/KS/8HAAAAgC1p59M3f0wiYumlkfojM5QvMyMItrbBohsAFKZSdAOAwty99G+wD6XT1fj/r/zLAXvfHKAASbvC+uCgtnbnv9n2lQAAAAAAAAAAAABAD+zZ1Xn+v7nBsLWZ9gfl9QDz/311ADzkfPU/lJdjfOB+s/iHOy0w/x8AAAAAAAAAAAAA+ma0/kjSiXwu8Gik6cRExP8jYkcMJnPz1dnJiHgkIn6oDP4vy08V3WgAAAAAAAAAAAAAAAAAAADYYhauXD07Xa3OXmpN/L2qZGsnmndB7UNdL8d/fFUk/f9YRiKi8I3Ss8RAS0kSsZRt+U3RsEsLsTmaUU8U/IcJAAAAAAAAAAAAAAAAAABKqGXucXu7v+hziwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg/+7d/793iaJjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTv8GAAD//7V5QCw=") 2.257278998s ago: executing program 0 (id=217): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x4c, 0x0, &(0x7f00000002c0)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000580)="b3"}) 2.04921888s ago: executing program 3 (id=218): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x14, 0x1, 0x8, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}}, 0x14}}, 0x20000050) 1.857178662s ago: executing program 2 (id=219): syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000c80)='./file1\x00', 0x80, &(0x7f0000000140)=ANY=[], 0x3, 0xc6b, &(0x7f0000004180)="$eJzs3V1sXGdaB/DnnWMndsqyLm3TLl2kWYrYNE2C89HWKC1yNsbalaI2quOFG5DH8SSMao9d21mlFSxBAm5AEFSkFXBBbpC44CI3SGiFUMTNIgFSBKq0CCQCbaOVEOAVLKxYaY3OzDv22I1jN192mt9vN/nPOfOcOe+Z9j1zpppnJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiC/89InBw2m7RwEAPEivjb0xeNTrPwA8Us54/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOZSFPFWpHhvdClNtJbb+k41mhcujo+M3nqz/hQpKlG06ss/fYePHD324ksvD3Xy9tvfa5+J18fOnKienJ2Zm68vLNSnquPNxtnZqfqWH+Fut19vf+sJqM68eWHq3LmF6pFDR9fcfXHg5u7H9g4cH3r2wPOd2vGR0dGxrpqe3jve+0eke/dQfILsiiK+GCm+cfBbqRYRlbj7ubDJueN+64+ecv61DmJ8ZLR1INONWnOxvDNVclVPxEDXRsOdOfIA5uJdGY64VP5zKge8vzy8sbnafG1yul49XZtfbCw2Zpup0h5teTwDUYmhFDEXEUvFdg+enaY3ing1Utz83lKajIiiMw9eeG3sjcGjG2/Y8wAHucHuB4qI6/EQzFnYoXZHEb8TKd6dGIyzeV717o6IDyI+Xxa8EvFWmddSXM7LqTxBDEV82+sJPNR6ooi/jRSzaSlNta4HOteVp75c/VLz3GxXbee68qF6f/DRa4D+B7HbFa5N2MH6oojJ1hX/Urrz/9gFAAAAAAAAAAAAADwYRXw9Ulyd2ZfmoruntNE8Xz1Tm5xufyq489n/at5qeXl5eSC1s5pzMOdwztM5J3LO5byU83LOKzmv5ryW83rOGzmXckYl7z9nNedgzuGcp3NO5JzLeSnn5ZxX2tnpaFy+1pf3n++/kXMpZ+h7AgAAAAAAAAAAAAAAAAAA4B7rjyJ+M1L8xx98pfW70tH6XfpPHx86eepT3b8Z/8wmj1PWHoqIr8fWfpN3V/6t8VQp/3fvjwvYXF8U8dX8+3+/st2DAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdoRKFPGrkeJr31lKkSJiOGIi2nmj2O7RAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACl3amIVyPFz/7e8Mq6nohIrf+37Sv/OhbDRc4nynwlhg+3sjJ8osy+iEPbMH7gzi28/c6btenp+rwbbrjhxsqN7T4zAQAAAAAAAAAAAAAAAMAjLBXxD5HiJ39/KQ1ExMWBm7sf2ztwfOjZA88XUbS+BCB1178+duZE9eTszNx8fWGhPlUdbzbOzk7Vt7q7vlON5oWL4yOj9+VgNtV/n8ff33dydu7t+cb5X1i85f17+k5MLizO187e+u7oj56Iwe41+1sDHh8ZbQ16ulFrtjZNlQ0G2BNR3erB8Mjbk4r4v0jx3sFvxuN5Xf7+j9720urs/6NfXF364Z61ufKvY+v88enjQyf3PLeV22mrA93fmnjlRBgd61rdk0f5Q13rBvK4tvzY8Igq5/8LkeLn/7hInTmU5/8PtJeKldn9v19dnVPH1+WKbZr/T3StO57PWr09EX2LM3O9T0f0Lbz9zsHGTO18/Xy9eezIyy8NHXv5xWMv9e6K6DvXmK4Prt7a6oh2b7UQAAAAAAAAAAAAAAAAAD6u3lTEFyLFL/39X630jef+v0+1l4qV2u7+333rHqf7ewM2un3LXr9N+vq6lftMqYinIsWzf/5Ma7wp9uh5hzu0JxXx3XI+TX0xfS6vy/M/d/bfev5fWpcr7mn/b1eL7Sbnice71l3K54n/jBSP/+Ez8bmu88T67t6y7i8jxeSPfDbXxa6yrvN47Z7odmNwWfuVSPH+6bW1nb7pJ1ZrD9/2sGCHKOf/TKT4x9/+u/jRvG7t93/cev7vWZcrtqn//8nuY4qIhbffebM2PV2fX9jyUwGPnHL+/0ak+Js//WY8l9fd7vt/Ot/zs++5tdnfKdqm+f9U17qUx/VjH/O5AAAAAAAAAAAAgIfFnlTEP0eKv/izA+lgXreVz/9OrcsV2/T5v6e71k2t+fzv/bux5ScZAAB2iN5UxE9Eij+Z+iB1emM37P99ZbX/Z2T9hXvrmv4HW33+H+ta/2P0/5f7TKmI7+e+3sFN+np/PFL8+k8dyHVpb1k33Blu6+++12abB09MT8+erS3WJqfr1bG52tl6ue3+SPFv//7ZvG2l1efb6Y9u9wav9gT/bqT4uQ87te2e4E4v5ZOrtYfL2oOR4rvvr63t9F09tVp7pKz9rUgx+j+3rt27Wnu0rP2nSPFf71Y7tXvK2s77uadXaw+dnZ3+yFs2AAAAAAAAAAAAAAAAAAAAtl9vKiJFims/c2WlN37t9391vgdg7fd/rXe/fv9/4N4cJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8FFIU8d+R4r3RpXSjKJfb+k41mhcujo+M3nqz/hQpKlG06ss/fYePHD324ksvD3Xy9tvfa5+J18fOnKienJ2Zm68vLNSnquPNxtnZqfqWH+HOti82vGd/6wmozrx5YercuYXqkUNH19x9ceDm7sf2DhwfevbA853a8ZHR0bGump7eLY9+U+nePRSfILuiiL+OFN84+K30L0VEpbUu4m7m0ibnjvutP3rK+dea0OMjo60DmW7UmovlnamSq3oiBro2Gu7MkQcwF+/KcMSliKiUA95fHt7YXG2+Njldr56uzS82FhuzzVRpj7Y8noGoxFCKmIuIpY3PVjyieqOIa5Hi5veW0r8W7Re01jx44bWxNwaPbrxhzwMc5Aa7HygirsdDMGdhh9odRTwZKd6dGIz3i/a8ak2bDyI+X+YrEW+VeS3F5bycyhPEUMS3vZ7AQ60nijgdKWbTUvqgyHO/dV156svVLzXPzXbVdq4r7/a99ra/P3iQXJuwg/VFER+2rviX0odezwEAAAAAAAAAAABghyvi1UhxdWZfavWHrvSUNprnq2dqk9Ptj/V3PvtfzVstLy8vD6R2VnMO5hzOeTrnRM65nJdyXk7x/TKv5OWrZf7y6g6u5/U3Wrm71ZhYLkcl7z9nNedgzuGcp3NO5JzLeSnn5ZxXcl7NeS3n9Zw3ci7lvE3XPwAAAAAAAAAAAAAAAAAA3JVKFPFrkeJr31lKy0X792Unop031va57tquMQL3x/8HAAD//+M8F98=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000740)='\x00', 0x1, 0x4fed2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x105042, 0x189) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0) creat(&(0x7f00000000c0)='./file1\x00', 0x1) 1.856706652s ago: executing program 3 (id=220): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000044, &(0x7f0000000180)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@nodioread_nolock}, {@bh}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@nouid32}, {@quota}, {@user_xattr}, {@stripe={'stripe', 0x3d, 0x9}}, {@nogrpid}]}, 0x1, 0x55e, &(0x7f0000001bc0)="$eJzs3d9rW+UbAPDnpM1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLqMJh1rHbhduBtvZAgiDsR7vfdKhv+Af8VAB0NG0QtvKic9abs1adIuWzrz+cDZ3jfnJO95cs7z9n1zTkgAA2s0+6cQ8WJEfJVEHI6IJF83HPnK0dXtlh9en8qWJFZWPv4zaWyX1Zuv1XzewbzyQkT8+kXEycLmdmuLS7PlSiWdz+tj9bkrY7XFpVOX5soz6Ux6eWJy8sybkxPvvP1Wz2J97fzf33509/0zXx5f/uan+0duJ3E2DuXrNsbxBG5srIzGaP6eFOPsYxuOr/7XizZ3haTfO8CODOV5XoysDzgcQ3nWA/99n0fECjCgEvkPA6o5DmjO7Xs0D35uPHhvdQK0Of7h1c9GYl9jbnRgOXlkZpTNd0d60H7Wxs9/3LmdLdG7zyEAOrpxMyJODw9v7v+SvP/budNdbPN4G/o/eHbuZuOf11uNfwpr459oMf452CJ3d6Jz/hfu96CZtrLx37stx79rF61GhvLa/xpjvmJy8VIlzfq2/0fEiSjuzerjW7RxZvneSrt1G8d/2ZK13xwL5vtxf3jvo8+ZLtfLTxLzRg9uRrzUcvybrB3/pMXxz96P8122cSy980q7dZ3jf7pWfoh4teXxX7+ilWx9fXKscT6MNc+Kzf66dey3du33O/7s+B/YOv6RZOP12tr22/h+3z9pu3WPxB/dn/97kk8a5T35Y9fK9fr8eMSe5MPNj0+sP7dZb26fxX/i+Nb93/r5/8va6+yPiE+7jP/W0R9f3tdN/H06/tPbOv7bL9z74LPv2rXfXf/3RqN0In+km/6vw34VY8dnMwAAAAAAAOxehYg4FEmhtFYuFEql1fs7jsaBQqVaq5+8WF24PB2N78qORLHQvNJ9eMP9EOP5/bDN+sRj9cmIOBIRXw/tb9RLU9XKdL+DBwAAAAAAAAAAAAAAAAAAgF3iYJvv/2d+H+r33gFPnZ/8hsHVMf978UtPwK7k7z8MLvkPg0v+w+CS/zC45D8MLvkPg0v+w+CS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBT58+dy5aV5YfXp7L69NXFhdnq1VPTaW22NLcwVZqqzl8pzVSrM5W0NFWd6/R6lWr1yvhELFwbq6e1+lhtcenCXHXhcv3CpbnyTHohLT6TqAAAAAAAAAAAAAAAAAAAAOD5Ultcmi1XKum8gsKOCsO7YzcUelzod88EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOv+DQAA//8Kozfs") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r0, 0x0, 0x0, 0x8000c62) r1 = open(&(0x7f0000000000)='./file1\x00', 0x143142, 0x80) sendfile(r1, r1, 0x0, 0x1000000201005) 1.840109563s ago: executing program 1 (id=221): add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) socket(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={{0x14, 0x10, 0x1, 0xf5ffffff, 0x0, {0xa}}, [@NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xa}}], {0x14}}, 0x3c}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x83, &(0x7f00000002c0)=@assoc_value={0x0, 0x6}, 0x8) open(0x0, 0x108843, 0x190) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000ac0)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2c, 0x25dfdbfb, {0x60, 0x0, 0x0, r3, {0x0, 0xc}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0xbe5b}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4010}, 0xc010) sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}, 0x4000855) 1.497113873s ago: executing program 1 (id=222): r0 = socket$packet(0x11, 0x2, 0x300) bind$packet(r0, &(0x7f0000000040)={0x11, 0x4}, 0x14) syz_emit_ethernet(0x56, &(0x7f0000000880)={@random="00000000a5af", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}, @void, {@canfd={0xd, {{0x4, 0x1, 0x1, 0x1}, 0x1e, 0x0, 0x0, 0x0, "9cafb46c1c2b4d755c076d8cb2571efb43fec7deb4aca291f28ce1c606cec2bc68140c8c6f1bb19fc4951d489dd61c22c711edae72bd55aca24885fea1a5b88a"}}}}, 0x0) 1.298276995s ago: executing program 3 (id=223): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}]}]}, 0x28}}, 0x4010) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}]}) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r5) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, r6, 0x7, 0x4, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x48050}, 0x0) 1.275625825s ago: executing program 1 (id=224): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000680)={r1}, 0xc) 1.237464338s ago: executing program 0 (id=225): r0 = getpid() r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000600)={0x40, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x2a, 0x9, 0x9, 0x6, 0x8084, 0x3, 0x2, 0x2]}}, @NL80211_TXRATE_HT={0x5, 0x2, [{}]}]}]}]}, 0x40}}, 0x0) prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioprio_set$uid(0x3, 0x0, 0x6000) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x4, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x14b20000}, 0x1c) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="660a000000000000611160000000000018000000000000000000000000000000950000000000000073568f33dbc578ccce575b206ddd40406e828183fa5205efae6fee7b1bd8c30f8acdc491e51a53e20391d5d7e3086e7070f600dc6d76a6280625a992050713d6bd4642686d6c68ac20e9dd762310c6161896cd5803aed485fbc8387494e219434d999a04c9243b688bfaa66fcc4ca9c6ba19889d1282d32d55890ad8f474c347db8ea5a3022ed61ccb563a1e126e846b8e087c372256374132dffdc8fdc8cee3b7f7379da1a715d02ce7f4b647d349090aae5ad2c7d9c4d79a9d4e0752c8beb896e3a7b5b49b0e042716c22b1aca466592da2c8d9e8691a6ff3473fa42bb4283d8da9ffe6883d97bce49e3fbd78a6962f2a3ece30b38dffd6022c9397e8f54418a0b57136b5f24dd5e7fe8fbe6bd5c7294f201a7667af1182b31267ce4addd363c9328e19ecf3a3e8d5bae258999f0ad9a6123c8289fb0465ce5948d059c981d1dad91a479f2fb2abd86a1fb7bd8b6dffe91da5d3a74a680cdcddc3deb86bc89f3dc7fff50982e497977995bf5c8c3f6dbfd097d8760fd538379a06eb42f803d5c7d3558acc7e83ca0787793735222965b5ca138794440d540ea157bcab719f3478ac9e23820b668212a5faaa12ae5b9edf0be3f6ecea9213c8b35d71010a82f29f211d9cd15fb65aa574b3e89ca12db675694aff650a89a8d60cb69dcf7aa591856f049c0518c220b5d567b1db049b55b2dbfa48f15fe7836dd8ed14a2f44af39e0ebc5bb04cc5eaa45f8e0ba0770e22ac7d51d81ca974443d8e4947a479f8c362b1314c767e3536c7dfcb1566cfc0afc94bd6ad92fff1685be7563146643b6718149ccfeabc570a448d879c585178a384b90ed0eebe8d19104da5c9346a80bcc7c890ac372f4bc47783e0a0b200fe707bcaeebce764f5a9be1c3938c5b380eaf206c46fbea7d1b"], &(0x7f0000000000)='GPL\x00'}, 0x80) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) sendmsg$TCPDIAG_GETSOCK(r6, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000680)={0x2e4, 0x12, 0x208, 0x70bd29, 0x25dfdbfe, {0x2c, 0x1, 0x7, 0x9, {0x4e21, 0x4e21, [0xd860, 0x9, 0x3, 0x9], [0x4, 0x7fff, 0x4, 0x1], 0x0, [0x17a, 0x4]}, 0x800, 0x7}, [@INET_DIAG_REQ_BYTECODE={0x6c, 0x1, "00041402b781be0a707de49e6bc27bc69a3106efd375ab6ebc2a236be63ab2f402a0deba527df47c95c24b83eb94fcec405bb68fb718bfb0aa9b44fddae80ff6e018027dbb57c0138c8c5293dbf27d01bab8d96b9a34bf5b4997d71f8be3b4f93a68b073fe1ca3a3"}, @INET_DIAG_REQ_BYTECODE={0x94, 0x1, "20c0088ef2bb266789f27869a3158436800c8da832a8e5426a9ea4cc75e657d2ca4c60b4cd4f3e84c1aec0f6ade9bfe001a8fe9e397f3638a2be7db8a82d21b345c7040ae5066b8a4b2e461d8dd79ad64cb011c6c7c3ffeba674c74b9ab87b8beb360fd2c39cf1a111d8612182c3a60b6ce22c836369f6de07a0b4330315765535711583546ac770fd1eb3f677c658f0"}, @INET_DIAG_REQ_BYTECODE={0x56, 0x1, "5fd2a3959c56cb5347d1383a40e5998e4a560df5358491ab054f16e74396e35c5cd07fa8027a94fd9be65138b27804f220953465fdde8e492f0004a13418d57b14cf3cfbed35d4908dc8f7fbdfb1a9075717"}, @INET_DIAG_REQ_BYTECODE={0x49, 0x1, "b81cb543cbcf6b4fa6d8e446a89d181c60051d54aa3df33f1886b8a788de631753805f7a916d8931520fbe0d566bb3e63e59cfbcc7b7e4b97f8a2fe706e4b87ffcaa730b2f"}, @INET_DIAG_REQ_BYTECODE={0xcb, 0x1, "4f2a52ecdbf075b509796a28f7b84006e3a5bcef70bf2f18e1321c9872fe5fb921a4a1d981067761242ad6c306ab40a66d22cd3c9da9b6ff3a6908c81534fdbdc2d1edf7ac9a8fcf1a6e16c393e11df332ef37f946ee9750da602a4c1fac186f6053c926d2d374d30f89bacbac5a2657df4f63cbcf3b52e0d99446f67d9efe638edf58b81d911ac35757397a09b1a8098e7b45cfd029e3e3d0bec8e17dc70b117a015c73c101cd895951b68badc0b668e1e6cfc6e17aa6e350fa58bf04fae7d896f2a195a2b009"}, @INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0x21, 0x1, "267bafa6a0181f8d83df9736bc608ee15bdb15c8748f2986f2161548fa"}]}, 0x2e4}, 0x1, 0x0, 0x0, 0x15}, 0x800) 1.162191512s ago: executing program 2 (id=226): socket$key(0xf, 0x3, 0x2) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newsa={0x13c, 0x10, 0x1, 0x70bd2c, 0x0, {{@in=@broadcast, @in6=@mcast1, 0x0, 0xecdf, 0x0, 0x2200, 0x2, 0x0, 0x0, 0x73}, {@in=@private=0xa010100, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00', {0xfffffffffdfffffe, 0x2, 0x0, 0xfffffffffffffffc}, {0x8, 0x400800, 0x0, 0x400}, {}, 0x3, 0x0, 0xa, 0x4, 0x0, 0x2c}, [@algo_auth_trunc={0x4c, 0x14, {{'hmac(sha256)\x00'}, 0x0, 0xc0}}]}, 0x13c}}, 0x4050) r1 = socket(0x2, 0x3, 0xff) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_int(r1, 0x0, 0xf, 0x0, 0x0) 915.231926ms ago: executing program 3 (id=227): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x6c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x3b, 0xe, {{{}, {}, @broadcast}, 0x0, @random=0x4, 0x9, @void, @val, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, 0x2, 0x3}}, @val={0x76, 0x6, {0x7e, 0x5, 0x2e, 0x8000}}}}], @crypto_settings=[@NL80211_ATTR_PMK={0x4}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x6c}, 0x1, 0x0, 0x0, 0x84}, 0x0) 889.362828ms ago: executing program 1 (id=228): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080)={[{@auto_da_alloc}, {@mblk_io_submit}]}, 0x1, 0x569, &(0x7f0000000a00)="$eJzs3d1rm9UfAPDvkzZ7//3WwRgqIgUvnMyla+vLBC/mtQ4Gej9D+6yMpsto0rHWgduFu5bhnQPxXrz2UvwHvPBvGOhgyCiCeBN50idZ2iZtuqUvms8HnnK+z0vPOXlyTs7JSUgAQ2s8+1OIeDkivkoiTkZEkh8bjfzg+Np5q0/vzGRbEo3GJ38kzfOyuPW/Wtcdz4OXIuLnLyPOFTbnW1temS9XKuliHk/UF25O1JZXzl9fKM+lc+mNqenpi+9MT73/3rsDq+ubV7KCjOTRqQdJXIoTedRZjxdwtzMYj/H8MSnGpQ0nTg4gs4Mk6br3hz0vBzszkrfzYmR9wMkYyVs98N/3RUQ0gCGV7Lj9/1rcnZIAe6s1DmjN7Qc0D/7XePLh2gRoc/1H194biSPNudGx1WTdzCib744NIP8sjx9/f/gg22Jw70MAbOvuvYi4MDq6uf9L8v7v+V3o45yNeej/YO/8lI1/3uo2/im0xz/RZfxzvEvbfR7bt//C4wFk01M2/vug6/i3vWg1NpJH/2uO+YrJteuVNOvb/h8RZ6N4OIu3Ws+5uPqo0etY5/gv27L8W2PBvByPRw+vv2a2XC+/SJ07PbkX8UrX8W/Svv/J2v1ft8STPR5X+szjTPrwtV7Htq//7mp8F/FG1/v/rLrJ1uuTE83nw0TrWbHZn/fP/NIr//2uf3b/j21d/7Gkc722tvM8vj3ydxrt9eT11tU/+n/+H0o+baYP5ftul+v1xcmIQ8nH7f2F1v6pZ9e24tb5Wf3Pvr51/5d06f+ORsRnfdb//unvX+117CDc/9mu9789u91w/3eeePTR59/0yr+//u/tZupsvqef/q/fAr7IYwcAAAAAAAAHTSEiTkRSKLXThUKptPb5jtNxrFCp1urnrlWXbsxG87uyY1EstFa6T3Z8HmIyXzFsxVMb4umIOBURX48cbcalmWpldr8rDwAAAAAAAAAAAAAAAAAAAAfE8R7f/8/8NrLfpQN2nZ/8huG1bfsfxC89AQeS138YXto/DK++2n9x98sB7D2v/zC8tH8YXto/DC/tH4aX9g8AAAAAAAAAAAAAAAAAAAAAAAAAAAADdeXy5WxrrD69M5PFs7eWl+art87PprX50sLSTGmmunizNFetzlXS0kx1Ybv/V6lWb05OxdLtiXpaq0/UlleuLlSXbtSvXl8oz6VXU78iBgAAAAAAAAAAAAAAAAAAAJvVllfmy5VKuigxxIm/Go3G814+ut+Fl9iVxH73TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwzD8BAAD//1hdMq0=") setxattr$incfs_metadata(&(0x7f0000000240)='./file1\x00', &(0x7f0000000280), &(0x7f00000002c0)="30573472b621739991c336124406e8a5c812ca847e3bf9b837c91d46ab", 0x1d, 0x1) lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f0000000000)=ANY=[], 0x361, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000340)='./file1\x00', &(0x7f0000000400), 0x0, 0x0, 0x2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0xfffff000, 0x0, 0x0, 0x0, 0x0, 0x990d, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000440)=ANY=[], 0xfe37, 0x0) 90.195435ms ago: executing program 3 (id=229): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) sendmsg$IPVS_CMD_FLUSH(r2, 0x0, 0x800) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$SNDCTL_MIDI_INFO(r3, 0xc074510c, &(0x7f0000000140)={"37ce7f07583d8ee176f1ff84573b93f549823ebb845077172f2217d45353", 0x1, 0x0, 0x8, [0x2, 0x7, 0x6, 0x2, 0xf675, 0x8, 0x8, 0x725, 0x2, 0x80000000, 0x1, 0x1d8, 0x4, 0x7, 0x5, 0x8, 0x42a70c84, 0x87]}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r4, 0xae80, 0x0) 11.538519ms ago: executing program 2 (id=230): add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) socket(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={{0x14, 0x10, 0x1, 0xf5ffffff, 0x0, {0xa}}, [@NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xa}}], {0x14}}, 0x3c}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x83, &(0x7f00000002c0)=@assoc_value={0x0, 0x6}, 0x8) open(0x0, 0x108843, 0x190) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000ac0)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2c, 0x25dfdbfb, {0x60, 0x0, 0x0, r3, {0x0, 0xc}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0xbe5b}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4010}, 0xc010) sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}, 0x4000855) 0s ago: executing program 0 (id=231): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, 0x0}], 0x1, 0x8, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000000)={[0x33, 0x790, 0x80000000002, 0x180, 0x400000004, 0xffffffffffffffff, 0xf1, 0xffffffffffffffff, 0xfffffffffffffd7e, 0x45, 0x0, 0x3bc, 0xfffffffffffffffe, 0x0, 0x8, 0x4], 0x8000000, 0x3c4210}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): no interfaces have a carrier [ 60.738206][ T5436] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.750492][ T5436] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.61' (ED25519) to the list of known hosts. syzkaller login: [ 84.870859][ T5759] cgroup: Unknown subsys name 'net' [ 85.036369][ T5759] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.877782][ T5759] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.115552][ T5775] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.125849][ T5775] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.134765][ T5775] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.143391][ T5775] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.151883][ T5775] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 89.159623][ T5775] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.179898][ T5778] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.191601][ T5778] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.202205][ T5778] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.211935][ T5778] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.221823][ T5086] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 89.230674][ T5086] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.283727][ T5086] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.293991][ T5086] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.314749][ T5086] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.329088][ T5086] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.359459][ T5086] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 89.367653][ T5086] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.398661][ T5778] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.411512][ T5778] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.428114][ T5778] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.439269][ T5778] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.450546][ T5778] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 89.467975][ T5778] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.912728][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 89.925008][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 90.098603][ T5781] chnl_net:caif_netlink_parms(): no params data found [ 90.158073][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.167229][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.177166][ T5772] bridge_slave_0: entered allmulticast mode [ 90.186706][ T5772] bridge_slave_0: entered promiscuous mode [ 90.205469][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.214394][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.223310][ T5772] bridge_slave_1: entered allmulticast mode [ 90.230903][ T5772] bridge_slave_1: entered promiscuous mode [ 90.263730][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 90.335864][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.360080][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.372906][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.380444][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.387849][ T5771] bridge_slave_0: entered allmulticast mode [ 90.395379][ T5771] bridge_slave_0: entered promiscuous mode [ 90.465186][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.476735][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.484341][ T5771] bridge_slave_1: entered allmulticast mode [ 90.492067][ T5771] bridge_slave_1: entered promiscuous mode [ 90.500289][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.509733][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.518762][ T5781] bridge_slave_0: entered allmulticast mode [ 90.528646][ T5781] bridge_slave_0: entered promiscuous mode [ 90.558560][ T5772] team0: Port device team_slave_0 added [ 90.584732][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.593630][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.603594][ T5781] bridge_slave_1: entered allmulticast mode [ 90.612606][ T5781] bridge_slave_1: entered promiscuous mode [ 90.633633][ T5772] team0: Port device team_slave_1 added [ 90.695832][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.710995][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.760158][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.768227][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.776155][ T5784] bridge_slave_0: entered allmulticast mode [ 90.785385][ T5784] bridge_slave_0: entered promiscuous mode [ 90.825891][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.843568][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.855820][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.865165][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.874245][ T5784] bridge_slave_1: entered allmulticast mode [ 90.883569][ T5784] bridge_slave_1: entered promiscuous mode [ 90.894271][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.903026][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.936145][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.955754][ T5771] team0: Port device team_slave_0 added [ 90.998671][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.008728][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.041883][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.055862][ T5771] team0: Port device team_slave_1 added [ 91.113170][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.145652][ T5781] team0: Port device team_slave_0 added [ 91.155874][ T5781] team0: Port device team_slave_1 added [ 91.166018][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.177614][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.184702][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.218810][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.261342][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.269667][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.298032][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.310903][ T5086] Bluetooth: hci0: command tx timeout [ 91.317993][ T5778] Bluetooth: hci1: command tx timeout [ 91.335704][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.343575][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.375226][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.400214][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.408717][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.439142][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.475729][ T5784] team0: Port device team_slave_0 added [ 91.484345][ T5086] Bluetooth: hci2: command tx timeout [ 91.520717][ T5772] hsr_slave_0: entered promiscuous mode [ 91.529211][ T5772] hsr_slave_1: entered promiscuous mode [ 91.545099][ T5784] team0: Port device team_slave_1 added [ 91.552399][ T5086] Bluetooth: hci3: command tx timeout [ 91.613517][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.622506][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.656744][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.680026][ T5771] hsr_slave_0: entered promiscuous mode [ 91.689418][ T5771] hsr_slave_1: entered promiscuous mode [ 91.697053][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.707379][ T5771] Cannot create hsr debugfs directory [ 91.743203][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.753126][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.791309][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.888565][ T5781] hsr_slave_0: entered promiscuous mode [ 91.895878][ T5781] hsr_slave_1: entered promiscuous mode [ 91.906122][ T5781] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.915269][ T5781] Cannot create hsr debugfs directory [ 92.003273][ T5784] hsr_slave_0: entered promiscuous mode [ 92.011677][ T5784] hsr_slave_1: entered promiscuous mode [ 92.019681][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.032386][ T5784] Cannot create hsr debugfs directory [ 92.460691][ T5772] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.478148][ T5772] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.493376][ T5772] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.516735][ T5772] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.532931][ T9] cfg80211: failed to load regulatory.db [ 92.626332][ T5771] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.650080][ T5771] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.672978][ T5771] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.728839][ T5771] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.809659][ T5781] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.840339][ T5781] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.852433][ T5781] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.864756][ T5781] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.990554][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.007727][ T5784] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.019894][ T5784] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.043044][ T5784] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.064038][ T5784] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.155690][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.173348][ T2958] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.183391][ T2958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.250577][ T2958] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.258837][ T2958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.387199][ T5086] Bluetooth: hci0: command tx timeout [ 93.393682][ T5086] Bluetooth: hci1: command tx timeout [ 93.445799][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.470617][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.509761][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.548084][ T5086] Bluetooth: hci2: command tx timeout [ 93.561715][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.574469][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.596314][ T5781] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.622321][ T2958] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.630921][ T2958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.641230][ T5086] Bluetooth: hci3: command tx timeout [ 93.654197][ T2958] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.661798][ T2958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.672871][ T2958] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.680543][ T2958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.692840][ T2958] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.700147][ T2958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.750904][ T2958] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.758439][ T2958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.770058][ T2958] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.777460][ T2958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.079262][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.242131][ T5772] veth0_vlan: entered promiscuous mode [ 94.291066][ T5772] veth1_vlan: entered promiscuous mode [ 94.395718][ T5772] veth0_macvtap: entered promiscuous mode [ 94.430753][ T5772] veth1_macvtap: entered promiscuous mode [ 94.511295][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.532941][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.560458][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.572528][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.607180][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.628612][ T5772] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.641937][ T5772] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.652395][ T5772] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.661750][ T5772] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.818092][ T5771] veth0_vlan: entered promiscuous mode [ 94.874254][ T5784] veth0_vlan: entered promiscuous mode [ 94.883540][ T3457] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.901847][ T3457] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.906143][ T5771] veth1_vlan: entered promiscuous mode [ 94.932063][ T5781] veth0_vlan: entered promiscuous mode [ 94.945243][ T5784] veth1_vlan: entered promiscuous mode [ 94.984545][ T2935] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.006672][ T2935] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.024831][ T5781] veth1_vlan: entered promiscuous mode [ 95.074701][ T5771] veth0_macvtap: entered promiscuous mode [ 95.104065][ T5771] veth1_macvtap: entered promiscuous mode [ 95.189076][ T5784] veth0_macvtap: entered promiscuous mode [ 95.206015][ T5781] veth0_macvtap: entered promiscuous mode [ 95.226015][ T5784] veth1_macvtap: entered promiscuous mode [ 95.247849][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.270010][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.286939][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.299135][ T5781] veth1_macvtap: entered promiscuous mode [ 95.366478][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.385887][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.422974][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.434321][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.447477][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.455418][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.468238][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.473088][ T5086] Bluetooth: hci1: command tx timeout [ 95.480955][ T5778] Bluetooth: hci0: command tx timeout [ 95.498178][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.522557][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.554095][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.566235][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.582447][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.594870][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.607975][ T5784] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.618505][ T5784] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.629836][ T5784] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.640358][ T5778] Bluetooth: hci2: command tx timeout [ 95.648329][ T5784] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.672979][ T5771] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.684656][ T5771] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.693609][ T5771] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.702867][ T5771] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.714615][ T5778] Bluetooth: hci3: command tx timeout [ 95.728542][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.741404][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.752788][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.766825][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.778788][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.790267][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.802887][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.836344][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.848208][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.858928][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.871648][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.882260][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.893872][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.906105][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.985399][ T5781] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.995504][ T5781] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.004942][ T5781] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.014592][ T5781] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.281515][ T3428] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.309654][ T3428] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.371960][ T3428] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.394799][ T3428] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.440087][ T2935] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.481785][ T2935] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.524830][ T3428] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.550643][ T3428] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.624929][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.633542][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.643040][ T2935] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.659014][ T2935] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.853075][ T27] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 96.951553][ T786] IPVS: starting estimator thread 0... [ 96.984685][ T5877] IPVS: sh: FWM 3 0x00000003 - no destination available [ 97.024436][ T5880] binder: BINDER_SET_CONTEXT_MGR already set [ 97.039653][ T5880] binder: 5879:5880 ioctl 4018620d 200000004a80 returned -16 [ 97.069472][ T5878] IPVS: using max 18 ests per chain, 43200 per kthread [ 97.085497][ T27] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 97.114367][ T27] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 97.143726][ T27] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 97.170746][ T5882] ======================================================= [ 97.170746][ T5882] WARNING: The mand mount option has been deprecated and [ 97.170746][ T5882] and is ignored by this kernel. Remove the mand [ 97.170746][ T5882] option from the mount to silence this warning. [ 97.170746][ T5882] ======================================================= [ 97.212542][ T27] usb 3-1: config 0 interface 0 has no altsetting 0 [ 97.223274][ T5886] Zero length message leads to an empty skb [ 97.245601][ T27] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 97.262123][ T27] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 97.299382][ T27] usb 3-1: config 0 interface 0 has no altsetting 0 [ 97.318886][ T27] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 97.336743][ T27] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 97.359304][ T27] usb 3-1: config 0 interface 0 has no altsetting 0 [ 97.377510][ T27] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 97.394566][ T27] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 97.418248][ T27] usb 3-1: config 0 interface 0 has no altsetting 0 [ 97.434919][ T27] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 97.448605][ T27] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 97.482883][ T27] usb 3-1: config 0 interface 0 has no altsetting 0 [ 97.503676][ T27] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 97.515284][ T27] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 97.539425][ T27] usb 3-1: config 0 interface 0 has no altsetting 0 [ 97.548511][ T5778] Bluetooth: hci1: command tx timeout [ 97.551824][ T27] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 97.564019][ T5778] Bluetooth: hci0: command tx timeout [ 97.617388][ T27] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 97.642360][ T5889] syzkaller0: entered promiscuous mode [ 97.648399][ T5889] syzkaller0: entered allmulticast mode [ 97.663591][ T27] usb 3-1: config 0 interface 0 has no altsetting 0 [ 97.688063][ T27] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 97.703520][ T27] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 97.709266][ T5778] Bluetooth: hci2: command tx timeout [ 97.734579][ T27] usb 3-1: config 0 interface 0 has no altsetting 0 [ 97.746208][ T27] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 97.784273][ T27] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 97.787769][ T5778] Bluetooth: hci3: command tx timeout [ 97.827299][ T27] usb 3-1: Product: syz [ 97.840472][ T27] usb 3-1: Manufacturer: syz [ 97.850637][ T27] usb 3-1: SerialNumber: syz [ 97.899802][ T27] usb 3-1: config 0 descriptor?? [ 97.974151][ T27] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 98.097015][ T5896] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 98.351459][ T5840] usb 3-1: USB disconnect, device number 2 [ 98.395697][ T5840] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 99.101952][ T5912] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 99.778382][ T5925] fuse: Bad value for 'fd' [ 102.362201][ T5963] fuse: Bad value for 'fd' [ 102.691018][ T5973] syz.0.37 uses obsolete (PF_INET,SOCK_PACKET) [ 102.947758][ T5975] syzkaller0: entered promiscuous mode [ 102.986068][ T5975] syzkaller0: entered allmulticast mode [ 105.745508][ T23] IPVS: starting estimator thread 0... [ 105.877392][ T6025] IPVS: using max 18 ests per chain, 43200 per kthread [ 106.097103][ T6030] syzkaller0: entered promiscuous mode [ 106.103462][ T6030] syzkaller0: entered allmulticast mode [ 106.586033][ T6044] fuse: Bad value for 'fd' [ 107.114535][ T6055] kvm: Disabled LAPIC found during irq injection [ 107.614169][ T6065] input: syz0 as /devices/virtual/input/input5 [ 108.758996][ T6084] fuse: Bad value for 'fd' [ 109.297544][ T6096] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 110.630669][ T6109] fuse: Bad value for 'fd' [ 110.694053][ T6111] syz.1.83[6111]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 111.877577][ T5869] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 112.042916][ T6152] syzkaller0: entered promiscuous mode [ 112.053638][ T6152] syzkaller0: entered allmulticast mode [ 112.066789][ T5869] usb 2-1: Using ep0 maxpacket: 16 [ 112.088552][ T5869] usb 2-1: config 0 has no interfaces? [ 112.132113][ T5869] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 112.162437][ T5869] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.183087][ T5869] usb 2-1: Product: syz [ 112.203530][ T5869] usb 2-1: Manufacturer: syz [ 112.220357][ T5869] usb 2-1: SerialNumber: syz [ 112.259019][ T5869] usb 2-1: config 0 descriptor?? [ 112.301550][ T6164] syz.0.99[6164] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 113.185508][ T5869] usb 2-1: USB disconnect, device number 2 [ 113.215535][ T6180] binder: BINDER_SET_CONTEXT_MGR already set [ 113.241204][ T6180] binder: 6178:6180 ioctl 4018620d 200000004a80 returned -16 [ 116.356819][ T5869] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 116.556930][ T5869] usb 3-1: Using ep0 maxpacket: 16 [ 116.591795][ T5869] usb 3-1: config 0 has no interfaces? [ 116.630868][ T5869] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 116.690308][ T5869] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.729532][ T5869] usb 3-1: Product: syz [ 116.743490][ T5869] usb 3-1: Manufacturer: syz [ 116.768757][ T5869] usb 3-1: SerialNumber: syz [ 116.801068][ T5869] usb 3-1: config 0 descriptor?? [ 118.196671][ T23] usb 1-1: new low-speed USB device number 2 using dummy_hcd [ 118.403866][ T23] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 118.430963][ T23] usb 1-1: config 0 has no interfaces? [ 118.453448][ T23] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 118.483611][ T23] usb 1-1: config 0 has no interfaces? [ 118.504492][ T23] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 118.538068][ T23] usb 1-1: config 0 has no interfaces? [ 118.553887][ T23] usb 1-1: string descriptor 0 read error: -22 [ 118.570277][ T23] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 118.600556][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.629161][ T23] usb 1-1: config 0 descriptor?? [ 118.796507][ C0] sched: RT throttling activated [ 118.819735][ T23] usb 3-1: USB disconnect, device number 3 [ 118.973619][ T5869] usb 1-1: USB disconnect, device number 2 [ 119.357585][ T6259] syzkaller0: entered promiscuous mode [ 119.376777][ T6259] syzkaller0: entered allmulticast mode [ 119.772805][ T6267] input: syz0 as /devices/virtual/input/input6 [ 119.896773][ T6209] Set syz1 is full, maxelem 65536 reached [ 122.111461][ T5869] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 122.308986][ T5869] usb 1-1: Using ep0 maxpacket: 16 [ 122.341412][ T5869] usb 1-1: config 0 has no interfaces? [ 122.370215][ T5869] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 122.379626][ T5869] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.394954][ T5869] usb 1-1: Product: syz [ 122.399949][ T5869] usb 1-1: Manufacturer: syz [ 122.404757][ T5869] usb 1-1: SerialNumber: syz [ 122.422962][ T5869] usb 1-1: config 0 descriptor?? [ 123.068955][ T6319] netlink: 4 bytes leftover after parsing attributes in process `syz.1.138'. [ 123.272652][ T6324] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 123.485251][ T5869] usb 1-1: USB disconnect, device number 3 [ 124.171723][ T6342] syzkaller0: entered promiscuous mode [ 124.194994][ T6342] syzkaller0: entered allmulticast mode [ 125.256843][ T6364] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 125.953450][ T28] audit: type=1326 audit(1770790515.001:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6373 comm="syz.1.148" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f668299bf79 code=0x0 [ 127.160434][ T6337] Set syz1 is full, maxelem 65536 reached [ 128.293042][ T5869] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 128.496665][ T5869] usb 3-1: Using ep0 maxpacket: 16 [ 128.523890][ T5869] usb 3-1: config 0 has no interfaces? [ 128.543526][ T5869] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 128.553062][ T5869] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.565467][ T5869] usb 3-1: Product: syz [ 128.570610][ T5869] usb 3-1: Manufacturer: syz [ 128.575500][ T5869] usb 3-1: SerialNumber: syz [ 128.584848][ T5869] usb 3-1: config 0 descriptor?? [ 129.269388][ T5869] usb 3-1: USB disconnect, device number 4 [ 129.969228][ T6359] syzkaller0: entered promiscuous mode [ 129.979832][ T6359] syzkaller0: entered allmulticast mode [ 130.894214][ T6438] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 133.481656][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.495214][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.413765][ T6460] warning: `syz.2.182' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 134.616643][ T6466] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 134.894625][ T6479] syzkaller0: entered promiscuous mode [ 134.903252][ T6479] syzkaller0: entered allmulticast mode [ 135.431926][ T6496] loop2: detected capacity change from 0 to 256 [ 135.599582][ T6503] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 135.627956][ T6496] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 136.028963][ T5773] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 136.298042][ T5773] usb 3-1: Using ep0 maxpacket: 32 [ 136.414613][ T5773] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.431249][ T5773] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.443154][ T5773] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 136.458487][ T5773] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.491651][ T5773] usb 3-1: config 0 descriptor?? [ 136.519357][ T5773] hub 3-1:0.0: USB hub found [ 136.738880][ T5773] hub 3-1:0.0: 1 port detected [ 136.870524][ T6517] Bluetooth: MGMT ver 1.22 [ 136.966905][ T23] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 136.988581][ T6521] loop3: detected capacity change from 0 to 1024 [ 137.168953][ T23] usb 2-1: config 0 interface 0 altsetting 41 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 137.206404][ T23] usb 2-1: config 0 interface 0 has no altsetting 0 [ 137.222007][ T23] usb 2-1: New USB device found, idVendor=056a, idProduct=00b4, bcdDevice= 0.00 [ 137.243330][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.268005][ T23] usb 2-1: config 0 descriptor?? [ 137.298269][ T5869] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 137.363485][ T5773] hub 3-1:0.0: activate --> -90 [ 137.497590][ T5869] usb 1-1: Using ep0 maxpacket: 32 [ 137.518563][ T5869] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 137.548361][ T5869] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.567139][ T5869] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 26 [ 137.582377][ T5773] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 137.611435][ T5773] usb 3-1: Failed to suspend device, error -71 [ 137.619654][ T5869] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 137.647281][ T5869] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 137.666611][ T5869] usb 1-1: SerialNumber: syz [ 137.683812][ T5869] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 137.712201][ T5869] cdc_acm 1-1:1.0: This needs exactly 3 endpoints [ 137.728234][ T5869] cdc_acm: probe of 1-1:1.0 failed with error -22 [ 137.743518][ T5840] usb 3-1: USB disconnect, device number 5 [ 137.755491][ T23] wacom 0003:056A:00B4.0001: Unknown device_type for 'HID 056a:00b4'. Assuming pen. [ 137.785627][ T23] wacom 0003:056A:00B4.0001: hidraw0: USB HID v0.09 Device [HID 056a:00b4] on usb-dummy_hcd.1-1/input0 [ 137.822688][ T23] input: Wacom Intuos3 12x19 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:00B4.0001/input/input7 [ 137.921810][ T6529] usb 1-1: USB disconnect, device number 4 [ 138.038092][ T23] usb 2-1: USB disconnect, device number 3 [ 138.412118][ T6543] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 138.653992][ T6549] loop1: detected capacity change from 0 to 512 [ 138.707826][ T6549] EXT4-fs (loop1): external journal device major/minor numbers have changed [ 138.716902][ T6549] EXT4-fs (loop1): failed to open journal device unknown-block(8,3) -6 [ 138.744315][ T6548] bond1: entered promiscuous mode [ 138.749622][ T6548] bond1: entered allmulticast mode [ 138.789826][ T6549] netlink: 12 bytes leftover after parsing attributes in process `syz.1.214'. [ 138.887734][ T6555] loop3: detected capacity change from 0 to 256 [ 139.053898][ T6554] loop1: detected capacity change from 0 to 1024 [ 139.074828][ T6558] binder: BINDER_SET_CONTEXT_MGR already set [ 139.105452][ T6558] binder: 6557:6558 ioctl 4018620d 200000004a80 returned -16 [ 139.128265][ T6554] EXT4-fs: Ignoring removed bh option [ 139.155091][ T6554] journal_path: Lookup failure for './file0' [ 139.174857][ T6554] EXT4-fs: error: could not find journal device path [ 139.441142][ T6564] loop3: detected capacity change from 0 to 1024 [ 139.454489][ T6565] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 139.465973][ T6564] EXT4-fs: Ignoring removed bh option [ 139.484724][ T6564] EXT4-fs (loop3): stripe (9) is not aligned with cluster size (16), stripe is disabled [ 139.495969][ T6567] loop2: detected capacity change from 0 to 2048 [ 139.553788][ T6564] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.589385][ T6564] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4047: comm syz.3.220: Allocating blocks 385-513 which overlap fs metadata [ 139.608376][ T6567] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 139.616886][ T6567] UDF-fs: Scanning with blocksize 512 failed [ 139.718060][ T6567] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 139.773297][ T6562] EXT4-fs (loop3): pa ffff888076e2b9f8: logic 16, phys. 129, len 24 [ 139.781944][ T6562] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5388: group 0, free 0, pa_free 8 [ 139.902152][ T5771] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.205114][ T6581] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 140.389475][ T6587] loop1: detected capacity change from 0 to 1024 [ 140.397935][ T6587] EXT4-fs: Ignoring removed mblk_io_submit option [ 140.880458][ T6587] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.260883][ T6587] ================================================================== [ 141.269040][ T6587] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 141.276843][ T6587] Read of size 18446744073709551588 at addr ffff88805e2dc040 by task syz.1.228/6587 [ 141.286442][ T6587] [ 141.288861][ T6587] CPU: 0 PID: 6587 Comm: syz.1.228 Not tainted syzkaller #0 [ 141.296209][ T6587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 141.306422][ T6587] Call Trace: [ 141.309761][ T6587] [ 141.312730][ T6587] dump_stack_lvl+0x18c/0x250 [ 141.317484][ T6587] ? read_lock_is_recursive+0x20/0x20 [ 141.322911][ T6587] ? show_regs_print_info+0x20/0x20 [ 141.328155][ T6587] ? load_image+0x400/0x400 [ 141.332702][ T6587] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 141.338209][ T6587] ? __virt_addr_valid+0x18c/0x540 [ 141.343380][ T6587] ? __virt_addr_valid+0x469/0x540 [ 141.348570][ T6587] print_report+0xa8/0x210 [ 141.353030][ T6587] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 141.358540][ T6587] kasan_report+0x117/0x150 [ 141.363084][ T6587] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 141.368603][ T6587] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 141.374135][ T6587] kasan_check_range+0x241/0x290 [ 141.379132][ T6587] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 141.384728][ T6587] __asan_memmove+0x29/0x70 [ 141.389272][ T6587] ext4_xattr_set_entry+0x94b/0x1e90 [ 141.394615][ T6587] ext4_xattr_block_set+0xae8/0x32b0 [ 141.399942][ T6587] ? ext4_destroy_inode+0x200/0x200 [ 141.405188][ T6587] ? proc_nr_inodes+0x230/0x230 [ 141.410075][ T6587] ? do_raw_spin_unlock+0x121/0x230 [ 141.415501][ T6587] ? _raw_spin_unlock+0x28/0x40 [ 141.420389][ T6587] ? ext4_xattr_block_find+0x350/0x350 [ 141.425988][ T6587] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 141.431433][ T6587] ext4_xattr_set_handle+0x1280/0x14c0 [ 141.436946][ T6587] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 141.442978][ T6587] ? __ext4_journal_start_sb+0x259/0x560 [ 141.448645][ T6587] ext4_xattr_set+0x252/0x340 [ 141.453361][ T6587] ? end_current_label_crit_section+0x170/0x170 [ 141.459640][ T6587] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 141.465224][ T6587] ? posix_xattr_acl+0x93/0xb0 [ 141.470022][ T6587] ? ext4_xattr_trusted_get+0x40/0x40 [ 141.475524][ T6587] __vfs_setxattr+0x431/0x470 [ 141.480340][ T6587] __vfs_setxattr_noperm+0x12d/0x5e0 [ 141.485666][ T6587] vfs_setxattr+0x16b/0x2f0 [ 141.490203][ T6587] ? xattr_permission+0x470/0x470 [ 141.495261][ T6587] ? __mnt_want_write+0x223/0x2a0 [ 141.500412][ T6587] ? path_setxattr+0x3a1/0x5d0 [ 141.505219][ T6587] path_setxattr+0x3f3/0x5d0 [ 141.509867][ T6587] ? simple_xattrs_free+0x150/0x150 [ 141.515242][ T6587] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 141.521285][ T6587] ? lock_chain_count+0x20/0x20 [ 141.526205][ T6587] __x64_sys_lsetxattr+0xb8/0xd0 [ 141.531266][ T6587] do_syscall_64+0x55/0xa0 [ 141.535721][ T6587] ? clear_bhb_loop+0x40/0x90 [ 141.540435][ T6587] ? clear_bhb_loop+0x40/0x90 [ 141.545151][ T6587] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 141.551081][ T6587] RIP: 0033:0x7f668299bf79 [ 141.555637][ T6587] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 141.575495][ T6587] RSP: 002b:00007f66838d9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 141.584051][ T6587] RAX: ffffffffffffffda RBX: 00007f6682c15fa0 RCX: 00007f668299bf79 [ 141.592053][ T6587] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0 [ 141.600074][ T6587] RBP: 00007f6682a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 141.608082][ T6587] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 141.616075][ T6587] R13: 00007f6682c16038 R14: 00007f6682c15fa0 R15: 00007ffdf5fc76e8 [ 141.624105][ T6587] [ 141.627148][ T6587] [ 141.629496][ T6587] Allocated by task 6587: [ 141.633849][ T6587] kasan_set_track+0x4e/0x70 [ 141.638560][ T6587] __kasan_kmalloc+0x8f/0xa0 [ 141.643175][ T6587] __kmalloc_node_track_caller+0xb2/0x230 [ 141.648923][ T6587] kmemdup+0x2b/0x70 [ 141.652846][ T6587] ext4_xattr_block_set+0x9ea/0x32b0 [ 141.658172][ T6587] ext4_xattr_set_handle+0x1280/0x14c0 [ 141.663756][ T6587] ext4_xattr_set+0x252/0x340 [ 141.668468][ T6587] __vfs_setxattr+0x431/0x470 [ 141.673262][ T6587] __vfs_setxattr_noperm+0x12d/0x5e0 [ 141.678669][ T6587] vfs_setxattr+0x16b/0x2f0 [ 141.683211][ T6587] path_setxattr+0x3f3/0x5d0 [ 141.687826][ T6587] __x64_sys_lsetxattr+0xb8/0xd0 [ 141.692790][ T6587] do_syscall_64+0x55/0xa0 [ 141.697240][ T6587] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 141.703169][ T6587] [ 141.705517][ T6587] Last potentially related work creation: [ 141.711256][ T6587] kasan_save_stack+0x3e/0x60 [ 141.715967][ T6587] __kasan_record_aux_stack+0xaf/0xc0 [ 141.721386][ T6587] kvfree_call_rcu+0xee/0x790 [ 141.726120][ T6587] neigh_remove_one+0x5f1/0x700 [ 141.731007][ T6587] ___neigh_create+0x467/0x2440 [ 141.735889][ T6587] ip6_finish_output2+0x1581/0x1630 [ 141.741112][ T6587] ndisc_send_skb+0xc26/0x14f0 [ 141.745932][ T6587] addrconf_dad_completed+0x7ef/0xd90 [ 141.751338][ T6587] addrconf_dad_work+0xc90/0x1530 [ 141.756396][ T6587] process_scheduled_works+0xa5d/0x15d0 [ 141.761966][ T6587] worker_thread+0xa55/0xfc0 [ 141.766604][ T6587] kthread+0x2fa/0x390 [ 141.770814][ T6587] ret_from_fork+0x48/0x80 [ 141.775273][ T6587] ret_from_fork_asm+0x11/0x20 [ 141.780089][ T6587] [ 141.782502][ T6587] The buggy address belongs to the object at ffff88805e2dc000 [ 141.782502][ T6587] which belongs to the cache kmalloc-1k of size 1024 [ 141.796596][ T6587] The buggy address is located 64 bytes inside of [ 141.796596][ T6587] 1024-byte region [ffff88805e2dc000, ffff88805e2dc400) [ 141.809986][ T6587] [ 141.812337][ T6587] The buggy address belongs to the physical page: [ 141.818777][ T6587] page:ffffea000178b600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e2d8 [ 141.828956][ T6587] head:ffffea000178b600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 141.837915][ T6587] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 141.846369][ T6587] page_type: 0xffffffff() [ 141.850732][ T6587] raw: 00fff00000000840 ffff888017c41dc0 0000000000000000 dead000000000001 [ 141.859394][ T6587] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 141.868012][ T6587] page dumped because: kasan: bad access detected [ 141.874456][ T6587] page_owner tracks the page as allocated [ 141.880196][ T6587] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 3428, tgid 3428 (kworker/u4:11), ts 93225526057, free_ts 30434724798 [ 141.899592][ T6587] post_alloc_hook+0x1c1/0x200 [ 141.904414][ T6587] get_page_from_freelist+0x1951/0x19e0 [ 141.909990][ T6587] __alloc_pages+0x1f0/0x460 [ 141.914652][ T6587] alloc_slab_page+0x5d/0x160 [ 141.919370][ T6587] new_slab+0x87/0x2d0 [ 141.923503][ T6587] ___slab_alloc+0xc5d/0x12f0 [ 141.928471][ T6587] __kmem_cache_alloc_node+0x19e/0x250 [ 141.933984][ T6587] __kmalloc+0xa4/0x230 [ 141.938169][ T6587] ___neigh_create+0x6d2/0x2440 [ 141.943052][ T6587] ip6_finish_output2+0x1581/0x1630 [ 141.948279][ T6587] ndisc_send_skb+0xc26/0x14f0 [ 141.953109][ T6587] addrconf_dad_completed+0x7ef/0xd90 [ 141.958608][ T6587] addrconf_dad_work+0xc90/0x1530 [ 141.963779][ T6587] process_scheduled_works+0xa5d/0x15d0 [ 141.969520][ T6587] worker_thread+0xa55/0xfc0 [ 141.974140][ T6587] kthread+0x2fa/0x390 [ 141.978245][ T6587] page last free stack trace: [ 141.982936][ T6587] free_unref_page_prepare+0x7b2/0x8c0 [ 141.988434][ T6587] free_unref_page+0x32/0x2e0 [ 141.993139][ T6587] free_contig_range+0xa1/0x150 [ 141.998016][ T6587] destroy_args+0x80/0x850 [ 142.002765][ T6587] debug_vm_pgtable+0x411/0x440 [ 142.007676][ T6587] do_one_initcall+0x242/0x790 [ 142.012598][ T6587] do_initcall_level+0x137/0x1f0 [ 142.017754][ T6587] do_initcalls+0x69/0xd0 [ 142.022319][ T6587] kernel_init_freeable+0x3ed/0x580 [ 142.027753][ T6587] kernel_init+0x1d/0x1c0 [ 142.032123][ T6587] ret_from_fork+0x48/0x80 [ 142.036570][ T6587] ret_from_fork_asm+0x11/0x20 [ 142.041368][ T6587] [ 142.043711][ T6587] Memory state around the buggy address: [ 142.049361][ T6587] ffff88805e2dbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 142.057458][ T6587] ffff88805e2dbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 142.065566][ T6587] >ffff88805e2dc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.073751][ T6587] ^ [ 142.079928][ T6587] ffff88805e2dc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.088034][ T6587] ffff88805e2dc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.096118][ T6587] ================================================================== [ 142.151506][ T6587] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 142.158759][ T6587] CPU: 1 PID: 6587 Comm: syz.1.228 Not tainted syzkaller #0 [ 142.166137][ T6587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 142.176225][ T6587] Call Trace: [ 142.179685][ T6587] [ 142.182713][ T6587] dump_stack_lvl+0x18c/0x250 [ 142.187434][ T6587] ? show_regs_print_info+0x20/0x20 [ 142.192666][ T6587] ? load_image+0x400/0x400 [ 142.197245][ T6587] panic+0x2dc/0x730 [ 142.201170][ T6587] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 142.207365][ T6587] ? bpf_jit_dump+0xd0/0xd0 [ 142.211901][ T6587] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 142.217910][ T6587] ? _raw_spin_unlock+0x40/0x40 [ 142.222814][ T6587] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 142.228335][ T6587] check_panic_on_warn+0x84/0xa0 [ 142.233314][ T6587] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 142.238896][ T6587] end_report+0x6f/0x130 [ 142.243185][ T6587] kasan_report+0x128/0x150 [ 142.247727][ T6587] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 142.253228][ T6587] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 142.258754][ T6587] kasan_check_range+0x241/0x290 [ 142.263734][ T6587] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 142.269232][ T6587] __asan_memmove+0x29/0x70 [ 142.273773][ T6587] ext4_xattr_set_entry+0x94b/0x1e90 [ 142.279113][ T6587] ext4_xattr_block_set+0xae8/0x32b0 [ 142.284508][ T6587] ? ext4_destroy_inode+0x200/0x200 [ 142.289749][ T6587] ? proc_nr_inodes+0x230/0x230 [ 142.294632][ T6587] ? do_raw_spin_unlock+0x121/0x230 [ 142.299860][ T6587] ? _raw_spin_unlock+0x28/0x40 [ 142.304747][ T6587] ? ext4_xattr_block_find+0x350/0x350 [ 142.310281][ T6587] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 142.315704][ T6587] ext4_xattr_set_handle+0x1280/0x14c0 [ 142.321209][ T6587] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 142.327234][ T6587] ? __ext4_journal_start_sb+0x259/0x560 [ 142.332902][ T6587] ext4_xattr_set+0x252/0x340 [ 142.337610][ T6587] ? end_current_label_crit_section+0x170/0x170 [ 142.343886][ T6587] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 142.349991][ T6587] ? posix_xattr_acl+0x93/0xb0 [ 142.354783][ T6587] ? ext4_xattr_trusted_get+0x40/0x40 [ 142.360204][ T6587] __vfs_setxattr+0x431/0x470 [ 142.364918][ T6587] __vfs_setxattr_noperm+0x12d/0x5e0 [ 142.370237][ T6587] vfs_setxattr+0x16b/0x2f0 [ 142.374779][ T6587] ? xattr_permission+0x470/0x470 [ 142.379840][ T6587] ? __mnt_want_write+0x223/0x2a0 [ 142.384896][ T6587] ? path_setxattr+0x3a1/0x5d0 [ 142.389689][ T6587] path_setxattr+0x3f3/0x5d0 [ 142.394314][ T6587] ? simple_xattrs_free+0x150/0x150 [ 142.399556][ T6587] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 142.405576][ T6587] ? lock_chain_count+0x20/0x20 [ 142.410458][ T6587] __x64_sys_lsetxattr+0xb8/0xd0 [ 142.415426][ T6587] do_syscall_64+0x55/0xa0 [ 142.419889][ T6587] ? clear_bhb_loop+0x40/0x90 [ 142.424592][ T6587] ? clear_bhb_loop+0x40/0x90 [ 142.429306][ T6587] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 142.435246][ T6587] RIP: 0033:0x7f668299bf79 [ 142.439698][ T6587] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 142.459345][ T6587] RSP: 002b:00007f66838d9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 142.467792][ T6587] RAX: ffffffffffffffda RBX: 00007f6682c15fa0 RCX: 00007f668299bf79 [ 142.475800][ T6587] RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00002000000001c0 [ 142.483893][ T6587] RBP: 00007f6682a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 142.491898][ T6587] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 142.499891][ T6587] R13: 00007f6682c16038 R14: 00007f6682c15fa0 R15: 00007ffdf5fc76e8 [ 142.507901][ T6587] [ 142.511615][ T6587] Kernel Offset: disabled [ 142.515998][ T6587] Rebooting in 86400 seconds..