last executing test programs: 24.677242873s ago: executing program 3 (id=113): r0 = socket$unix(0x1, 0x2, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$unix(r0, 0x0, 0x20008840) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x3c1, 0x3, 0x2c0, 0x128, 0x111, 0x4b4, 0x128, 0xd4feffff, 0x220, 0x20a, 0x278, 0x220, 0x278, 0x3, 0x0, {[{{@ipv6={@private2, @loopback, [], [], 'bond_slave_1\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x320) 22.052678916s ago: executing program 3 (id=115): pipe(0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x54}, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) r2 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000) listen(0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, 0x0, &(0x7f00000000c0)='GPL\x00', 0x4, 0x98, &(0x7f0000000940)=""/152}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x4, &(0x7f00000001c0)=ANY=[], 0x0, 0x5, 0x9c, &(0x7f0000000000)=""/156}, 0x94) r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, r4) write$FUSE_NOTIFY_STORE(r5, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) 20.162094247s ago: executing program 1 (id=117): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0) splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x10000000000016, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r3, &(0x7f000001aa40)=""/102400, 0x19000) r4 = syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000006340)={0x2020, 0x0, 0x0}, 0x2058) write$FUSE_INIT(r0, &(0x7f0000002180)={0x50, 0x0, r5, {0x7, 0x27, 0x5, 0x1dd880, 0x1, 0x89, 0x0, 0x4, 0x0, 0x0, 0x80, 0x2404}}, 0x50) shmat(0x0, &(0x7f0000001000/0x1000)=nil, 0x4000) syz_fuse_handle_req(r0, 0x0, 0x0, 0x0) getdents64(r4, 0x0, 0x20000) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) prctl$PR_SET_SECUREBITS(0x1c, 0x25) setresuid(0xee01, 0xee01, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000940)={0x2020}, 0x2020) 19.121313061s ago: executing program 1 (id=119): bpf$MAP_CREATE(0x0, 0x0, 0x50) socket$inet_tcp(0x2, 0x1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x6) socketpair(0x1, 0x0, 0x0, &(0x7f0000000000)) 16.896464856s ago: executing program 3 (id=121): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_open_procfs(0x0, 0x0) pread64(r3, &(0x7f0000000040)=""/116, 0x74, 0x80000000004) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000003000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xe, 0xe00, &(0x7f00000003c0)="7993ff01190000e5ffa53b00008f", 0x0, 0x400, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x4}, 0x50) 16.844666029s ago: executing program 1 (id=122): msgsnd(0x0, 0x0, 0x401, 0x0) syz_emit_ethernet(0x72, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f00000007c0)=0x42000401, 0x4) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x2, 0x4) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x10000000}, 0x1c) listen(r0, 0xb5d6) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000000)=0x2, 0x4) bind$inet6(r3, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @loopback, 0x10000000}, 0x1c) 16.648776487s ago: executing program 1 (id=124): r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000340)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000100)=0xcf5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x41}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0xfffffffd, 0x4000000, 0x1, 0x10, "0062ba7d8200000000f7ffffff00"}) syz_open_pts(r1, 0x0) write(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe91, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x40000000000001, r2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8) timer_settime(0x0, 0x1, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) io_uring_setup(0x510d, &(0x7f0000000100)={0x0, 0x8591, 0x10, 0x3, 0x1f5}) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000540)={{0xb, 0x6, 0x0, 0x2, 'syz0\x00', 0x281d}, 0x0, [0x1, 0x4ea3, 0x9, 0x56cd, 0x5, 0x6, 0x0, 0x80000001, 0x201, 0x1, 0x3fb, 0x1, 0x9, 0x7, 0x4, 0x10000, 0x43, 0x49b5e351, 0x80, 0xe8de, 0xfffffffffffffff9, 0x9, 0x201, 0x9, 0x1, 0x8, 0x1, 0x4, 0x0, 0x8000, 0x8, 0xa36, 0x57bf4b04, 0x4, 0x40000000000001, 0x6, 0x8, 0x100000000, 0x8, 0x7ff, 0x6, 0x401, 0x5, 0x10001, 0x1ff, 0x10000, 0x2, 0xb7, 0x0, 0x5, 0xbe5, 0xa0000000000, 0x0, 0x1, 0x8, 0x7fffffffffffffff, 0xd3d, 0xbbeb, 0x1, 0x6, 0x4, 0x6, 0x8001, 0x3, 0x1, 0xec7, 0x646, 0xc58e, 0x5, 0x11ad, 0x0, 0x6, 0x8000, 0x100080, 0x7f, 0x9, 0x1, 0x5, 0x8000000000000000, 0x2, 0x7, 0xa5, 0x1b13, 0x4, 0x85, 0x8, 0x3, 0xf75, 0x9, 0xb, 0xffffffffffff66e3, 0xfffffffffffffff9, 0x851a, 0x5e997b8e, 0x0, 0x7, 0x6, 0x4, 0x100, 0x1000000004, 0x3ff, 0x6, 0x0, 0xffffffffffffff95, 0xa, 0x108000001, 0xcc7e, 0x8, 0x0, 0x6, 0x800000000006, 0xfffffffffffffd96, 0x3f3, 0x1, 0x4, 0x0, 0x7, 0x5, 0x6, 0x1, 0xe1, 0xec2, 0x1, 0x5, 0xfff, 0x0, 0x80]}) 13.454415564s ago: executing program 1 (id=126): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x20800, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000240)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x430601, 0x10) 11.051007696s ago: executing program 3 (id=130): bpf$MAP_CREATE(0x0, 0x0, 0x50) socket$inet_tcp(0x2, 0x1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x6) socketpair(0x1, 0x0, 0x0, &(0x7f0000000000)) 10.865928704s ago: executing program 0 (id=131): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) syz_emit_ethernet(0xbe, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000740)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000000000000000000000001fe8000000000000000000000000000bb00000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000009a5ab6e10c00000000000000040000000000000000000000000000000000000000000000ffffffffffffffff000000000020000000000000000000000000000000000000000a000000000000feffffffff7f40000200000000000008000000000000000001000000000000004400050000000000000000000000000000000000000000003c00000002000000ffffffff0002000000000000000000000600000004"], 0xfc}}, 0x0) 10.752269999s ago: executing program 2 (id=132): msgsnd(0x0, 0x0, 0x401, 0x0) syz_emit_ethernet(0x72, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f00000007c0)=0x42000401, 0x4) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x2, 0x4) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x10000000}, 0x1c) listen(r0, 0xb5d6) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000000)=0x2, 0x4) bind$inet6(r3, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @loopback, 0x10000000}, 0x1c) 10.523238819s ago: executing program 2 (id=133): r0 = socket$unix(0x1, 0x2, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$unix(r0, 0x0, 0x20008840) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x3c1, 0x3, 0x2c0, 0x128, 0x111, 0x4b4, 0x128, 0xd4feffff, 0x220, 0x20a, 0x278, 0x220, 0x278, 0x3, 0x0, {[{{@ipv6={@private2, @loopback, [], [], 'bond_slave_1\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x320) 8.353810192s ago: executing program 0 (id=134): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000280)={[{@delalloc}, {@nodelalloc}, {@init_itable_val={'init_itable', 0x3d, 0x3}}, {@inlinecrypt}, {@data_err_ignore}, {@nodiscard}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x5, 0x557, &(0x7f0000000fc0)="$eJzs3c+LG1UcAPDvZHf7W9tCKSoiCz1Yqc12d/1RwUM9ihYLeq9hM13KJk3ZZEt3Ldge7MWLFEHEgnjXu8fiP+BfUdBCkbLowUtkspNt2k266TZttubzgSnvZSZ5852Z7+ubvFkSwMiazP4pRLwcEd8kEfsjIsnXjUe+cnJtu9V7V+ayJYlm89O/ktZ2Wb39We337c0rL0XEb19FHCtsbLe+vLJQqlTSxbw+1ahenKovrxw/Xy3Np/PphZlm8+TbszPvvfvOwGJ948w/339y68OTXx9Z/e6XOwdvJHEq9uXrOuN4Alc7K5MxmR+TiTj10IbTA2hsO0mGvQNsyVie5xOR9QH7YyzPeuD/78uIaAIjKpH/MKLa44D2vf2A7oOfG3c/WLsB2hj/+Np3I7GrdW+0ZzV54M4ou989MID2szZ+/fPmjWyJwX0PAbCpq9ci4sT4+Mb+L8n7v6070cc2D7eh/4Nn51Y2/nmz2/insD7+iS7jn71dcncrNs//wp0BNNNTNv57v+v4d33S6sBYXnuhNeabSM6dr6RZ3/ZiRByNiZ1Z/VHzOSdXbzd7resc/2VL1n57LJjvx53xnQ++p1xqlJ4k5k53r0W80nX8m6yf/6TL+c+Ox5k+2zic3nyt17rN43+6mj9FvN71/N+f0Uq6zk/Ozubzk1Ot62GqfVVs9Pf1w7/3an/Y8Wfnf8+j4z+QdM7X1h+/jR93/Zv2WvdA/NH/9b8j+axV3pG/drnUaCxOR+xIPt74+sz997br7e2z+I8eeXT/1+363x0Rn/cZ//VDP7/aV/xDOv/lxzr/j1+4/dEXP/Rqv7/+761W6Wj+Sj/9X787+CTHDgAAAAAAALabQkTsi6RQXC8XCsXi2vMdh2JPoVKrN46dqy1dKMe1fWvPPxTaM937O56HmM6fh23XZx6qz0bEwYj4dmx3q16cq1XKww4eAAAAAAAAAAAAAAAAAAAAtom9Pf7+P/PH2LD3Dnjq/OQ3jK5N838Qv/QEbEv+/4fRJf9hdMl/GF3yH0aX/IfRJf9hdMl/GF3yHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAbqzOnT2dJcvXdlLquXLy0vLdQuHS+n9YVidWmuOFdbvFicr9XmK2lxrlbd7PMqtdrF6ZlYujzVSOuNqfryytlqbelC4+z5amk+PZtOPJOoAAAAAAAAAAAAAAAAAAAA4PlSX15ZKFUq6aKCwpYK49tjNxQGXBh2zwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9/0XAAD//zWdOco=") r0 = open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0xdc) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000e255000001"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r3}, 0x18) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f00000002c0)={0x28, 0x0, 0x2710, @local}, 0x10) fallocate(r0, 0x0, 0x0, 0x8800000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1218e09, &(0x7f0000000500), 0x6, 0x600, &(0x7f0000001200)="$eJzs3c9rHGUfAPDvzCZ5kzbvm/ZFxBbFgIcWpGlSi1UvtvVgDwUL9iDioaFJauj2B00KthZMwYOCgohXkV78B7xL795EUG+ehSpSUVDpyuzOtptkN92m2Z008/nAZp/nmdl9nu9OnswzM3l2Aiit8exHGrEr4s6pJGKsZdloNBaO5+vd/u3a6eyRRK32+q9JJHlZc/0kf96eZ4Yj4tujEf+vrK534crVs9PVWsN7EfsXz13cv3Dl6r75c9NnZs/Mnp868MLBQ5MvTh2c2pA4t+fPx46/9uTH77/9/Nx31X1JHI6Tg+/OxIo4Nsp4jMedPMTW8oGIOJQl2nwuj5oHCmGkd+1gfSr57+NgRDweY1Gp5xrGYv6jQhsH9FStElEDSirR/6GkmuOA5rF9d8fBJ3s8KumfW0caB0Cr4x9onBuJ4fqx0bbbScuRUePcxo4NqD+r459ruz/PHrHsPMSfd7fOwAbU08nS9Yh4ol38Sb1tO+qRZvGny9qRRMRkRAzl7XvlIdqQtKR7cR5mLeuNP42Iw/lzVn50nfWPr8j3O34AyunmkXxHvpTl7u3/srFHc/wTbcY/o232XetR9P6v8/ivub8frp8jT1eMw7Ixy4n2bzm4suCnD4992qn+1vFf9sjqb44F++HW9YjdK+L/IAs2H/9k8Sdttn+2yqnD3dXx6ve/HOu0rOj4azci9rQ9/rk3Ks1Sa1yf3D83X52dbPxsW8fX37z1Zaf6i44/2/7bOsTfsv3Tla/LPpOLXdbx1Ykb5zotG71v/OnPQ0njeHMoL3lnenHx0lTEUHI8X6Wl/MDabWmu03yPLP69z7Tv/8t+/68vf5+R5p/MLlx84+ztTsvWs/1bLibfqXXZhk6y+Gfuv/1X9f+s7JMu6/jjzctPdVq2VvwuFwMAAAAAAMCDSevXYJN04m46TScmGvNlH4ttafXCwuKzcxcun5+J2Fv/f8jBtHmle6yRT7L8VP7/sM38gRX55yJiZ0R8Vhmp5ydOX6jOFB08AAAAAAAAAAAAAAAAAAAAbBLb8/n/zftU/15pzP8HSqKXN5gDNjf9H8qr3v9X3eIJKAP7fygv/R/KS/+H8tL/obz0fygv/R/KS/+H8tL/AQAAAGBL2vn0zR+TiFh6aaT+yAzly8wIgq1tsOgGAIWpFN0AoDB3L/0b7EPpdDX+/yv/csDeNwcoQNKusD44qK3d+W+2fSUAAAAAAAAAAAAA0AN7dnWe/29uMGxtpv1BeT3E/H9fHQCPOF/9D+XlGB+43yz+4U4LzP8HAAAAAAAAAAAAgL4ZrT+SdCKfCzwaaToxEfHfiNgRg8ncfHV2MiL+FxE/VAb/k+Wnim40AAAAAAAAAAAAAAAAAAAAbDELV66ena5WZy+1Jv5eVbK1E827oPahrpfjAV8VSf8/lpGIKHyj9Cwx0FKSRCxlW35TNOzSQmyOZtQTBf9hAgAAAAAAAAAAAAAAAACAEmqZe9ze7i/63CIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6L979//vXaLoGAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAR9O/AQAA//9/3EA1") r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x42) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r6, 0x8004587d, &(0x7f0000000080)={@id={0x2, 0x0, @auto="4cf2a36adc4bc2ebb4b811ea6fc55952"}}) fallocate(r5, 0x20, 0x0, 0x8000) 8.319821613s ago: executing program 3 (id=135): prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000380)={0x24, 0x1, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0x6}, [@CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4040004}, 0x4000) 6.593878077s ago: executing program 2 (id=136): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) ioctl$TIOCSTI(r0, 0x5412, 0x0) ioctl$TCSETAW(r0, 0x5407, &(0x7f00000000c0)={0xdbc, 0x7e, 0x1, 0x403, 0xd, "0500"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000140)=0xd) 4.793808144s ago: executing program 3 (id=137): bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2e, 0x76}, [@call={0x27, 0x0, 0x0, 0x1000000}]}, 0x0, 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94) 3.993329398s ago: executing program 0 (id=138): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0) 3.507501679s ago: executing program 2 (id=139): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_open_procfs(0x0, 0x0) pread64(r3, &(0x7f0000000040)=""/116, 0x74, 0x80000000004) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000003000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xe, 0xe00, &(0x7f00000003c0)="7993ff01190000e5ffa53b00008f", 0x0, 0x400, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x4}, 0x50) 3.506434809s ago: executing program 1 (id=147): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x6) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, 0x0, 0x0) 2.170970646s ago: executing program 2 (id=140): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0) splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x10000000000016, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r3, &(0x7f000001aa40)=""/102400, 0x19000) r4 = syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000006340)={0x2020, 0x0, 0x0}, 0x2058) write$FUSE_INIT(r0, &(0x7f0000002180)={0x50, 0x0, r5, {0x7, 0x27, 0x5, 0x1dd880, 0x1, 0x89, 0x0, 0x4, 0x0, 0x0, 0x80, 0x2404}}, 0x50) shmat(0x0, &(0x7f0000001000/0x1000)=nil, 0x4000) syz_fuse_handle_req(r0, 0x0, 0x0, 0x0) getdents64(r4, 0x0, 0x20000) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) prctl$PR_SET_SECUREBITS(0x1c, 0x25) setresuid(0xee01, 0xee01, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000940)={0x2020}, 0x2020) 1.432613698s ago: executing program 0 (id=141): msgsnd(0x0, 0x0, 0x401, 0x0) syz_emit_ethernet(0x72, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f00000007c0)=0x42000401, 0x4) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x2, 0x4) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x10000000}, 0x1c) listen(r0, 0xb5d6) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000000)=0x2, 0x4) bind$inet6(r3, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @loopback, 0x10000000}, 0x1c) 1.16815059s ago: executing program 2 (id=142): syz_open_procfs(0x0, 0x0) syz_mount_image$exfat(&(0x7f0000000080), &(0x7f0000000380)='./bus\x00', 0x200880, &(0x7f00000001c0)=ANY=[@ANYBLOB='time_offset=0x00000000\x000000006,errors=continue,utf8,time_offset=0x0000000000000006,utf8,\x00'], 0x3, 0x1512, &(0x7f0000003a00)="$eJzs3AucTtX6OPDnWWvtMSS9SS7DWuvZvMllkSS5JMklSZIkyS0hNORIQmLILWlIQnIZkssQksvEpHG/369JkjRJkltuyfp/pjhOp/r363f6Hedz5vl+PvtjPe/az9prz7Nf79qbd77pMrR6wxpV6hMR/Evw5z8SACAWAAYCwHUAEABAmZxlcmb0Z5WY8K8dhP21Hkm+2jNgVxPXP3Pj+mduXP/MjeufuXH9Mzeuf+bG9c/cuP6MZWabp+e7nrfMu/Hz/8yMP///i6SXGPvF2hI3dv0TKVz//zq5/Z/Ymev/Xyv4n+zE9c/cuP6ZG9c/c+P6ZwZZfreH65+5cf0Zy8yu9vNn3q7udrWvP8YYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjmcNZf4UCgMvtqz0vxhhjjDHGGGOM/XV8lqs9A8YYY4wxxhhjjP3fQxAgQUEAMZAFYiErZAMBANdCDrgOInA95IQbIBfcCLkhD+SFfBAH+aEAaDBggSCEglAIonATFIaboQgUhWJQHByUgJJwC5SCW6E03AZl4HYoC3dAOSgPFaAi3AmV4C6oDHdDFbgHqkI1qA414F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI9BI3gcGkMTaArNoPn/Kv8F6AEvQk/oBQnQG/rAS9AX+kF/GAAD4WUYBK/AYHgVEmEIDIXXYBi8DsPhDRgBI2EUvAmj4S0YA2NhHIyHJJgAE+FtmATvwGSYAlNhGiTDdJgB78JMmAWz4T2YA+/DXJgH82EBpMAHsBAWQSp8CIvhI0iDJbAUlsFyWAErYRWshjWwFtbBetgAG2HTT5XIsB12wE7YBbvhY9gDn8Be+BT2wWd/mL8ZtsBW2HYp/8w/5XdFQECBAhUqjMEYjMVYzIbZMDtmxxyYI/byRZILc2FuzI15MS/GYRwWwAJo0CAhYUEsiFGMYmEsjEWwCBbDYujQYUksiaXwViyNpbEMlsGyWBbLYXksjxWxIlbCSlgZK2MVrIJVsSpWx+p4L96LvbEW1sLaWBvrYJ3Lj6ewPtbHBtgAG2JDbISNsDE2xqbYFJtjc2yBLbAltsTW2BrbYBtsh+0wHuOxA3bAjtgRO2En7IydsQt2wa7YDbvhC1kAX8QXsRdWFb2xD/bBvpiYpT8OwAH4Mg7CV/AVfBUTcQgOxdfwNXwdh+NpHIEjcRSOwkriLRyDY5HEeEzCJJyIE3ESTsLJOAWn4DRMxuk4A2fgTJyFs/A9nIPv4/s4D+fhAkzBFFyIizAVU3ExnsE0XIJLcRkuxxW4HFfhalyFa3EdrsUNuAE34SbcgltwG27DHbgDd6ECwI/xE/wEE3Ef7sP9uB8P4AE8iAcxHdPxEB7Cw3gYj+ARPIpH8RgexxN4HE/hKTyNZ/AsnsXzeB4v4HNxXzXYVXRNIogMSigRI2JErIgV2UQ2kV1kFzlEDhEREZFT5BS5RC6RW+QWeUVeESfiRAFRQBhhBIkwBgBEVERFYVFYFBFFRDFRTDjhRElRUpQSpURpUVqUEbeLsuIOUU6UF61cRVFRVBKtXWVxt6giqoiqopqoLmqIGqKmqClqiVqitqgt6og6oq54SNQTvbE/PiIyKtNQDMFGYig2Fk2EvHRxthDDsaVoJVqLp8RIHIHtRAsXL9qLDmIMdhR/E2PxWdFZjMcu4nnRVXQT3cULoodo6XqKXmIy9hZ9xDTsK/qJ/mKAmInVxHs4J2t18apIFEPEUPGaWICvi+HiDTFCjBSjxJtitHhLjBFjxTgxXiSJCWKieFtMEu+IyWKKmCqmiWQxXcwQ74qZYpaYLd4Tc8T7Yq6YJ+aLBSJFfCAWikUiVXwoFouPRJpYIpaKZWK5WCFWilVitVgj1op1Yr3YIDaKTWKz2CK2im1iu9ghdopdYrf4WOwRn4i94lOxT3wm9ovPxQHxhTgovhTp4itxSHwtDotvxBHxrTgqvhPHxHFxQpwUp8T34rQ4I86Kc+K8+EFcED+Ki8ILkCiFlFLJQMbILDJWZg2yyWtkdhlc+uleL3PKG2QueaPMLfPIvDKfjJP5ZQGppZFWkgxlQVlIRuVNsrC8WRaRRWUxWVw6WUKWlLfIUvJWWVreJsvI22VZeYcsJ8vLCrKivFNWkndJiPx8jKqymqwua8h7ZU15n6wl75e15QOyjnxQ1pUPyXryYVlfPiIbyEdlQ/mYbCQfl41lE9lUNpPN5ROyhXxStpStZGv5lGwj28p28mkZL9vLDtJfukSelZ3lc7KLfF52ld1kd/mjvCi97Cl7SYDeso98SfaV/WR/OUAOlC/LQfIVOVi+KhPlEDlUviaHydflcPmGHCFHylHyTTlaviXHyLFynBwvk+QEOVG+LSfJd+RkOUVOldNkspwu+18aabaUf5j/9m/kD/7p6JvkZrlFbpXb5Ha5Q+6Uu+RuuVvukXvkXrlX7pP75H65Xx6QB+RBeVCmy3R5SB6Sh+VheUQekUflUXlMHpfn5El5Sn4vT8sz8ow8J8/L8/LCpZ8BKFRCSaVUoGJUFhWrsqps6hqVXV2rcqjrVERdr3KqG1QudaPKrfKovCqfilP5VQGllVFWkQpVQVVIRdVNeOmCUcVUceVUCVVS3fJn8lVhdbMqoor+Iv/y/BJ+Z37NVXPVQrVQLVVL1Vq1Vm1UG9VOtVPxKl51UB1UR9VRdVKdVGfVWXVRXVRX1VV1V91VD9VD9VQ9VYJKUH3US6qv6qf6qwFqoHpZDVKD1GA1WCWqRDVUDVXD1DA1XA1XI9QINUqNUqPVaDVGjVHj1DiVpJLURDVRTVKT1GQ1WU1VU1WySlYz1Aw1U81Us9VsNUfNUXPVXDVfzVcpKkUtVAtVqkpVi9VilaaWqCVqmVqmVqgVapVapdaoNWqdWqc2qA0qTW1Wm9VWtVVtV9vVTrVT7Va71R61R+1Ve9U+tU/tV/vVAXVAHVQHVbpKV4fUIXVYHVZH1BF1VB1Vx9QxdUKdUKfUKXVanVZn1Vl1Xp1XF9QFdVFdzFj2BSIQgQpUEBPEBLFBbJAtyBZkD7IHOYIcQSSIBDmDnEGu4MYgd5AnyBvkC+KC/EGBQAcmsMHl9Uk0uCkoHNwcFAmKBsWC4oELSgQlg1uCUsGtQengtqBMcHtQNrgjKBeUDyoEFYM7g0rBXUHl4O6gSnBPUDWoFlQPagT3BjWD+4Jawf1B7eCBoE7wYFA3eCioFzwc1A8eCRoEjwYNg8eCRsHjQeOgSdA0aBY0/0vH9/50niddT91LJ+jeuo9+SffV/XR/PUAP1C/rQfoVPVi/qhP1ED1Uv6aH6df1cP2GHqFH6lH6TT1av6XH6LF6nB6vk/QEPVG/rSfpd/RkPUVP1dN0sp6uZ+h39Uw9S8/W7+k5+n09V8/T8/UCnaI/0Av1Ip2qP9SL9Uc6TS/RS/UyvVyv0Cv1Kr1ar9Fr9Tq9Xm/QG/UmvVlv0Vv1Nr1d79A79S69W3+s9+hP9F79qd6nP9P79ef6gP5CH9Rf6nT9lT6kv9aH9Tf6iP5WH9Xf6WP6uD6hT+pT+nt9Wp/RZ/U5fV7/oC/oH/VF7TMW9xkf70YZZWJMjIk1sSabyWaym+wmh8lhIiZicpqcbS+V3+Q1eU2ciTMFTAGTgQyZgqagiZqoKWwKmyKmiClmihlnnClpSppSppQpbUqbMqaMKWvKmnKmnKlgKpg7zZ3mLnOXudvcbe4x95hqppqpYWqYmqamqWVqmdqmtqlj6pi6pq6pZ+qZ+qa+aWAamIamoWlkGpnGprFpapqa5qa5aWFamJampWltWps2po1pZ9qZeBNvOpgOpqPpaDqZTqaz6Wy6mC6mq+lqupvupofpYXqanibBJJg+po/pa/qa/qa/GWgGmkFmkBlsBptEk2iGmqFmWPthZrgZbkaYkWZUxkLVvGXGmLFmnBlvkkySmWgmmklmkplsJpupZqpJNslmhplhZpqZZraZbeaYOWaumWvmm/kmxaSYhWahSTWpZrFZbNJMmllqlprlZrlZaVaa1Wa1WWvWmvWw3mw0G81ms9lsNVvNdrPd7DQ7zW6z2+wxe8xes9fsM/vMfrPfHDAHzEFz0KSbdHPIHDKHzWFzxBwxR81Rc8wcMyfMCXPKnDKnzWlz1pw1502eS5+X3sTarDabvcZmt9faHPY6+89xXpvPxtn8toDVNrfN84vYWGuL2KK2mC1unS1hS9pbfhWXs+VtBVvR3mkr2bts5V/FNe19tpa939a2D9ga9t5fxHXsg7aufczWQwSwTWwD28w2tI/ZRvZx29g2sU1tM9vGtrXt7NM23ra3Hewzv4oX2kV2tV1j19p1do/9xJ615+xh+409b3+wPW0vO9C+bAfZV+xg+6pNtEN+FY+yb9rR9i07xo614+z4X8VT7TSbbKfbGfZdO9PO+lWcYj+wc2yqnWvn2fl2wU9xxpxS7Yd2sf3IptkldqldZpfbFXalXfX3uS6zG+xGu8nuth/brXab3W532J12109xxnnstZ/affYze8h+bQ/YL+xBe8Sm269+ijPO74j91h6139lj9rg9YU/aU/Z7e9qe+en8M879pP3RXrTeAiEBSVIUUAxloVjKStnoGspO11IOuo4idD3lpBsoF91IuSkP5aV8FEf5qQBpMmSJKKSCVIiidBNdXqcXo+LkqASVpFuoFN1Kpek2KkO3U1m6g8pReapAFelOqkR3UWW6m6rQPVSVqlF1qkH3Uk26j2rR/VSbHqA69CDVpYeoHj1M9ekRakCPUkN6jBrR49SYmlBTakbN6QlqQU9SS2pFrekpakNtqR09TfHUnjrQM9SR/kad6FnqTM9RF3qeulI36k4vUA96kTpRL0qg3tSHXqK+1I/60wAaSC/TIHqFBtOrlEhDaCi9RsPodRpOb9AIGkmj6E0aTW/RGBpL42g8JdEEmkhv0yR6hybTFJpK0yiZptMMepdm0iyaTe/RHHqf5tI8mk8LKIU+oIW0iFLpQ1pMH1EaLaGltIyW0wpaSatoNa2htbSO1tMG2kibaDNtoa20jbbTDtpJu2g3fUx76BPaS5/SPvqM9tPndIC+oIP0JaXTV3SIvqbD9A0doW99L/qOjtFxOkEn6RR9T6fpDJ2lc3SefqAL9CNdJE8QYihCGaowCGPCLGFsmDXMFl4TZg+vDXOE14WR8PowZ3hDmCu8Mcwd5gnzhvnCuDB/WCDUoQltSGEYFgwLhdHwprBweHNYJCwaFguLhy4sEZYMbwlLhbeGpcPbwjLh7WHZ8I6wXFg+fOyBiuGdYaXwrrByeHdYJbwnrBpWC6uHNcJ7w5rhfWGt8P6wdvhAWDp8MKwbPhTWCx8O64ePhA3CR8OG4WNho/DxsHHYJGwaNgubh0+ELcInw5Zhq7B1+FTYJmwbtgufDuPD9mGH8Jmf+h9c9Pv9CWHvsE/4UvhS6P39cn50QTQl+kF0YXRRNDX6YXRx9KNoWnRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10fXRDdGN0U9T7GlnAoRNOOuUCF+OyuFiX1WVz17js7lqXw13nIu56l9Pd4HK5G11ul8fldflcnMvvCjjtjLOOXOgKukIu6m5yhd3Nrogr6oq54s65Eq6ka+aau+auhXvStXStXGv3lHvKtXVt3dPuadfedXDPuI7ub66Te9Z1ds+559zzrqvr5rq7F1wPNyHHz+/JBNfH9XF9XV/X3/V3A91AN8gNcoPdYJfoEt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NckktyE91EN8lNcpPdZDfVTXXJLtnNcDPcTDfTVZr181HmurluvpvvUlyKW+gy1oypbrFb7NJcmlvqlrrlbrlb6Va61W61W+vWuvVuvdvoNrrNbrPb6ra67W672+l2ut1ut9vjr/t5ULfP7Xf73QF3wB10X7p095U75L52h9037oj71h1137lj7rg74U66U+57d9qdcWfdOXfe/eAuuB/dReddUmRCZGLk7cikyDuRyZEpkamRaZHkyPTIjMi7kZmRWZHZkfcicyLvR+ZG5kXmRxZEUiIfRBZGFkVSIx9GFkc+iqRFlkSWRpZFlkdWRLzPvzX0BX0hH/U3+cL+Zl/EF/XFfHHvfAlf0t/iS/lbfWl/my/jb/dl/R2+nC/vK/jHfWPfxDf1zXxz/4Rv4Z/0LX0r39o/5dv4tr6df9rH+/a+g3/Gd/R/8538s76zf8538c/7rr6b7+5f8D38i76n7+UTfG/fx7/k+/p+vr8f4Af6l/0g/4of7F/1iX6IH+pf88P86364f8OP8CP9qJg3/ejLt8gw3if5CX6if9tP8u/4yX6Kn+qn+WQ/3c/w7/qZfpaf7d/zc/z7fq6f5+f7BT7Ff+AX+kU+1X/oF/uPfJpfcvmhsl/pV/nVfo1f69f59X6D3+g3+c1+i9/qt/ntfoff6Xf53f5jv8d/4vf6T/0+/5nf7z/3B/wX/qD/0qf7r/wh/7U/7L/xR/y3/qj/zh/zx/0Jf9Kf8t/70/6MP+vP+fP+B3/B/+gv8nfWGGOMMcb+RyZcaYrf6u/9G6+Jf9i5DwBcuy1f+j/2Z6wo1+f+ud1PxLWJAED7Xl0eubxVrZqQkHBp3zQJQaF5AJf/JShDDFyJl0BraAvx0ApK/eb8+4lu5+kPxo/eDpDtH3Ji4Up8ZfzPf2f8J54atbBseDbn/2f8eQBFCl3JyQp/j//+7YpWUPp3xs/T4g/mn/WLJICW/5CTHa7EV+ZfEp6EZyD+F3syxhhjjDHGGGM/6ycqdLp8/3n5f3z+1v15nLqSk3FTezn+o/tzxhhjjDHGGGOMXX3Pduv+9BPx8a06/flG5f9VFjf+UxveA1x+RQHAvzggwL/9LLb8W46VeOmt889dy8/5AP4zSvlXNK7yX0yMMcYYY4yxv9yVRf8vX1dXa0KMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxlgm9O/4dWJX+xwZY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxq+3/BQAA//8+CwqA") r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) unshare(0x8040600) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x803a, [0x8000, 0x986, 0xf, 0x8, 0x80, 0x2, 0x3, 0x80000000, 0x20000006, 0x4d, 0x6, 0x5d, 0x9, 0x5, 0xffff2d35, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x10000, 0xffffffff, 0xe661, 0x629, 0x7, 0x3, 0x8, 0x4c74, 0x5, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x10000, 0x17, 0x8000, 0x7, 0x5, 0x3e, 0x8c, 0x6, 0x10002, 0x0, 0x5, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x9, 0x8, 0x6, 0x1, 0x187], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x3c8b, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2c0, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x401, 0x0, 0x5, 0x100, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x10001, 0x6, 0x400, 0x401, 0x7, 0x1, 0xfb, 0x5, 0x1000005, 0x5f2e, 0x3, 0x4e2, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0x1000, 0x2, 0x6, 0x9, 0x3, 0x7, 0x9, 0x8, 0x0, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x3, 0x408, 0x87, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0xc, 0x3, 0x9, 0x3e7, 0xb, 0x5, 0xfffffc01, 0x2, 0x3, 0x20000008, 0x2, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xc, 0xa2, 0x7, 0xa9, 0x5, 0xff, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120002, 0x3, 0x2006, 0x80a2ed, 0x4, 0x7dc], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x93a, 0x8, 0x6, 0x0, 0x2000b9, 0xce7, 0x8, 0x2, 0x59, 0x5, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0x80000000, 0x2, 0x5, 0x2, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xfffffff9, 0xfffff000, 0x10000, 0x0, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x5, 0x6, 0x226, 0x5, 0x5, 0x5, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0x1000]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 1.133188741s ago: executing program 0 (id=143): bpf$MAP_CREATE(0x0, 0x0, 0x50) socket$inet_tcp(0x2, 0x1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x6) socketpair(0x1, 0x0, 0x0, &(0x7f0000000000)) 0s ago: executing program 0 (id=144): sched_setscheduler(0x0, 0x2, 0x0) r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000200)={[{@stripe={'stripe', 0x3d, 0x8001}}, {@auto_da_alloc}, {@nombcache}, {@nobarrier}, {@init_itable}, {@errors_remount}]}, 0x1, 0x569, &(0x7f00000002c0)="$eJzs3U1rXFUfAPD/nWT6/jxNoRQVkYALK7WTJvGlgou61mJB93VIbkPJpFMyk9LEgu3CrqW4EQviXly7LH4BF36GghaKlKALN5E7uTOdJDPJtJ0mU+f3g1vOuS8598y5/9NzcmYyAQyt8eyfQsTLEfF1EnE0IpL82GjkB8fXz1t9dGMm25JYW/v0z6RxXpZv/qzmdYfzzEsR8ctXEacKW8utLa/MlyuVdDHPT9QXrk7UlldOX14oz6Vz6ZWp6emz70xPvf/eu32r65sX/v72k3sjee7YnSTOxZE8116PZ3CzPTMe4/lrUoxzm06c7ENhgyTpuPenXb8PnsxIHufFyPqAozGSRz3w3/dlRKwBQyp54vj/rfh87gTYXc1xQHNu36d58Avj4YfrE6Ct9R9d/91IHGjMjQ6tJhtmRtl8d6wP5Wdl/PzH3TvZFv37PQTAjm7eiogzo6Nb+78k7/+e3pkeztlchv4Pds+9bPzzVqfxT6E1/okO45/DHWL3aewc/4UHfSimq2z890HH8W9r0WpsJM/9rzHmKyaXLlfSrG/7f0ScjOL+LL/des7Z1ftr3Y61j/+yLSu/ORbM7+PB6P6N18yW6+VnqXO7h7ciXuk4/k1a7Z90aP/s9bjQYxkn0ruvdTu2c/2fr7UfIt7o2P6PV7SS7dcnJxrPw0Tzqdjqr9snfu1W/l7XP2v/Q9vXfyxpX6+ttV890lMZ3x/4J43WevJGG+ofvT//+5LPGul9+b7r5Xp9cTJiX/Jxa3+huX/q8bXNfPP8rP4nX9++/+v0/B+MiM97qn3E7eM/vtrt2CC0/2zH9m/Nbje1/5Mn7n/0xXfdyu+t/3u7kTqZ7+ml/+v1Bp/ltQMAAAAAAIBBU4iII5EUSq10oVAqrb+/43gcKlSqtfqpS9WlK7PR+KzsWBQLzZXuo23vh5jMVwyb+alN+emIOBYR34wcbORLM9XK7F5XHgAAAAAAAAAAAAAAAAAAAAbE4S6f/8/8vvXPux/Y/TsEnitf+Q3Da8f478c3PQEDyf//MLzEPwwv8Q/DS/zD8BL/MLzEPwwv8Q/DS/wDAAAAAAAAAAAAAAAAAAAAAAAAAABAX104fz7b1lYf3ZjJ8rPXlpfmq9dOz6a1+dLC0kxpprp4tTRXrc5V0tJMdWGnn1epVq9OTsXS9Yl6WqtP1JZXLi5Ul67UL15eKM+lF9PirtQKAAAAAAAAAAAAAAAAAAAAXiy15ZX5cqWSLkpIPFVidDBuQ6LPib3umQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgsX8DAAD//welMww=") sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="01002bbd7000fdefffff010000000900010002"], 0x1c}}, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f0000000840), &(0x7f0000000940)=ANY=[], 0x361, 0x0) setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000013c0)=ANY=[], 0x700, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000100)=ANY=[@ANYRESHEX=r0, @ANYRESHEX], 0xfe37, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.116' (ED25519) to the list of known hosts. [ 76.862193][ T5777] cgroup: Unknown subsys name 'net' [ 77.057089][ T5777] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 78.751211][ T5777] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 80.998355][ T5788] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.017523][ T5788] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.027270][ T5788] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.048052][ T5788] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.055922][ T5788] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 81.063696][ T5788] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.136704][ T5792] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.151414][ T5792] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.160833][ T5792] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.169492][ T5792] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.177501][ T5792] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 81.185161][ T5792] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.192257][ T5798] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.194227][ T5798] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.208425][ T5798] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.221779][ T5798] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.227662][ T5788] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.237669][ T5798] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.246201][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.255527][ T5798] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 81.263812][ T5798] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.299544][ T5798] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.311042][ T5798] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 81.319116][ T5798] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.664326][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 81.792078][ T5791] chnl_net:caif_netlink_parms(): no params data found [ 81.943849][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.974317][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.990118][ T5787] bridge_slave_0: entered allmulticast mode [ 82.008059][ T5787] bridge_slave_0: entered promiscuous mode [ 82.039761][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.047495][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.054757][ T5787] bridge_slave_1: entered allmulticast mode [ 82.062607][ T5787] bridge_slave_1: entered promiscuous mode [ 82.078968][ T5795] chnl_net:caif_netlink_parms(): no params data found [ 82.246182][ T5797] chnl_net:caif_netlink_parms(): no params data found [ 82.263406][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.332359][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.382802][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.390388][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.398140][ T5791] bridge_slave_0: entered allmulticast mode [ 82.405824][ T5791] bridge_slave_0: entered promiscuous mode [ 82.467024][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.474477][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.482178][ T5791] bridge_slave_1: entered allmulticast mode [ 82.489927][ T5791] bridge_slave_1: entered promiscuous mode [ 82.500121][ T5787] team0: Port device team_slave_0 added [ 82.514267][ T5787] team0: Port device team_slave_1 added [ 82.581902][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.589115][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.615991][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.630590][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.637740][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.663987][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.719296][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.732261][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.742711][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.750072][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.757807][ T5795] bridge_slave_0: entered allmulticast mode [ 82.764809][ T5795] bridge_slave_0: entered promiscuous mode [ 82.773059][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.780449][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.787756][ T5795] bridge_slave_1: entered allmulticast mode [ 82.794770][ T5795] bridge_slave_1: entered promiscuous mode [ 82.867211][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.874442][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.882046][ T5797] bridge_slave_0: entered allmulticast mode [ 82.889840][ T5797] bridge_slave_0: entered promiscuous mode [ 82.913515][ T5791] team0: Port device team_slave_0 added [ 82.949781][ T5787] hsr_slave_0: entered promiscuous mode [ 82.956597][ T5787] hsr_slave_1: entered promiscuous mode [ 82.964289][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.972035][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.979421][ T5797] bridge_slave_1: entered allmulticast mode [ 82.986497][ T5797] bridge_slave_1: entered promiscuous mode [ 82.995825][ T5791] team0: Port device team_slave_1 added [ 83.015620][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.029144][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.104934][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.112160][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.138381][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.158207][ T5794] Bluetooth: hci0: command tx timeout [ 83.177473][ T5795] team0: Port device team_slave_0 added [ 83.186268][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.199337][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.206464][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.232974][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.244055][ T5794] Bluetooth: hci1: command tx timeout [ 83.266354][ T5795] team0: Port device team_slave_1 added [ 83.287953][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.317073][ T5794] Bluetooth: hci3: command tx timeout [ 83.352893][ T5797] team0: Port device team_slave_0 added [ 83.362787][ T5797] team0: Port device team_slave_1 added [ 83.397076][ T5794] Bluetooth: hci2: command tx timeout [ 83.408083][ T5791] hsr_slave_0: entered promiscuous mode [ 83.418024][ T5791] hsr_slave_1: entered promiscuous mode [ 83.424577][ T5791] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.433544][ T5791] Cannot create hsr debugfs directory [ 83.440241][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.447344][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.474279][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.516391][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.523547][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.549667][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.581773][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.588852][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.614993][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.632690][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.639863][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.666146][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.847689][ T5797] hsr_slave_0: entered promiscuous mode [ 83.854155][ T5797] hsr_slave_1: entered promiscuous mode [ 83.861114][ T5797] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.868778][ T5797] Cannot create hsr debugfs directory [ 83.895867][ T5795] hsr_slave_0: entered promiscuous mode [ 83.902955][ T5795] hsr_slave_1: entered promiscuous mode [ 83.909584][ T5795] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.917845][ T5795] Cannot create hsr debugfs directory [ 84.098457][ T5787] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 84.146025][ T5787] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 84.175892][ T5787] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 84.215371][ T5787] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 84.305371][ T5791] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 84.319854][ T5791] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 84.353186][ T5791] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 84.385704][ T5791] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 84.450813][ T5797] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.480071][ T5797] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.491216][ T5797] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.504690][ T5797] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.576389][ T5795] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.610171][ T5795] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.621996][ T5795] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.648817][ T5795] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.753624][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.804068][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.851738][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.874538][ T5791] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.901643][ T3460] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.909092][ T3460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.920653][ T3460] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.928376][ T3460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.964140][ T1025] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.971386][ T1025] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.981532][ T1025] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.988733][ T1025] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.046568][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.061910][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.106656][ T5797] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.124337][ T5787] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 85.154192][ T3460] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.161408][ T3460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.198437][ T3460] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.205652][ T3460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.222290][ T5795] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.237837][ T5794] Bluetooth: hci0: command tx timeout [ 85.272613][ T5791] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 85.311001][ T3460] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.318251][ T3460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.327890][ T5794] Bluetooth: hci1: command tx timeout [ 85.397180][ T5794] Bluetooth: hci3: command tx timeout [ 85.445816][ T3460] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.453109][ T3460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.477571][ T5794] Bluetooth: hci2: command tx timeout [ 85.579431][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.696894][ T5787] veth0_vlan: entered promiscuous mode [ 85.748872][ T5787] veth1_vlan: entered promiscuous mode [ 85.842624][ T5787] veth0_macvtap: entered promiscuous mode [ 85.870324][ T5787] veth1_macvtap: entered promiscuous mode [ 85.966486][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.984568][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.004736][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.065358][ T5787] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.075645][ T5787] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.084859][ T5787] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.095556][ T5787] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.141147][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.154889][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.193837][ T5791] veth0_vlan: entered promiscuous mode [ 86.262667][ T5791] veth1_vlan: entered promiscuous mode [ 86.347138][ T2952] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.355197][ T2952] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.410111][ T5795] veth0_vlan: entered promiscuous mode [ 86.427419][ T5797] veth0_vlan: entered promiscuous mode [ 86.446504][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.457215][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.473958][ T5797] veth1_vlan: entered promiscuous mode [ 86.495378][ T5795] veth1_vlan: entered promiscuous mode [ 86.553079][ T5791] veth0_macvtap: entered promiscuous mode [ 86.591054][ T5791] veth1_macvtap: entered promiscuous mode [ 86.621142][ T5795] veth0_macvtap: entered promiscuous mode [ 86.652101][ T5797] veth0_macvtap: entered promiscuous mode [ 86.674519][ T5795] veth1_macvtap: entered promiscuous mode [ 86.710739][ T5797] veth1_macvtap: entered promiscuous mode [ 86.765225][ T5795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.777829][ T5795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.790041][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.802882][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.815436][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.825668][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.842064][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.865352][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.881820][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.899173][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.913975][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.929392][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.945236][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.959379][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.975857][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.998489][ T5795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.009882][ T5795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.022798][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.044683][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.055284][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.066352][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.077481][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.142296][ T5880] syz.2.3[5880]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 87.170353][ T5880] loop2: detected capacity change from 0 to 8 [ 87.318468][ T5794] Bluetooth: hci0: command tx timeout [ 87.389112][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.398199][ T5794] Bluetooth: hci1: command tx timeout [ 87.478079][ T5794] Bluetooth: hci3: command tx timeout [ 87.583913][ T5794] Bluetooth: hci2: command tx timeout [ 87.610268][ T5795] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.647512][ T5795] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.671496][ T5795] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.688427][ T5795] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.704768][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.721458][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.738656][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.751782][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.765163][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.779686][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.791381][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.855394][ T5791] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.869751][ T5791] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.883960][ T5791] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.895169][ T5791] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.924812][ T5797] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.934396][ T5797] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.943829][ T5797] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.952717][ T5797] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.346199][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 88.551138][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 88.552182][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 88.646587][ T5887] binder: 5883:5887 unknown command 0 [ 88.652332][ T5887] binder: 5883:5887 ioctl c0306201 200000000080 returned -22 [ 88.755636][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 88.824285][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 90.042317][ T5794] Bluetooth: hci0: command tx timeout [ 90.042340][ T5798] Bluetooth: hci1: command tx timeout [ 90.047823][ T5794] Bluetooth: hci3: command tx timeout [ 90.053245][ T51] Bluetooth: hci2: command tx timeout [ 90.174318][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.206114][ T2952] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.216258][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.229412][ T2952] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.338333][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.346233][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.384817][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.407281][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.486286][ T1025] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.512702][ T1025] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.564536][ T2952] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.602843][ T2952] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.239145][ T5900] loop0: detected capacity change from 0 to 8 [ 91.508739][ T28] audit: type=1326 audit(1764746420.635:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5894 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d1538f749 code=0x7ffc0000 [ 91.765983][ T5890] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 91.806652][ T28] audit: type=1326 audit(1764746420.635:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5894 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7f7d1538f749 code=0x7ffc0000 [ 91.901841][ T28] audit: type=1326 audit(1764746420.635:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5894 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d1538f749 code=0x7ffc0000 [ 91.924486][ T28] audit: type=1326 audit(1764746420.635:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5894 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f7d1538f749 code=0x7ffc0000 [ 91.977919][ T5839] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 92.026854][ T28] audit: type=1326 audit(1764746420.635:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5894 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7d1538f783 code=0x7ffc0000 [ 92.116032][ T28] audit: type=1326 audit(1764746420.645:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5894 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7d1538e1ff code=0x7ffc0000 [ 92.127614][ T786] cfg80211: failed to load regulatory.db [ 92.304052][ T28] audit: type=1326 audit(1764746420.645:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5894 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f7d1538f7d7 code=0x7ffc0000 [ 92.361713][ T28] audit: type=1326 audit(1764746420.645:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5894 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7d1538df90 code=0x7ffc0000 [ 92.384496][ T28] audit: type=1326 audit(1764746420.645:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5894 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7d1538f34b code=0x7ffc0000 [ 93.729662][ T5909] sched: RT throttling activated [ 95.412283][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 95.475610][ T28] audit: type=1326 audit(1764746420.665:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5894 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f7d1538e3aa code=0x7ffc0000 [ 95.719845][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 96.131888][ T5839] usb 4-1: device descriptor read/all, error -71 [ 96.612862][ T5839] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 96.811069][ T5839] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 96.844252][ T5839] usb 4-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00 [ 96.870446][ T5839] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.908256][ T5839] usb 4-1: config 0 descriptor?? [ 96.917333][ T5933] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 97.795187][ T5940] loop2: detected capacity change from 0 to 8 [ 97.846786][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.155463][ T28] kauditd_printk_skb: 12 callbacks suppressed [ 98.155544][ T28] audit: type=1326 audit(1764746427.155:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.2.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9933d8f749 code=0x7ffc0000 [ 98.198044][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 98.358190][ T28] audit: type=1326 audit(1764746427.155:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.2.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7f9933d8f749 code=0x7ffc0000 [ 98.380805][ T28] audit: type=1326 audit(1764746427.155:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.2.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9933d8f749 code=0x7ffc0000 [ 98.438957][ T28] audit: type=1326 audit(1764746427.165:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.2.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f9933d8f749 code=0x7ffc0000 [ 98.528538][ T0] NOHZ tick-stop error: local softirq work is pending, handler #108!!! [ 98.540602][ T28] audit: type=1326 audit(1764746427.165:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.2.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f9933d8f783 code=0x7ffc0000 [ 98.588311][ T28] audit: type=1326 audit(1764746427.175:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.2.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f9933d8e1ff code=0x7ffc0000 [ 98.827412][ T28] audit: type=1326 audit(1764746427.185:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.2.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f9933d8f7d7 code=0x7ffc0000 [ 98.992247][ T28] audit: type=1326 audit(1764746427.195:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.2.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9933d8df90 code=0x7ffc0000 [ 99.358409][ T28] audit: type=1326 audit(1764746427.205:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.2.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9933d8f34b code=0x7ffc0000 [ 99.497854][ T28] audit: type=1326 audit(1764746427.545:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5936 comm="syz.2.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f9933d8e3aa code=0x7ffc0000 [ 99.644835][ T5839] usbhid 4-1:0.0: can't add hid device: -71 [ 99.675222][ T5839] usbhid: probe of 4-1:0.0 failed with error -71 [ 99.718847][ T5839] usb 4-1: USB disconnect, device number 3 [ 101.685475][ T5967] loop0: detected capacity change from 0 to 256 [ 104.253574][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 104.253591][ T28] audit: type=1326 audit(1764746433.645:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5978 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc1438f749 code=0x7ffc0000 [ 104.337259][ T5992] loop3: detected capacity change from 0 to 8 [ 104.407834][ T28] audit: type=1326 audit(1764746433.655:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5978 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7fcc1438f749 code=0x7ffc0000 [ 104.493690][ T28] audit: type=1326 audit(1764746433.655:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5978 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc1438f749 code=0x7ffc0000 [ 104.581891][ T28] audit: type=1326 audit(1764746433.655:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5978 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fcc1438f749 code=0x7ffc0000 [ 104.696924][ T28] audit: type=1326 audit(1764746433.655:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5978 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fcc1438f783 code=0x7ffc0000 [ 104.757164][ T28] audit: type=1326 audit(1764746433.655:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5978 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fcc1438e1ff code=0x7ffc0000 [ 104.827295][ T28] audit: type=1326 audit(1764746433.655:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5978 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fcc1438f7d7 code=0x7ffc0000 [ 104.922115][ T28] audit: type=1326 audit(1764746433.655:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5978 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcc1438df90 code=0x7ffc0000 [ 104.977279][ T28] audit: type=1326 audit(1764746433.655:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5978 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcc1438f34b code=0x7ffc0000 [ 105.055038][ T28] audit: type=1326 audit(1764746433.795:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5978 comm="syz.3.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fcc1438e3aa code=0x7ffc0000 [ 105.671293][ T5998] netlink: 64 bytes leftover after parsing attributes in process `syz.1.33'. [ 106.064217][ T6003] Bluetooth: MGMT ver 1.22 [ 106.070497][ T6003] Bluetooth: hci0: unsupported parameter 542 [ 106.076591][ T6003] Bluetooth: hci0: unsupported parameter 32768 [ 106.083815][ T6003] Bluetooth: hci0: unsupported parameter 542 [ 106.090087][ T6003] Bluetooth: hci0: unsupported parameter 32768 [ 107.070430][ T6007] loop2: detected capacity change from 0 to 1024 [ 107.110247][ T6007] ======================================================= [ 107.110247][ T6007] WARNING: The mand mount option has been deprecated and [ 107.110247][ T6007] and is ignored by this kernel. Remove the mand [ 107.110247][ T6007] option from the mount to silence this warning. [ 107.110247][ T6007] ======================================================= [ 107.239512][ T6007] EXT4-fs: Ignoring removed orlov option [ 107.332855][ T6007] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 107.554662][ T6007] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.641757][ T6014] Bluetooth: MGMT ver 1.22 [ 108.650041][ T6007] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz.2.35: inode has both inline data and extents flags [ 109.179945][ T6018] xt_TCPMSS: Only works on TCP SYN packets [ 110.530990][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 115.929608][ T6041] loop2: detected capacity change from 0 to 8 [ 116.210682][ T6045] netlink: 64 bytes leftover after parsing attributes in process `syz.3.42'. [ 116.331414][ T6041] SQUASHFS error: Failed to read block 0x4de: -5 [ 116.340098][ T6041] SQUASHFS error: Failed to read block 0x4de: -5 [ 116.351958][ T6041] SQUASHFS error: Failed to read block 0x4de: -5 [ 116.358700][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 116.358716][ T28] audit: type=1800 audit(1764746445.755:67): pid=6041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.46" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 116.515293][ T6041] SQUASHFS error: Failed to read block 0x4de: -5 [ 118.237931][ T6041] SQUASHFS error: Failed to read block 0x4de: -5 [ 118.278977][ T6041] SQUASHFS error: Failed to read block 0x4de: -5 [ 119.387616][ T28] audit: type=1326 audit(1764746448.805:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81b9d8f749 code=0x7ffc0000 [ 119.419338][ T6066] loop1: detected capacity change from 0 to 8 [ 119.474438][ T28] audit: type=1326 audit(1764746448.825:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7f81b9d8f749 code=0x7ffc0000 [ 119.566684][ T28] audit: type=1326 audit(1764746448.825:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81b9d8f749 code=0x7ffc0000 [ 119.624583][ T28] audit: type=1326 audit(1764746448.825:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f81b9d8f749 code=0x7ffc0000 [ 119.649287][ T28] audit: type=1326 audit(1764746448.825:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f81b9d8f783 code=0x7ffc0000 [ 121.297767][ T28] audit: type=1326 audit(1764746448.835:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f81b9d8e1ff code=0x7ffc0000 [ 121.327935][ T28] audit: type=1326 audit(1764746448.835:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f81b9d8f7d7 code=0x7ffc0000 [ 121.446998][ T28] audit: type=1326 audit(1764746448.835:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f81b9d8df90 code=0x7ffc0000 [ 121.508140][ T28] audit: type=1326 audit(1764746448.835:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f81b9d8f34b code=0x7ffc0000 [ 122.113896][ T28] audit: type=1326 audit(1764746448.845:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f81b9d8e3aa code=0x7ffc0000 [ 122.208790][ T28] audit: type=1326 audit(1764746448.845:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f81b9d8e3aa code=0x7ffc0000 [ 122.310653][ T28] audit: type=1326 audit(1764746448.845:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f81b9d8de97 code=0x7ffc0000 [ 122.401161][ T28] audit: type=1326 audit(1764746448.845:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f81b9d90eea code=0x7ffc0000 [ 122.428006][ T28] audit: type=1326 audit(1764746448.885:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f81b9d8df90 code=0x7ffc0000 [ 122.516579][ T28] audit: type=1326 audit(1764746448.885:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f81b9d8e497 code=0x7ffc0000 [ 122.647631][ T28] audit: type=1326 audit(1764746448.885:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f81b9d8df90 code=0x7ffc0000 [ 122.736934][ T28] audit: type=1326 audit(1764746448.885:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.1.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f81b9d8f34b code=0x7ffc0000 [ 126.489889][ T6090] netlink: 64 bytes leftover after parsing attributes in process `syz.3.55'. [ 126.996892][ T5874] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 127.307043][ T5874] usb 4-1: Using ep0 maxpacket: 32 [ 127.436989][ T5874] usb 4-1: config 2 has an invalid interface number: 88 but max is 0 [ 128.000731][ T5874] usb 4-1: config 2 has no interface number 0 [ 128.084492][ T5874] usb 4-1: config 2 interface 88 has no altsetting 0 [ 128.135238][ T5874] usb 4-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 128.160501][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.185261][ T5874] usb 4-1: Product: syz [ 128.196430][ T5874] usb 4-1: Manufacturer: syz [ 128.210672][ T5874] usb 4-1: SerialNumber: syz [ 128.628757][ T6106] loop1: detected capacity change from 0 to 8 [ 128.653833][ T5874] asix 4-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 128.692882][ T5874] asix: probe of 4-1:2.88 failed with error -71 [ 128.755837][ T5874] usb 4-1: USB disconnect, device number 4 [ 132.447571][ T6119] netlink: 64 bytes leftover after parsing attributes in process `syz.3.65'. [ 133.083592][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.095589][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.399386][ T6141] binder: 6138:6141 unknown command 0 [ 138.405291][ T6141] binder: 6138:6141 ioctl c0306201 200000000080 returned -22 [ 142.801226][ T6155] loop3: detected capacity change from 0 to 8 [ 142.830323][ T6155] squashfs image failed sanity check [ 142.917205][ T6133] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 146.562142][ T6164] netlink: 64 bytes leftover after parsing attributes in process `syz.2.75'. [ 148.086943][ T5886] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 148.393003][ T5886] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 148.425877][ T5886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.448955][ T5886] usb 2-1: config 0 descriptor?? [ 148.493596][ T5886] cp210x 2-1:0.0: cp210x converter detected [ 149.995784][ T6177] loop3: detected capacity change from 0 to 1024 [ 150.017480][ T5886] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 150.108704][ T5886] usb 2-1: cp210x converter now attached to ttyUSB0 [ 150.172270][ T6177] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 150.235594][ T5886] usb 2-1: USB disconnect, device number 2 [ 150.267903][ T5886] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 150.290731][ T5886] cp210x 2-1:0.0: device disconnected [ 150.524042][ T5791] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.493241][ T6194] loop1: detected capacity change from 0 to 8 [ 152.508977][ T6194] squashfs image failed sanity check [ 153.691677][ T6191] loop3: detected capacity change from 0 to 764 [ 153.817511][ T6191] Bluetooth: hci0: too big key_count value 9728 [ 154.863947][ T6200] netlink: 64 bytes leftover after parsing attributes in process `syz.2.88'. [ 155.022720][ T6205] loop3: detected capacity change from 0 to 128 [ 155.807458][ T6205] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 156.028516][ T6205] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 160.568748][ T6225] loop3: detected capacity change from 0 to 8 [ 160.576601][ T6225] squashfs image failed sanity check [ 160.649443][ T6182] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 163.039965][ T6235] netlink: 64 bytes leftover after parsing attributes in process `syz.0.98'. [ 173.152103][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 173.152121][ T28] audit: type=1326 audit(1764746502.555:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6263 comm="syz.0.101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d1538f749 code=0x7ffc0000 [ 173.246900][ T28] audit: type=1326 audit(1764746502.555:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6263 comm="syz.0.101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d1538f749 code=0x7ffc0000 [ 173.310153][ T28] audit: type=1326 audit(1764746502.555:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6263 comm="syz.0.101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d1538f749 code=0x7ffc0000 [ 173.374731][ T28] audit: type=1326 audit(1764746502.555:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6263 comm="syz.0.101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d1538f749 code=0x7ffc0000 [ 173.421715][ T28] audit: type=1326 audit(1764746502.555:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6263 comm="syz.0.101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d1538f749 code=0x7ffc0000 [ 173.527577][ T28] audit: type=1326 audit(1764746502.605:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6263 comm="syz.0.101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d1538f749 code=0x7ffc0000 [ 173.586946][ T28] audit: type=1326 audit(1764746502.605:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6263 comm="syz.0.101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7d1538f783 code=0x7ffc0000 [ 173.636882][ T28] audit: type=1326 audit(1764746502.605:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6263 comm="syz.0.101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f7d1538f807 code=0x7ffc0000 [ 173.698297][ T28] audit: type=1326 audit(1764746502.605:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6263 comm="syz.0.101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f7d15346bdd code=0x7ffc0000 [ 173.936932][ T28] audit: type=1326 audit(1764746502.605:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6263 comm="syz.0.101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f7d153c3e89 code=0x7ffc0000 [ 174.020135][ T6272] netlink: 64 bytes leftover after parsing attributes in process `syz.0.108'. [ 177.768975][ T6284] loop3: detected capacity change from 0 to 8 [ 190.634104][ T6340] loop0: detected capacity change from 0 to 8 [ 191.151324][ T6340] SQUASHFS error: Failed to read block 0x4de: -5 [ 191.166305][ T6340] SQUASHFS error: Failed to read block 0x4de: -5 [ 191.256906][ T28] kauditd_printk_skb: 41 callbacks suppressed [ 191.256924][ T28] audit: type=1800 audit(1764746520.595:142): pid=6340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.116" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 191.299129][ T6340] SQUASHFS error: Failed to read block 0x4de: -5 [ 191.306553][ T6340] SQUASHFS error: Failed to read block 0x4de: -5 [ 191.390778][ T6343] SQUASHFS error: Failed to read block 0x4de: -5 [ 191.427041][ T6343] SQUASHFS error: Failed to read block 0x4de: -5 [ 196.458479][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 196.466075][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.142307][ T6383] loop0: detected capacity change from 0 to 1024 [ 200.157912][ T6383] EXT4-fs: inline encryption not supported [ 200.163861][ T6383] EXT4-fs: Ignoring removed nobh option [ 200.196848][ T6383] EXT4-fs: Ignoring removed bh option [ 200.218568][ T6383] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 200.265110][ T6383] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.521361][ T6383] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4031: comm syz.0.134: Allocating blocks 385-513 which overlap fs metadata [ 200.661272][ T6383] EXT4-fs (loop0): shut down requested (2) [ 200.702789][ T6382] EXT4-fs (loop0): pa ffff888079e102b8: logic 16, phys. 129, len 24 [ 200.822799][ T5797] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.998799][ T6414] loop2: detected capacity change from 0 to 256 [ 205.022568][ T6416] loop0: detected capacity change from 0 to 1024 [ 205.116085][ T6416] EXT4-fs (loop0): stripe (32769) is not aligned with cluster size (16), stripe is disabled [ 205.238652][ T6416] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 205.387900][ T6414] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x19755df0, utbl_chksum : 0xe619d30d) [ 205.426470][ T6416] ================================================================== [ 205.434627][ T6416] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 205.442417][ T6416] Read of size 18446744073709551588 at addr ffff8880241ef840 by task syz.0.144/6416 [ 205.451835][ T6416] [ 205.454208][ T6416] CPU: 1 PID: 6416 Comm: syz.0.144 Not tainted syzkaller #0 [ 205.461519][ T6416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 205.471631][ T6416] Call Trace: [ 205.474942][ T6416] [ 205.477922][ T6416] dump_stack_lvl+0x16c/0x230 [ 205.482642][ T6416] ? read_lock_is_recursive+0x20/0x20 [ 205.488044][ T6416] ? show_regs_print_info+0x20/0x20 [ 205.493258][ T6416] ? load_image+0x3b0/0x3b0 [ 205.497772][ T6416] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 205.503158][ T6416] ? __virt_addr_valid+0x18c/0x540 [ 205.508308][ T6416] ? __virt_addr_valid+0x469/0x540 [ 205.513434][ T6416] print_report+0xac/0x220 [ 205.517871][ T6416] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 205.523461][ T6416] kasan_report+0x117/0x150 [ 205.528036][ T6416] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 205.533514][ T6416] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 205.539009][ T6416] kasan_check_range+0x288/0x290 [ 205.543964][ T6416] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 205.549442][ T6416] __asan_memmove+0x29/0x70 [ 205.553966][ T6416] ext4_xattr_set_entry+0x94b/0x1e90 [ 205.559282][ T6416] ext4_xattr_block_set+0xae3/0x32a0 [ 205.564588][ T6416] ? ext4_destroy_inode+0x200/0x200 [ 205.569805][ T6416] ? proc_nr_inodes+0x230/0x230 [ 205.574669][ T6416] ? do_raw_spin_unlock+0x121/0x230 [ 205.579887][ T6416] ? _raw_spin_unlock+0x28/0x40 [ 205.584754][ T6416] ? ext4_xattr_block_find+0x350/0x350 [ 205.590227][ T6416] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 205.595618][ T6416] ext4_xattr_set_handle+0xbff/0x1290 [ 205.601015][ T6416] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 205.607016][ T6416] ? __ext4_journal_start_sb+0x259/0x570 [ 205.612668][ T6416] ext4_xattr_set+0x22d/0x320 [ 205.617365][ T6416] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 205.622926][ T6416] ? evm_protected_xattr_common+0x170/0x190 [ 205.628840][ T6416] ? evm_protect_xattr+0x534/0x7a0 [ 205.633976][ T6416] ? ext4_xattr_security_get+0x40/0x40 [ 205.639457][ T6416] __vfs_setxattr+0x431/0x470 [ 205.644155][ T6416] __vfs_setxattr_noperm+0x12d/0x5e0 [ 205.649470][ T6416] vfs_setxattr+0x16c/0x2f0 [ 205.654020][ T6416] ? xattr_permission+0x470/0x470 [ 205.659061][ T6416] ? __mnt_want_write+0x223/0x2a0 [ 205.664106][ T6416] ? path_setxattr+0x314/0x550 [ 205.668890][ T6416] path_setxattr+0x362/0x550 [ 205.673500][ T6416] ? simple_xattrs_free+0x150/0x150 [ 205.678727][ T6416] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 205.684722][ T6416] ? lock_chain_count+0x20/0x20 [ 205.689587][ T6416] __x64_sys_setxattr+0xbb/0xd0 [ 205.694468][ T6416] do_syscall_64+0x55/0xb0 [ 205.698904][ T6416] ? clear_bhb_loop+0x40/0x90 [ 205.703606][ T6416] ? clear_bhb_loop+0x40/0x90 [ 205.708300][ T6416] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 205.714217][ T6416] RIP: 0033:0x7f7d1538f749 [ 205.718660][ T6416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.738285][ T6416] RSP: 002b:00007f7d161f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 205.746733][ T6416] RAX: ffffffffffffffda RBX: 00007f7d155e5fa0 RCX: 00007f7d1538f749 [ 205.754724][ T6416] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 205.762707][ T6416] RBP: 00007f7d15413f91 R08: 0000000000000000 R09: 0000000000000000 [ 205.770696][ T6416] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 205.778677][ T6416] R13: 00007f7d155e6038 R14: 00007f7d155e5fa0 R15: 00007ffe471651a8 [ 205.786677][ T6416] [ 205.789707][ T6416] [ 205.792047][ T6416] Allocated by task 6416: [ 205.796379][ T6416] kasan_set_track+0x4e/0x70 [ 205.800984][ T6416] __kasan_kmalloc+0x8f/0xa0 [ 205.805585][ T6416] __kmalloc_node_track_caller+0xb2/0x230 [ 205.811323][ T6416] kmemdup+0x2b/0x70 [ 205.815258][ T6416] ext4_xattr_block_set+0x9e5/0x32a0 [ 205.820561][ T6416] ext4_xattr_set_handle+0xbff/0x1290 [ 205.825951][ T6416] ext4_xattr_set+0x22d/0x320 [ 205.830647][ T6416] __vfs_setxattr+0x431/0x470 [ 205.835336][ T6416] __vfs_setxattr_noperm+0x12d/0x5e0 [ 205.840638][ T6416] vfs_setxattr+0x16c/0x2f0 [ 205.845150][ T6416] path_setxattr+0x362/0x550 [ 205.849759][ T6416] __x64_sys_setxattr+0xbb/0xd0 [ 205.854753][ T6416] do_syscall_64+0x55/0xb0 [ 205.859202][ T6416] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 205.865116][ T6416] [ 205.867454][ T6416] The buggy address belongs to the object at ffff8880241ef800 [ 205.867454][ T6416] which belongs to the cache kmalloc-1k of size 1024 [ 205.881529][ T6416] The buggy address is located 64 bytes inside of [ 205.881529][ T6416] 1024-byte region [ffff8880241ef800, ffff8880241efc00) [ 205.894816][ T6416] [ 205.897150][ T6416] The buggy address belongs to the physical page: [ 205.903582][ T6416] page:ffffea0000907a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x241e8 [ 205.913744][ T6416] head:ffffea0000907a00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 205.922686][ T6416] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 205.930724][ T6416] page_type: 0xffffffff() [ 205.935069][ T6416] raw: 00fff00000000840 ffff888017841dc0 ffffea0001575c00 dead000000000002 [ 205.943674][ T6416] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 205.952613][ T6416] page dumped because: kasan: bad access detected [ 205.959220][ T6416] page_owner tracks the page as allocated [ 205.964947][ T6416] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 3460, tgid 3460 (kworker/u4:8), ts 162078171485, free_ts 161935754371 [ 205.985811][ T6416] post_alloc_hook+0x1cd/0x210 [ 205.990603][ T6416] get_page_from_freelist+0x195c/0x19f0 [ 205.996347][ T6416] __alloc_pages+0x1e3/0x460 [ 206.000979][ T6416] alloc_slab_page+0x5d/0x170 [ 206.005677][ T6416] new_slab+0x87/0x2e0 [ 206.009767][ T6416] ___slab_alloc+0xc6d/0x1300 [ 206.014465][ T6416] __kmem_cache_alloc_node+0x1a2/0x260 [ 206.019946][ T6416] __kmalloc+0xa4/0x240 [ 206.024115][ T6416] ieee802_11_parse_elems_full+0xb9/0x2080 [ 206.029945][ T6416] ieee80211_ibss_rx_queued_mgmt+0x49b/0x2ac0 [ 206.036036][ T6416] ieee80211_iface_work+0x717/0xc70 [ 206.041259][ T6416] cfg80211_wiphy_work+0x225/0x260 [ 206.046393][ T6416] process_scheduled_works+0xa45/0x15b0 [ 206.051953][ T6416] worker_thread+0xa55/0xfc0 [ 206.056558][ T6416] kthread+0x2fa/0x390 [ 206.060663][ T6416] ret_from_fork+0x48/0x80 [ 206.065116][ T6416] page last free stack trace: [ 206.069825][ T6416] free_unref_page_prepare+0x7ce/0x8e0 [ 206.075304][ T6416] free_unref_page+0x32/0x2e0 [ 206.080030][ T6416] __unfreeze_partials+0x1cf/0x210 [ 206.085170][ T6416] put_cpu_partial+0x17c/0x250 [ 206.089953][ T6416] __slab_free+0x31d/0x410 [ 206.094393][ T6416] qlist_free_all+0x75/0xe0 [ 206.098918][ T6416] kasan_quarantine_reduce+0x143/0x160 [ 206.104396][ T6416] __kasan_slab_alloc+0x22/0x80 [ 206.109263][ T6416] slab_post_alloc_hook+0x6e/0x4d0 [ 206.114418][ T6416] kmem_cache_alloc+0x11e/0x2e0 [ 206.119287][ T6416] getname_flags+0xbb/0x500 [ 206.123985][ T6416] __x64_sys_unlink+0x3c/0x50 [ 206.128675][ T6416] do_syscall_64+0x55/0xb0 [ 206.133113][ T6416] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 206.139024][ T6416] [ 206.141356][ T6416] Memory state around the buggy address: [ 206.147024][ T6416] ffff8880241ef700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 206.155095][ T6416] ffff8880241ef780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 206.163191][ T6416] >ffff8880241ef800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 206.171435][ T6416] ^ [ 206.177619][ T6416] ffff8880241ef880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 206.185690][ T6416] ffff8880241ef900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 206.193774][ T6416] ================================================================== [ 206.611498][ T6416] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 206.618767][ T6416] CPU: 0 PID: 6416 Comm: syz.0.144 Not tainted syzkaller #0 [ 206.626202][ T6416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 206.636283][ T6416] Call Trace: [ 206.639578][ T6416] [ 206.642532][ T6416] dump_stack_lvl+0x16c/0x230 [ 206.647239][ T6416] ? show_regs_print_info+0x20/0x20 [ 206.652456][ T6416] ? load_image+0x3b0/0x3b0 [ 206.656976][ T6416] panic+0x2c0/0x710 [ 206.660913][ T6416] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 206.667093][ T6416] ? bpf_jit_dump+0xd0/0xd0 [ 206.671608][ T6416] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 206.677519][ T6416] ? _raw_spin_unlock+0x40/0x40 [ 206.682404][ T6416] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 206.687882][ T6416] check_panic_on_warn+0x84/0xa0 [ 206.693023][ T6416] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 206.698509][ T6416] end_report+0x6f/0x140 [ 206.702765][ T6416] kasan_report+0x128/0x150 [ 206.707281][ T6416] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 206.712788][ T6416] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 206.718282][ T6416] kasan_check_range+0x288/0x290 [ 206.723236][ T6416] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 206.728798][ T6416] __asan_memmove+0x29/0x70 [ 206.733493][ T6416] ext4_xattr_set_entry+0x94b/0x1e90 [ 206.738837][ T6416] ext4_xattr_block_set+0xae3/0x32a0 [ 206.744141][ T6416] ? ext4_destroy_inode+0x200/0x200 [ 206.749376][ T6416] ? proc_nr_inodes+0x230/0x230 [ 206.754236][ T6416] ? do_raw_spin_unlock+0x121/0x230 [ 206.759482][ T6416] ? _raw_spin_unlock+0x28/0x40 [ 206.764352][ T6416] ? ext4_xattr_block_find+0x350/0x350 [ 206.769843][ T6416] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 206.775240][ T6416] ext4_xattr_set_handle+0xbff/0x1290 [ 206.780725][ T6416] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 206.786738][ T6416] ? __ext4_journal_start_sb+0x259/0x570 [ 206.792407][ T6416] ext4_xattr_set+0x22d/0x320 [ 206.797108][ T6416] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 206.802664][ T6416] ? evm_protected_xattr_common+0x170/0x190 [ 206.808578][ T6416] ? evm_protect_xattr+0x534/0x7a0 [ 206.813706][ T6416] ? ext4_xattr_security_get+0x40/0x40 [ 206.819202][ T6416] __vfs_setxattr+0x431/0x470 [ 206.823920][ T6416] __vfs_setxattr_noperm+0x12d/0x5e0 [ 206.829242][ T6416] vfs_setxattr+0x16c/0x2f0 [ 206.833753][ T6416] ? xattr_permission+0x470/0x470 [ 206.838787][ T6416] ? __mnt_want_write+0x223/0x2a0 [ 206.843823][ T6416] ? path_setxattr+0x314/0x550 [ 206.848597][ T6416] path_setxattr+0x362/0x550 [ 206.853199][ T6416] ? simple_xattrs_free+0x150/0x150 [ 206.858419][ T6416] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 206.864403][ T6416] ? lock_chain_count+0x20/0x20 [ 206.869262][ T6416] __x64_sys_setxattr+0xbb/0xd0 [ 206.874125][ T6416] do_syscall_64+0x55/0xb0 [ 206.878568][ T6416] ? clear_bhb_loop+0x40/0x90 [ 206.883279][ T6416] ? clear_bhb_loop+0x40/0x90 [ 206.887983][ T6416] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 206.893934][ T6416] RIP: 0033:0x7f7d1538f749 [ 206.898362][ T6416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 206.917975][ T6416] RSP: 002b:00007f7d161f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 206.926412][ T6416] RAX: ffffffffffffffda RBX: 00007f7d155e5fa0 RCX: 00007f7d1538f749 [ 206.934396][ T6416] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 206.942373][ T6416] RBP: 00007f7d15413f91 R08: 0000000000000000 R09: 0000000000000000 [ 206.950352][ T6416] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 206.958327][ T6416] R13: 00007f7d155e6038 R14: 00007f7d155e5fa0 R15: 00007ffe471651a8 [ 206.966397][ T6416] [ 206.969686][ T6416] Kernel Offset: disabled [ 206.974023][ T6416] Rebooting in 86400 seconds..