last executing test programs: 3.411963181s ago: executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) unshare(0x4000400) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x0, 0x2}, @call]}, &(0x7f0000000000)='GPL\x00'}, 0x90) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0xffffffffffffff3d) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$incfs(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) syz_usb_disconnect(r0) ioctl$EVIOCRMFF(r0, 0xc0085508, &(0x7f00000000c0)) setresuid(0x0, 0x0, 0x0) setreuid(0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xa, 0x4, 0x3, 0x8}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) 3.060914725s ago: executing program 2: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x9) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r4, 0x0, 0x8000f28, 0x0) r5 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r5, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000940)={0x42, 0x4}, 0x10) r6 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r6, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xffffffff}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x4}, 0x10) sendmsg$NFT_BATCH(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x24, 0x9, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_SET_EXPRESSIONS={0x10, 0x12, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @cmp={{0x8}, @void}}]}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x0, 0x0, 0x0, {0xa, 0x0, 0x3}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}], {0x14}}, 0x6c}}, 0x10) splice(r3, 0x0, r1, 0x0, 0x7f, 0xe) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x60, 0x10, 0xfffff63d, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc}, @IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0xffff}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc}, @IFLA_BR_MCAST_ROUTER={0x5}]}}}]}, 0x60}}, 0x0) 2.661715897s ago: executing program 4: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x9) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r4, 0x0, 0x8000f28, 0x0) r5 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r5, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000940)={0x42, 0x4}, 0x10) r6 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r6, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xffffffff}}, 0x10) close(r5) sendmsg$NFT_BATCH(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x24, 0x9, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_SET_EXPRESSIONS={0x10, 0x12, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @cmp={{0x8}, @void}}]}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x0, 0x0, 0x0, {0xa, 0x0, 0x3}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}], {0x14}}, 0x6c}}, 0x10) splice(r3, 0x0, r1, 0x0, 0x7f, 0xe) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x60, 0x10, 0xfffff63d, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc}, @IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0xffff}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc}, @IFLA_BR_MCAST_ROUTER={0x5}]}}}]}, 0x60}}, 0x0) 1.323733405s ago: executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x1, 0x0, 0x1, 0x0, r2}, 0x48) recvmmsg(r0, &(0x7f00000063c0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/150, 0x96}, {&(0x7f00000000c0)=""/128, 0x80}, {&(0x7f0000001780)=""/167, 0xa7}, {&(0x7f0000000240)=""/52, 0x34}], 0x5, &(0x7f0000000280)=""/10, 0xa}, 0xfffffff8}, {{&(0x7f0000001840)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x80, &(0x7f0000000480)=[{&(0x7f00000018c0)=""/94, 0x5e}], 0x1, &(0x7f0000001940)=""/203, 0xcb}, 0x1ff}, {{&(0x7f0000001a40)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000000700)=[{&(0x7f0000001ac0)=""/70, 0x46}], 0x1, &(0x7f0000001b40)}, 0x80000001}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000001c40)=""/110, 0x6e}, {&(0x7f0000001cc0)=""/60, 0x3c}, {&(0x7f0000001d00)=""/72, 0x48}], 0x4}}, {{&(0x7f0000002e80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000003100)=[{&(0x7f0000001d80)=""/3, 0x3}, {&(0x7f0000002f00)=""/157, 0x9d}, {&(0x7f0000002fc0)=""/124, 0x7c}, {&(0x7f0000003040)=""/137, 0x89}], 0x4, &(0x7f0000003140)=""/176, 0xb0}, 0x27ba83ed}, {{&(0x7f0000003200)=@generic, 0x80, &(0x7f00000045c0)=[{&(0x7f0000003280)=""/141, 0x8d}, {&(0x7f0000003340)=""/4096, 0x1000}, {&(0x7f0000004340)=""/212, 0xd4}, {&(0x7f0000004440)=""/32, 0x20}, {&(0x7f0000004480)=""/194, 0xc2}, {&(0x7f0000004580)=""/26, 0x1a}], 0x6}, 0x6}, {{&(0x7f0000004640)=@l2tp={0x2, 0x0, @dev}, 0x80, &(0x7f0000004700)=[{&(0x7f00000046c0)=""/14, 0xe}], 0x1, &(0x7f0000004740)=""/76, 0x4c}, 0x9}, {{&(0x7f00000047c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000005b80)=[{&(0x7f0000004840)=""/224, 0xe0}, {&(0x7f0000004940)=""/237, 0xed}, {&(0x7f0000004a40)=""/4096, 0x1000}, {&(0x7f0000005a40)=""/38, 0x26}, {&(0x7f0000005a80)=""/203, 0xcb}], 0x5}, 0xfffffffe}, {{0x0, 0x0, &(0x7f0000006040)=[{&(0x7f0000005c00)=""/16, 0x10}, {&(0x7f0000005c40)=""/53, 0x35}, {&(0x7f0000005c80)=""/70, 0x46}, {&(0x7f0000005d00)=""/165, 0xa5}, {&(0x7f0000005dc0)=""/254, 0xfe}, {&(0x7f0000005ec0)=""/141, 0x8d}, {&(0x7f0000005f80)=""/138, 0x8a}], 0x7, &(0x7f00000060c0)=""/97, 0x61}, 0x7}, {{&(0x7f0000006140)=@can, 0x80, &(0x7f0000006300)=[{&(0x7f00000061c0)=""/55, 0x37}, {&(0x7f0000006200)=""/251, 0xfb}], 0x2}}], 0xa, 0x2, 0xfffffffffffffffe) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001b40)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000000)) pwritev(r6, &(0x7f00000004c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="db", 0xfffff000}], 0x3, 0x0, 0x0) 1.22640315s ago: executing program 1: mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r0 = socket$nl_audit(0x10, 0x3, 0x9) bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfc}, 0xc) bind$netlink(r0, &(0x7f0000000240)={0x10, 0x0, 0x0, 0x507}, 0xc) syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x40, &(0x7f0000000280)=ANY=[@ANYBLOB='nodots,nodots,dots,dots,nodots,errors=continue,time_offset=0xfffffffffffffa93,dots,showexec,nodots,dots,gid=', @ANYRESHEX=0xee00, @ANYRES32=0x0], 0x2, 0x1e0, &(0x7f0000000780)="$eJzs3bFqU2EUB/B/am1TQewmiuAFF12C+gQViSAGRCWCTgqtSyNCskQX61v4gD6AdOqiEXNjY0oSa2p7af39lhxyzpfzfSTcZMm5r6693d5813vz5fLn1Ou1LG1kI3u1rGcpv+wEADhL9gaDfB0MlqveBwBwckbf/0MzSr7NW++HAwCcPs9evHx0r9VqPi2KerK702/32+VjmX/wsNW8XQytj1ft9vvtc/v5O2W+mMyfz4Uka2k1707Nr+TmjeH6Tz9z9x+3DuRXs3n8xwcAAAAAAAAAAAAAAAAAAAAAgEo0in1T5/s0GrPyZfTbfKAD83uWc9VwQAAAAAAAAAAAAAAAAAAAADiU3vsP2687na3uOFhNMvnMYsHg0swW04IiydGb/m2wlJPrddqC2lGW37pSvvtTa54nOa7NZzR1Yk7N9YlP+PdFez25+KeaLPbKK0nm16zNP+C/CMbXiNUKrksAAAAAAAAAAAAAAAAAAPA/Gv3Xt9btVb0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKhOef//zlZ3keBjkkMUj1rVKj4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ9iPAAAA///JOBz+") r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) fcntl$setlease(r1, 0x400, 0x0) unlink(&(0x7f0000000040)='./file1\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f0000000fc0)=[{{&(0x7f0000000340)=@in={0x2, 0x0, @multicast1}, 0x80, 0x0}, 0x1}, {{&(0x7f00000005c0)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000000e40)=[{&(0x7f0000000640)=""/108, 0x6c}, {&(0x7f0000000700)=""/54, 0x36}, {&(0x7f0000000980)=""/119, 0x77}, {&(0x7f0000000a00)=""/221, 0xdd}, {&(0x7f0000000b00)=""/101, 0x65}, {&(0x7f0000000b80)=""/128, 0x80}, {&(0x7f0000000c00)=""/136, 0x88}, {&(0x7f0000000cc0)=""/73, 0x49}, {&(0x7f0000000d40)=""/232, 0xe8}], 0x9, &(0x7f0000000f00)=""/138, 0x8a}, 0x8001}], 0x2, 0x2, 0x0) r5 = open(0x0, 0x40c5, 0x0) r6 = inotify_init() inotify_add_watch(r6, &(0x7f00000001c0)='./file0\x00', 0x6000400) write$9p(r5, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b603803123f6ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c26a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca", 0x600) chown(&(0x7f0000000000)='./file0\x00', 0x0, 0xee01) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r7) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00'}, 0x10) 1.22335099s ago: executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) inotify_init1(0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='cpuset.mems\x00', 0x2, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8001) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) syz_emit_ethernet(0x4e, &(0x7f0000000240)={@local, @link_local, @val={@void}, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\b\b\x00', 0x14, 0x2f, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {[], {{0x0, 0x8906, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r7, &(0x7f00000077c0)={0x2020}, 0x2020) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r7}}) ioctl$BLKSECDISCARD(r8, 0x127d, &(0x7f0000000080)=0x8) r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fchdir(r9) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r11 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r10}, 0x10) close(r11) 1.206010633s ago: executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ptrace(0x10, 0x1) wait4(0xffffffffffffffff, &(0x7f0000000080), 0x0, &(0x7f0000000140)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b00)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) syz_open_procfs$pagemap(0x0, &(0x7f00000002c0)) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x200040c}, 0x10) write(r1, &(0x7f00000005c0)="240000001e005f0214fffffffffffff80700000000000000000000712700080016000000", 0x24) fstat(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f0000002440)={0x90, 0x0, 0x0, {0x2, 0x0, 0x0, 0x101, 0x7, 0x400, {0x5, 0x101, 0xfff, 0x8, 0x2, 0x0, 0x8000, 0x9, 0x401, 0x6000, 0x5, 0x0, r3, 0x0, 0x385}}}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) syz_open_procfs(0x0, &(0x7f00000001c0)='status\x00') r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r4}, 0x10) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000001c000000000000002300850000000700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) dup2(r5, r5) r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) readv(r6, &(0x7f0000002140)=[{&(0x7f00000010c0)=""/29, 0x1d}], 0x1) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x3000490, &(0x7f0000004300)={[{@lazytime}, {@usrjquota}, {@errors_remount}, {@journal_path={'journal_path', 0x3d, './bus'}}, {@auto_da_alloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40000}}, {@min_batch_time={'min_batch_time', 0x3d, 0x81}}, {@barrier_val}, {@grpjquota}, {}], [{@uid_eq={'uid', 0x3d, r2}}]}, 0x45, 0x7b1, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==") 372.457972ms ago: executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="f042f85b0000000000000000000000008500000061000000850000007d000066950000000000000010be63bb13a09176dc82180c9aad7a6590a0"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x46) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe40, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f05dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) timer_create(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x9, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x51, 0x7a, 0xa, 0xff00}, [@call={0x55}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0}, 0x48) prctl$PR_MCE_KILL(0x23, 0x4, 0x7fffffffeffe) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={0x0}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), r0) sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000940)=ANY=[@ANYBLOB="ff070000", @ANYRES16=r3, @ANYBLOB="000226bd7000fbdbdf2508000000a80004800900010073797a31000000001300010062726f6164636173742d6c696e6b00001300010062726f6164636173742d6c696e6b00000900010073797a30000000001300010062726f6164636173742d6c696e6b00000900010073797a30000000001300010062726f6164636173742d6c696e6b00000c0007800800040007000000240007800800040009000000080003005c0d000008000400060000000800020001000000400007800800010020000000080002000200000008000200060000000c00040001000000000000000c00040008000000000000000c00030007000000000000002800028008000100e0ffffff04000400080001000800000004000400080002000100000004000400dc0001803c00028008000400ff0300000800030080000000080001000f000000080001001e00000008000100000100000800030001000000080001001a0000000d0001007564703a73797a30000000002c000280080001001d00000008000200050000000800010014000000080004000100000008000200ff7f0000080001007564703a73797a32000000000d0001007564703a73797a320000000008000300090000001c00028008000200810000000800010002000000080001000c0000001200010069623a76657468305f766c616e00000008000300050000005800078008000200ffffff7f0c00040001000000000000000c000300020000000000000008000100ff030000080001007f0000000c000400ff7f0000000000000c00040002000000000000000c000400000000000000000024010480340007800800030003000000080002000200000008000400ff7f0000080001001400000008000200030000000800040087cd00002c0007800800040017da0000080004000900000008000400030000000800010004000000080001001d0000001300010062726f6164636173742d6c696e6b00003c0007800800040000000002080003000100000008000400faffffff08000300010000800800010000000000080002009a00000008000300000000800900010073797a30000000004c000780080001000b000000080001000a00000008000400e00a000008000100190000000800010002000000080003003f0000000800030009000000080003000700000008000300feffffff0900010073797a30000000000c000780080001000b0000000c00038008000100ffffffff440002802400038008000200410100000800020007000000080002000100000008000200080000000800020005000000080001002c000000040004000800010008000000180002800400040008000200070000000400038004000400240003800800030003000000080002000101000008000100000200000800030009000000"], 0x408}, 0x1, 0x0, 0x0, 0x20000040}, 0x14) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000001480)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000140)='./file0\x00') r4 = creat(&(0x7f00000001c0)='./file1\x00', 0x0) lseek(r4, 0x7ffffc, 0x0) write$binfmt_elf64(r4, &(0x7f0000001a40)=ANY=[], 0xfd14) fallocate(r4, 0x0, 0x0, 0x6) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) socketpair(0x1, 0x1, 0x0, &(0x7f00000001c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x16, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509011f00000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000000018120000", @ANYRES32, @ANYBLOB="000000e8ff000000b703000000000000850000020c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffdde, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x5}, 0x8}, 0x90) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r6], 0x4c}}, 0x0) 210.358198ms ago: executing program 2: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x9) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r4, 0x0, 0x8000f28, 0x0) r5 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r5, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000940)={0x42, 0x4}, 0x10) r6 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r6, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xffffffff}}, 0x10) close(r5) sendmsg$NFT_BATCH(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x24, 0x9, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_SET_EXPRESSIONS={0x10, 0x12, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @cmp={{0x8}, @void}}]}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x0, 0x0, 0x0, {0xa, 0x0, 0x3}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}], {0x14}}, 0x6c}}, 0x10) splice(r3, 0x0, r1, 0x0, 0x7f, 0xe) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x60, 0x10, 0xfffff63d, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc}, @IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0xffff}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc}, @IFLA_BR_MCAST_ROUTER={0x5}]}}}]}, 0x60}}, 0x0) 16.936738ms ago: executing program 3: ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='jbd2_checkpoint_stats\x00'}, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x40002, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000001010101"], 0x50}}, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x14d52, &(0x7f0000000240)=ANY=[], 0xfe, 0x1221, &(0x7f0000002dc0)="$eJzs3E9rHGUcB/Bf1q1JU/NHrdX2oA968TQ0OXgSNEgKkgWlNkIrCFMz0SXjbsgsgRWxevLq6xCP3gTxDeTia/CWi956UEcym2jSbrRVm/jn8zns/NhnvjPPs8wOzPI8u/viZ+9vrFfZej6I1sREtDYj0u0UKVpx4OmV0fb6jZWlTmf5akpXlq4tvJBSmn3m67c+/OLZbwbn3vxy9qvJ2Jl/e/f7xe92Luxc3P352nvdKnWr1OsPUp5u9vuD/GZZpLVutZGl9HpZ5FWRur2q2DrSvl72NzeHKe+tzUxvbhVVlfLeMG0UwzTop8HWMOXv5t1eyrIszUwHxzrzx7usfn67ruuIuj4TD0dd1/XZmI5z8UjMxGx8HBGPxmPxeJyPJ+JCPBlPxcVmr5PoPgAAAAAAAAAAAAAAAAAAAPx//N76/7mYt/4fAAAAAAAAAAAAAAAAAAAATsAb12+sLHU6y1dTmoooP91e3V4dbUftS+vRjTKKuBxz8WM0q/9HRvWVVzvLl1NjPj4pb+3nb22vPtTkJ/de9vILzd8J7OfbTdtBfmGUT0fzkzF9+PyLMRfnx59/cWx+Kp5/7lA+i7n49p3oRxlrzbl/y3+0kNIrr3XuyF9q9gMAAID/giz9auzze5Yd1z7K38fvA3c8X7fjUvt0x05ENfxgIy/LYutoMXXXO4p7L1oP6Mit+IcMcEzxU/0Ajjyxf5XeR+rQhb13Dzrtj+Wei5f/alfP/s0dO717Eifn7i8OAAAAAAAAAAAA/wZ/foZgO+K46ag/TB00tWPMzLKXTmeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8As7cCwAAAAAIMzfOo2ODQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA//950sOV") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000280)={0x4376ea830d56d49d}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x0, 0x200000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000000c0)={0x1, 0x3, 0x9, 0x0, 0xd7, 0x55, 0x80, 0x5, 0x4, 0x91, 0x0, 0x3, 0x0, 0x4, 0x8, 0x6, 0x5, 0x1, 0x9b}) 0s ago: executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) inotify_init1(0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='cpuset.mems\x00', 0x2, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x8001) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) syz_emit_ethernet(0x4e, &(0x7f0000000240)={@local, @link_local, @val={@void}, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\b\b\x00', 0x14, 0x2f, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {[], {{0x0, 0x8906, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r7, &(0x7f00000077c0)={0x2020}, 0x2020) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r7}}) ioctl$BLKSECDISCARD(r8, 0x127d, &(0x7f0000000080)=0x8) r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fchdir(r9) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r11 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r10}, 0x10) close(r11) kernel console output (not intermixed with test programs): [ 5.321480][ T162] udevd[162]: starting eudev-3.2.11 [ 6.482927][ T195] ip (195) used greatest stack depth: 23320 bytes left [ 7.082474][ T140] rcS (140) used greatest stack depth: 21912 bytes left [ 14.387902][ T23] kauditd_printk_skb: 50 callbacks suppressed [ 14.387910][ T23] audit: type=1400 audit(1718934757.230:61): avc: denied { transition } for pid=287 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.391888][ T23] audit: type=1400 audit(1718934757.230:62): avc: denied { noatsecure } for pid=287 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.394692][ T23] audit: type=1400 audit(1718934757.230:63): avc: denied { write } for pid=287 comm="sh" path="pipe:[10515]" dev="pipefs" ino=10515 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 14.397206][ T287] sh (287) used greatest stack depth: 21752 bytes left [ 14.398598][ T23] audit: type=1400 audit(1718934757.230:64): avc: denied { rlimitinh } for pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.401793][ T23] audit: type=1400 audit(1718934757.230:65): avc: denied { siginh } for pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.216' (ED25519) to the list of known hosts. 2024/06/21 01:52:44 fuzzer started 2024/06/21 01:52:44 dialing manager at 10.128.0.163:30000 [ 21.787615][ T23] audit: type=1400 audit(1718934764.630:66): avc: denied { node_bind } for pid=345 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 21.810404][ T23] audit: type=1400 audit(1718934764.650:67): avc: denied { name_bind } for pid=345 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 21.852077][ T23] audit: type=1400 audit(1718934764.690:68): avc: denied { mounton } for pid=354 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.855966][ T354] cgroup1: Unknown subsys name 'net' [ 21.880089][ T354] cgroup1: Unknown subsys name 'net_prio' [ 21.885857][ T354] cgroup1: Unknown subsys name 'devices' [ 21.893898][ T23] audit: type=1400 audit(1718934764.690:69): avc: denied { setattr } for pid=356 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=892 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.913860][ T357] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.918092][ T23] audit: type=1400 audit(1718934764.690:70): avc: denied { mount } for pid=354 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.947293][ T23] audit: type=1400 audit(1718934764.730:71): avc: denied { unmount } for pid=354 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.966825][ T23] audit: type=1400 audit(1718934764.740:72): avc: denied { mounton } for pid=360 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.991298][ T23] audit: type=1400 audit(1718934764.740:73): avc: denied { mount } for pid=360 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.014309][ T23] audit: type=1400 audit(1718934764.760:74): avc: denied { relabelto } for pid=357 comm="mkswap" name="swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.014539][ T355] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.039596][ T23] audit: type=1400 audit(1718934764.760:75): avc: denied { write } for pid=357 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.109165][ T354] cgroup1: Unknown subsys name 'hugetlb' [ 22.114851][ T354] cgroup1: Unknown subsys name 'rlimit' 2024/06/21 01:52:45 starting 5 executor processes [ 22.674856][ T369] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.681956][ T369] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.689623][ T369] device bridge_slave_0 entered promiscuous mode [ 22.727491][ T369] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.734310][ T369] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.741712][ T369] device bridge_slave_1 entered promiscuous mode [ 22.874405][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.881449][ T375] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.888742][ T375] device bridge_slave_0 entered promiscuous mode [ 22.899430][ T375] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.906253][ T375] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.913599][ T375] device bridge_slave_1 entered promiscuous mode [ 22.948783][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.955604][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.962988][ T374] device bridge_slave_0 entered promiscuous mode [ 22.985491][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.992649][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.999916][ T374] device bridge_slave_1 entered promiscuous mode [ 23.019469][ T376] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.026296][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.033678][ T376] device bridge_slave_0 entered promiscuous mode [ 23.040660][ T376] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.047580][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.054870][ T376] device bridge_slave_1 entered promiscuous mode [ 23.129562][ T377] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.136489][ T377] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.143768][ T377] device bridge_slave_0 entered promiscuous mode [ 23.150873][ T377] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.157724][ T377] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.165113][ T377] device bridge_slave_1 entered promiscuous mode [ 23.205147][ T369] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.211991][ T369] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.219125][ T369] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.225950][ T369] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.323258][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.330440][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.339024][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.346323][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.371095][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.379186][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.386081][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.393892][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.402166][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.409002][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.457258][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.465010][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.498293][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.505615][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.513829][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.520666][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.528428][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 23.569331][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.577710][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.585032][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.593424][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.601871][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.610217][ T379] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.617046][ T379] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.624335][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.632527][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.640579][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.648597][ T379] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.655401][ T379] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.662920][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 23.680559][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.688121][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.695356][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.703833][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.711998][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.720297][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.728309][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.735116][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.742361][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.750664][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.758735][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.765542][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.772839][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.781156][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.789187][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.795995][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.803371][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.811747][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.819756][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.826572][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.834121][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 23.842330][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 23.867379][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.875542][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.883797][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.890627][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.899435][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.907492][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.915522][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.923657][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.931715][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.939724][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.947654][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.955412][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.976808][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.984714][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.993529][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.001807][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.009486][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.017347][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.025004][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.032859][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.077348][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.085525][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.096589][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.104724][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.123194][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.131739][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.140101][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.147908][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.163134][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.171193][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.179254][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.187371][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.202520][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.210808][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.219134][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.226818][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.246739][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.254699][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.263113][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.271135][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.279080][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.287140][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.300089][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.308252][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.316306][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.324770][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.340628][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.348900][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.357192][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.365092][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.373390][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.381559][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.411754][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.814747][ T369] ------------[ cut here ]------------ [ 24.820033][ T369] WARNING: CPU: 0 PID: 369 at fs/overlayfs/util.c:450 ovl_dir_modified+0x45c/0x570 [ 24.829121][ T369] Modules linked in: [ 24.832857][ T369] CPU: 0 PID: 369 Comm: syz-executor.4 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 24.842748][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 24.852657][ T369] RIP: 0010:ovl_dir_modified+0x45c/0x570 [ 24.858116][ T369] Code: c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 5c 3b ae ff 49 ff 45 00 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 34 56 7e ff <0f> 0b e9 91 fd ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 30 fc ff [ 24.877561][ T369] RSP: 0018:ffff8881d8eafb48 EFLAGS: 00010293 [ 24.883454][ T369] RAX: ffffffff81e5e5ec RBX: 0000000000000000 RCX: ffff8881d8d98000 [ 24.891264][ T369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 24.899078][ T369] RBP: ffff8881e8b55bb0 R08: ffffffff81e5e376 R09: ffffed103b5a7e7c [ 24.906893][ T369] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 24.914702][ T369] R13: ffff8881dad3f338 R14: ffff8881dad3f388 R15: ffff8881e8b55be0 [ 24.922512][ T369] FS: 0000555556adc480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 24.931460][ T369] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.937883][ T369] CR2: 00007ffd10d21df8 CR3: 00000001d8e96000 CR4: 00000000003406b0 [ 24.945696][ T369] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.953699][ T369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.961492][ T369] Call Trace: [ 24.964629][ T369] ? __warn+0x162/0x250 [ 24.968622][ T369] ? report_bug+0x3a1/0x4e0 [ 24.972959][ T369] ? ovl_dir_modified+0x45c/0x570 [ 24.977816][ T369] ? ovl_dir_modified+0x45c/0x570 [ 24.982670][ T369] ? do_invalid_op+0x6e/0x110 [ 24.987184][ T369] ? invalid_op+0x1e/0x30 [ 24.991354][ T369] ? ovl_dir_modified+0x1e6/0x570 [ 24.996208][ T369] ? ovl_dir_modified+0x45c/0x570 [ 25.001071][ T369] ? ovl_dir_modified+0x45c/0x570 [ 25.005931][ T369] ? ovl_dir_modified+0x45c/0x570 [ 25.010799][ T369] ? ovl_path_type+0x18e/0x2f0 [ 25.015392][ T369] ovl_do_remove+0x6f0/0xc80 [ 25.019822][ T369] ? retint_kernel+0x1b/0x1b [ 25.024244][ T369] ? ovl_set_redirect+0x5f0/0x5f0 [ 25.029107][ T369] ? vfs_rmdir+0x16f/0x3c0 [ 25.033357][ T369] ? ovl_rmdir+0x9/0x20 [ 25.037351][ T369] vfs_rmdir+0x285/0x3c0 [ 25.041431][ T369] incfs_kill_sb+0x105/0x200 [ 25.045860][ T369] deactivate_locked_super+0xa8/0x110 [ 25.051063][ T369] deactivate_super+0x1e2/0x2a0 [ 25.055758][ T369] ? vfs_submount+0xb0/0xb0 [ 25.060102][ T369] ? deactivate_locked_super+0x110/0x110 [ 25.065559][ T369] ? fast_dput+0x7a/0x280 [ 25.069724][ T369] cleanup_mnt+0x44e/0x500 [ 25.073975][ T369] task_work_run+0x140/0x170 [ 25.078405][ T369] exit_to_usermode_loop+0x190/0x1a0 [ 25.083526][ T369] prepare_exit_to_usermode+0x199/0x200 [ 25.088907][ T369] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 25.094643][ T369] RIP: 0033:0x7f01fdd06257 [ 25.098883][ T369] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 25.118324][ T369] RSP: 002b:00007ffd10d225a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 25.126569][ T369] RAX: 0000000000000000 RBX: 00007f01fdd616c6 RCX: 00007f01fdd06257 [ 25.134378][ T369] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd10d22660 [ 25.142191][ T369] RBP: 00007ffd10d22660 R08: 0000000000000000 R09: 0000000000000000 [ 25.150029][ T369] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd10d23750 [ 25.157815][ T369] R13: 00007f01fdd616c6 R14: 0000000000005de8 R15: 0000000000000014 [ 25.165627][ T369] ---[ end trace c228b76e4e58e1b5 ]--- [ 25.192611][ T369] ------------[ cut here ]------------ [ 25.197889][ T369] WARNING: CPU: 0 PID: 369 at fs/overlayfs/util.c:450 ovl_dir_modified+0x45c/0x570 [ 25.206981][ T369] Modules linked in: [ 25.210727][ T369] CPU: 0 PID: 369 Comm: syz-executor.4 Tainted: G W 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 25.222026][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 25.231908][ T369] RIP: 0010:ovl_dir_modified+0x45c/0x570 [ 25.237367][ T369] Code: c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 5c 3b ae ff 49 ff 45 00 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 34 56 7e ff <0f> 0b e9 91 fd ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 30 fc ff [ 25.256806][ T369] RSP: 0018:ffff8881d8eafb48 EFLAGS: 00010293 [ 25.262705][ T369] RAX: ffffffff81e5e5ec RBX: 0000000000000000 RCX: ffff8881d8d98000 [ 25.270514][ T369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 25.278332][ T369] RBP: ffff8881e8b55bb0 R08: ffffffff81e5e376 R09: ffffed103b5a7e7c [ 25.286140][ T369] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 25.293960][ T369] R13: ffff8881dad3f338 R14: ffff8881dad3f388 R15: ffff8881e8b55be0 [ 25.301763][ T369] FS: 0000555556adc480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 25.310530][ T369] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.317088][ T369] CR2: 000055700af7a078 CR3: 00000001d8e96000 CR4: 00000000003406b0 [ 25.325028][ T369] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.332838][ T369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.340645][ T369] Call Trace: [ 25.343787][ T369] ? __warn+0x162/0x250 [ 25.347771][ T369] ? report_bug+0x3a1/0x4e0 [ 25.352121][ T369] ? ovl_dir_modified+0x45c/0x570 [ 25.356974][ T369] ? ovl_dir_modified+0x45c/0x570 [ 25.361832][ T369] ? do_invalid_op+0x6e/0x110 [ 25.366343][ T369] ? invalid_op+0x1e/0x30 [ 25.370509][ T369] ? ovl_dir_modified+0x1e6/0x570 [ 25.375369][ T369] ? ovl_dir_modified+0x45c/0x570 [ 25.380230][ T369] ? ovl_dir_modified+0x45c/0x570 [ 25.385090][ T369] ? ovl_dir_modified+0x45c/0x570 [ 25.389948][ T369] ? ovl_path_type+0x18e/0x2f0 [ 25.394555][ T369] ovl_do_remove+0x6f0/0xc80 [ 25.398982][ T369] ? ovl_set_redirect+0x5f0/0x5f0 [ 25.403838][ T369] ? security_inode_rmdir+0xca/0x110 [ 25.408958][ T369] vfs_rmdir+0x285/0x3c0 [ 25.413041][ T369] incfs_kill_sb+0x18d/0x200 [ 25.417467][ T369] deactivate_locked_super+0xa8/0x110 [ 25.422670][ T369] deactivate_super+0x1e2/0x2a0 [ 25.427359][ T369] ? vfs_submount+0xb0/0xb0 [ 25.431697][ T369] ? deactivate_locked_super+0x110/0x110 [ 25.437168][ T369] ? fast_dput+0x7a/0x280 [ 25.441331][ T369] cleanup_mnt+0x44e/0x500 [ 25.445584][ T369] task_work_run+0x140/0x170 [ 25.450013][ T369] exit_to_usermode_loop+0x190/0x1a0 [ 25.455138][ T369] prepare_exit_to_usermode+0x199/0x200 [ 25.460516][ T369] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 25.466245][ T369] RIP: 0033:0x7f01fdd06257 [ 25.470510][ T369] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 25.490113][ T369] RSP: 002b:00007ffd10d225a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 25.498446][ T369] RAX: 0000000000000000 RBX: 00007f01fdd616c6 RCX: 00007f01fdd06257 [ 25.506259][ T369] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd10d22660 [ 25.514067][ T369] RBP: 00007ffd10d22660 R08: 0000000000000000 R09: 0000000000000000 [ 25.521879][ T369] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd10d23750 [ 25.529690][ T369] R13: 00007f01fdd616c6 R14: 0000000000005de8 R15: 0000000000000014 [ 25.537505][ T369] ---[ end trace c228b76e4e58e1b6 ]--- [ 26.061878][ T398] tipc: Failed to remove local publication {66,0,0}/3345909323 [ 26.069808][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.078164][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.086484][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.094829][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.103193][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.123899][ T400] syz-executor.2 (400) used greatest stack depth: 21624 bytes left [ 26.153079][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.213339][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.662175][ T416] ====================================================== [ 26.662175][ T416] WARNING: the mand mount option is being deprecated and [ 26.662175][ T416] will be removed in v5.15! [ 26.662175][ T416] ====================================================== [ 26.704349][ T424] tipc: Failed to remove local publication {66,0,0}/3175523819 [ 26.821846][ T422] cgroup: syz-executor.3 (422) created nested cgroup for controller "memory" which has incomplete hierarchy support. Nested cgroups may change behavior in the future. [ 26.838564][ T422] cgroup: "memory" requires setting use_hierarchy to 1 on the root [ 26.917864][ T23] kauditd_printk_skb: 37 callbacks suppressed [ 26.917887][ T23] audit: type=1400 audit(1718934769.760:113): avc: denied { mount } for pid=414 comm="syz-executor.1" name="/" dev="loop1" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 27.061291][ T411] syz-executor.2 (411) used greatest stack depth: 20824 bytes left [ 27.318142][ T23] audit: type=1400 audit(1718934770.130:114): avc: denied { watch } for pid=414 comm="syz-executor.1" path="/root/syzkaller-testdir1970102480/syzkaller.tHrvI6/0/file1/file0" dev="loop1" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 27.412484][ T414] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 127.436381][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 127.443131][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P18 [ 127.450074][ C0] (detected by 0, t=10002 jiffies, g=1109, q=528) [ 127.456409][ C0] kworker/1:0 R running task 25688 18 2 0x80004000 [ 127.464145][ C0] Workqueue: ipv6_addrconf addrconf_dad_work [ 127.469945][ C0] Call Trace: [ 127.473082][ C0] __schedule+0xb05/0x1320 [ 127.477342][ C0] ? __local_bh_enable_ip+0x4f/0x70 [ 127.482377][ C0] ? is_mmconf_reserved+0x430/0x430 [ 127.487401][ C0] ? check_preemption_disabled+0x9f/0x320 [ 127.492951][ C0] ? preempt_schedule+0xd9/0xe0 [ 127.497641][ C0] preempt_schedule_common+0x83/0xd0 [ 127.502762][ C0] preempt_schedule+0xd9/0xe0 [ 127.507273][ C0] ? schedule_preempt_disabled+0x20/0x20 [ 127.512742][ C0] ? reschedule_interrupt+0xa/0x20 [ 127.517691][ C0] ___preempt_schedule+0x16/0x20 [ 127.522459][ C0] ? check_preemption_disabled+0x91/0x320 [ 127.528015][ C0] __local_bh_enable_ip+0x60/0x70 [ 127.532875][ C0] ip6_finish_output2+0xfaa/0x18e0 [ 127.537825][ C0] ? __ip6_finish_output+0x790/0x790 [ 127.542944][ C0] ? ip6_mtu+0xe2/0x130 [ 127.546938][ C0] ? __ip6_finish_output+0x5e4/0x790 [ 127.552056][ C0] ip6_output+0x1b3/0x430 [ 127.556223][ C0] ? asan.module_dtor+0x20/0x20 [ 127.560912][ C0] ? ip6_output+0x430/0x430 [ 127.565250][ C0] ? nf_hook_slow+0x196/0x1e0 [ 127.569762][ C0] mld_sendpack+0x606/0xb50 [ 127.574103][ C0] ? add_grec+0x12f0/0x12f0 [ 127.578440][ C0] ? preempt_schedule_common+0xa6/0xd0 [ 127.583733][ C0] ? mld_send_report+0x210/0x210 [ 127.588508][ C0] ? schedule_preempt_disabled+0x20/0x20 [ 127.593976][ C0] ? check_preemption_disabled+0x9f/0x320 [ 127.599532][ C0] ? ___preempt_schedule+0x16/0x20 [ 127.604478][ C0] ? check_preemption_disabled+0x91/0x320 [ 127.610032][ C0] ? __local_bh_enable_ip+0x60/0x70 [ 127.615150][ C0] ? mld_send_initial_cr+0x22d/0x2b0 [ 127.620272][ C0] ipv6_mc_dad_complete+0x70/0x3a0 [ 127.625222][ C0] addrconf_dad_completed+0x6e9/0xdb0 [ 127.630430][ C0] ? addrconf_dad_stop+0x420/0x420 [ 127.635376][ C0] ? ___preempt_schedule+0x16/0x20 [ 127.640323][ C0] ? check_preemption_disabled+0x91/0x320 [ 127.645889][ C0] addrconf_dad_work+0xe4d/0x16f0 [ 127.650741][ C0] ? finish_task_switch+0x130/0x590 [ 127.655774][ C0] ? ipv6_get_saddr_eval+0xea0/0xea0 [ 127.660897][ C0] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 127.665840][ C0] ? _raw_spin_lock_irqsave+0x210/0x210 [ 127.671222][ C0] ? read_word_at_a_time+0xe/0x20 [ 127.676078][ C0] ? strscpy+0x89/0x220 [ 127.680074][ C0] process_one_work+0x765/0xd20 [ 127.684764][ C0] worker_thread+0xaef/0x1470 [ 127.689277][ C0] kthread+0x2da/0x360 [ 127.693177][ C0] ? worker_clr_flags+0x170/0x170 [ 127.698037][ C0] ? kthread_blkcg+0xd0/0xd0 [ 127.702464][ C0] ret_from_fork+0x1f/0x30 [ 127.706733][ C0] rcu: rcu_preempt kthread starved for 9994 jiffies! g1109 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 127.717558][ C0] rcu: RCU grace-period kthread stack dump: [ 127.723292][ C0] rcu_preempt R running task 28920 11 2 0x80004000 [ 127.731015][ C0] Call Trace: [ 127.734148][ C0] __schedule+0xb05/0x1320 [ 127.738401][ C0] ? is_mmconf_reserved+0x430/0x430 [ 127.743428][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 127.748726][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 127.753410][ C0] schedule+0x12c/0x1d0 [ 127.757402][ C0] schedule_timeout+0x188/0x3d0 [ 127.762092][ C0] ? prepare_to_swait_event+0x35c/0x3a0 [ 127.767471][ C0] ? console_conditional_schedule+0x10/0x10 [ 127.773199][ C0] ? run_local_timers+0x160/0x160 [ 127.778060][ C0] ? finish_swait+0xa5/0x1a0 [ 127.782495][ C0] rcu_gp_kthread+0xea0/0x1d10 [ 127.787085][ C0] ? _raw_spin_unlock_irq+0x4a/0x60 [ 127.792119][ C0] ? dyntick_save_progress_counter+0x1b0/0x1b0 [ 127.798113][ C0] ? rcu_barrier_callback+0x50/0x50 [ 127.803151][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 127.807832][ C0] ? is_mmconf_reserved+0x430/0x430 [ 127.812863][ C0] ? __wake_up_locked+0xb7/0x110 [ 127.817640][ C0] ? __kthread_parkme+0xb0/0x1b0 [ 127.822410][ C0] kthread+0x2da/0x360 [ 127.826316][ C0] ? rcu_barrier_callback+0x50/0x50 [ 127.831352][ C0] ? kthread_blkcg+0xd0/0xd0 [ 127.835787][ C0] ret_from_fork+0x1f/0x30 serialport: VM disconnected.