last executing test programs:
3.411963181s ago: executing program 4:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
unshare(0x4000400)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x0, 0x2}, @call]}, &(0x7f0000000000)='GPL\x00'}, 0x90)
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0xffffffffffffff3d)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$incfs(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
syz_usb_disconnect(r0)
ioctl$EVIOCRMFF(r0, 0xc0085508, &(0x7f00000000c0))
setresuid(0x0, 0x0, 0x0)
setreuid(0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xa, 0x4, 0x3, 0x8}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
3.060914725s ago: executing program 2:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x9)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$inet6(0xa, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r2, 0x0, r4, 0x0, 0x8000f28, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r5, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000940)={0x42, 0x4}, 0x10)
r6 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r6, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xffffffff}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x4}, 0x10)
sendmsg$NFT_BATCH(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x24, 0x9, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_SET_EXPRESSIONS={0x10, 0x12, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @cmp={{0x8}, @void}}]}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x0, 0x0, 0x0, {0xa, 0x0, 0x3}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}], {0x14}}, 0x6c}}, 0x10)
splice(r3, 0x0, r1, 0x0, 0x7f, 0xe)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x60, 0x10, 0xfffff63d, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc}, @IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0xffff}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc}, @IFLA_BR_MCAST_ROUTER={0x5}]}}}]}, 0x60}}, 0x0)
2.661715897s ago: executing program 4:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x9)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$inet6(0xa, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r2, 0x0, r4, 0x0, 0x8000f28, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r5, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000940)={0x42, 0x4}, 0x10)
r6 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r6, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xffffffff}}, 0x10)
close(r5)
sendmsg$NFT_BATCH(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x24, 0x9, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_SET_EXPRESSIONS={0x10, 0x12, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @cmp={{0x8}, @void}}]}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x0, 0x0, 0x0, {0xa, 0x0, 0x3}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}], {0x14}}, 0x6c}}, 0x10)
splice(r3, 0x0, r1, 0x0, 0x7f, 0xe)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x60, 0x10, 0xfffff63d, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc}, @IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0xffff}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc}, @IFLA_BR_MCAST_ROUTER={0x5}]}}}]}, 0x60}}, 0x0)
1.323733405s ago: executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x1, 0x0, 0x1, 0x0, r2}, 0x48)
recvmmsg(r0, &(0x7f00000063c0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/150, 0x96}, {&(0x7f00000000c0)=""/128, 0x80}, {&(0x7f0000001780)=""/167, 0xa7}, {&(0x7f0000000240)=""/52, 0x34}], 0x5, &(0x7f0000000280)=""/10, 0xa}, 0xfffffff8}, {{&(0x7f0000001840)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x80, &(0x7f0000000480)=[{&(0x7f00000018c0)=""/94, 0x5e}], 0x1, &(0x7f0000001940)=""/203, 0xcb}, 0x1ff}, {{&(0x7f0000001a40)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000000700)=[{&(0x7f0000001ac0)=""/70, 0x46}], 0x1, &(0x7f0000001b40)}, 0x80000001}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000001c40)=""/110, 0x6e}, {&(0x7f0000001cc0)=""/60, 0x3c}, {&(0x7f0000001d00)=""/72, 0x48}], 0x4}}, {{&(0x7f0000002e80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000003100)=[{&(0x7f0000001d80)=""/3, 0x3}, {&(0x7f0000002f00)=""/157, 0x9d}, {&(0x7f0000002fc0)=""/124, 0x7c}, {&(0x7f0000003040)=""/137, 0x89}], 0x4, &(0x7f0000003140)=""/176, 0xb0}, 0x27ba83ed}, {{&(0x7f0000003200)=@generic, 0x80, &(0x7f00000045c0)=[{&(0x7f0000003280)=""/141, 0x8d}, {&(0x7f0000003340)=""/4096, 0x1000}, {&(0x7f0000004340)=""/212, 0xd4}, {&(0x7f0000004440)=""/32, 0x20}, {&(0x7f0000004480)=""/194, 0xc2}, {&(0x7f0000004580)=""/26, 0x1a}], 0x6}, 0x6}, {{&(0x7f0000004640)=@l2tp={0x2, 0x0, @dev}, 0x80, &(0x7f0000004700)=[{&(0x7f00000046c0)=""/14, 0xe}], 0x1, &(0x7f0000004740)=""/76, 0x4c}, 0x9}, {{&(0x7f00000047c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000005b80)=[{&(0x7f0000004840)=""/224, 0xe0}, {&(0x7f0000004940)=""/237, 0xed}, {&(0x7f0000004a40)=""/4096, 0x1000}, {&(0x7f0000005a40)=""/38, 0x26}, {&(0x7f0000005a80)=""/203, 0xcb}], 0x5}, 0xfffffffe}, {{0x0, 0x0, &(0x7f0000006040)=[{&(0x7f0000005c00)=""/16, 0x10}, {&(0x7f0000005c40)=""/53, 0x35}, {&(0x7f0000005c80)=""/70, 0x46}, {&(0x7f0000005d00)=""/165, 0xa5}, {&(0x7f0000005dc0)=""/254, 0xfe}, {&(0x7f0000005ec0)=""/141, 0x8d}, {&(0x7f0000005f80)=""/138, 0x8a}], 0x7, &(0x7f00000060c0)=""/97, 0x61}, 0x7}, {{&(0x7f0000006140)=@can, 0x80, &(0x7f0000006300)=[{&(0x7f00000061c0)=""/55, 0x37}, {&(0x7f0000006200)=""/251, 0xfb}], 0x2}}], 0xa, 0x2, 0xfffffffffffffffe)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001b40))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700)
ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000000))
pwritev(r6, &(0x7f00000004c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="db", 0xfffff000}], 0x3, 0x0, 0x0)
1.22640315s ago: executing program 1:
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfc}, 0xc)
bind$netlink(r0, &(0x7f0000000240)={0x10, 0x0, 0x0, 0x507}, 0xc)
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x40, &(0x7f0000000280)=ANY=[@ANYBLOB='nodots,nodots,dots,dots,nodots,errors=continue,time_offset=0xfffffffffffffa93,dots,showexec,nodots,dots,gid=', @ANYRESHEX=0xee00, @ANYRES32=0x0], 0x2, 0x1e0, &(0x7f0000000780)="$eJzs3bFqU2EUB/B/am1TQewmiuAFF12C+gQViSAGRCWCTgqtSyNCskQX61v4gD6AdOqiEXNjY0oSa2p7af39lhxyzpfzfSTcZMm5r6693d5813vz5fLn1Ou1LG1kI3u1rGcpv+wEADhL9gaDfB0MlqveBwBwckbf/0MzSr7NW++HAwCcPs9evHx0r9VqPi2KerK702/32+VjmX/wsNW8XQytj1ft9vvtc/v5O2W+mMyfz4Uka2k1707Nr+TmjeH6Tz9z9x+3DuRXs3n8xwcAAAAAAAAAAAAAAAAAAAAAgEo0in1T5/s0GrPyZfTbfKAD83uWc9VwQAAAAAAAAAAAAAAAAAAAADiU3vsP2687na3uOFhNMvnMYsHg0swW04IiydGb/m2wlJPrddqC2lGW37pSvvtTa54nOa7NZzR1Yk7N9YlP+PdFez25+KeaLPbKK0nm16zNP+C/CMbXiNUKrksAAAAAAAAAAAAAAAAAAPA/Gv3Xt9btVb0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKhOef//zlZ3keBjkkMUj1rVKj4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ9iPAAAA///JOBz+")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
unlink(&(0x7f0000000040)='./file1\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f0000000fc0)=[{{&(0x7f0000000340)=@in={0x2, 0x0, @multicast1}, 0x80, 0x0}, 0x1}, {{&(0x7f00000005c0)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000000e40)=[{&(0x7f0000000640)=""/108, 0x6c}, {&(0x7f0000000700)=""/54, 0x36}, {&(0x7f0000000980)=""/119, 0x77}, {&(0x7f0000000a00)=""/221, 0xdd}, {&(0x7f0000000b00)=""/101, 0x65}, {&(0x7f0000000b80)=""/128, 0x80}, {&(0x7f0000000c00)=""/136, 0x88}, {&(0x7f0000000cc0)=""/73, 0x49}, {&(0x7f0000000d40)=""/232, 0xe8}], 0x9, &(0x7f0000000f00)=""/138, 0x8a}, 0x8001}], 0x2, 0x2, 0x0)
r5 = open(0x0, 0x40c5, 0x0)
r6 = inotify_init()
inotify_add_watch(r6, &(0x7f00000001c0)='./file0\x00', 0x6000400)
write$9p(r5, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b603803123f6ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c26a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca", 0x600)
chown(&(0x7f0000000000)='./file0\x00', 0x0, 0xee01)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r7=>0x0}, &(0x7f0000000280)=0x5)
setuid(r7)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00'}, 0x10)
1.22335099s ago: executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
inotify_init1(0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_int(r4, &(0x7f0000000040)='cpuset.mems\x00', 0x2, 0x0)
r6 = openat$cgroup_ro(r4, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8001)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4)
syz_emit_ethernet(0x4e, &(0x7f0000000240)={@local, @link_local, @val={@void}, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\b\b\x00', 0x14, 0x2f, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {[], {{0x0, 0x8906, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r7, &(0x7f00000077c0)={0x2020}, 0x2020)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r7}})
ioctl$BLKSECDISCARD(r8, 0x127d, &(0x7f0000000080)=0x8)
r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fchdir(r9)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r11 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r10}, 0x10)
close(r11)
1.206010633s ago: executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ptrace(0x10, 0x1)
wait4(0xffffffffffffffff, &(0x7f0000000080), 0x0, &(0x7f0000000140))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b00)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0)
syz_open_procfs$pagemap(0x0, &(0x7f00000002c0))
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x200040c}, 0x10)
write(r1, &(0x7f00000005c0)="240000001e005f0214fffffffffffff80700000000000000000000712700080016000000", 0x24)
fstat(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f0000002440)={0x90, 0x0, 0x0, {0x2, 0x0, 0x0, 0x101, 0x7, 0x400, {0x5, 0x101, 0xfff, 0x8, 0x2, 0x0, 0x8000, 0x9, 0x401, 0x6000, 0x5, 0x0, r3, 0x0, 0x385}}}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
syz_open_procfs(0x0, &(0x7f00000001c0)='status\x00')
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r4}, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000001c000000000000002300850000000700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
dup2(r5, r5)
r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
readv(r6, &(0x7f0000002140)=[{&(0x7f00000010c0)=""/29, 0x1d}], 0x1)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x3000490, &(0x7f0000004300)={[{@lazytime}, {@usrjquota}, {@errors_remount}, {@journal_path={'journal_path', 0x3d, './bus'}}, {@auto_da_alloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40000}}, {@min_batch_time={'min_batch_time', 0x3d, 0x81}}, {@barrier_val}, {@grpjquota}, {}], [{@uid_eq={'uid', 0x3d, r2}}]}, 0x45, 0x7b1, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==")
372.457972ms ago: executing program 2:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="f042f85b0000000000000000000000008500000061000000850000007d000066950000000000000010be63bb13a09176dc82180c9aad7a6590a0"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x46)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe40, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f05dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
timer_create(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x9, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x51, 0x7a, 0xa, 0xff00}, [@call={0x55}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0}, 0x48)
prctl$PR_MCE_KILL(0x23, 0x4, 0x7fffffffeffe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={0x0}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), r0)
sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000940)=ANY=[@ANYBLOB="ff070000", @ANYRES16=r3, @ANYBLOB="000226bd7000fbdbdf2508000000a80004800900010073797a31000000001300010062726f6164636173742d6c696e6b00001300010062726f6164636173742d6c696e6b00000900010073797a30000000001300010062726f6164636173742d6c696e6b00000900010073797a30000000001300010062726f6164636173742d6c696e6b00000c0007800800040007000000240007800800040009000000080003005c0d000008000400060000000800020001000000400007800800010020000000080002000200000008000200060000000c00040001000000000000000c00040008000000000000000c00030007000000000000002800028008000100e0ffffff04000400080001000800000004000400080002000100000004000400dc0001803c00028008000400ff0300000800030080000000080001000f000000080001001e00000008000100000100000800030001000000080001001a0000000d0001007564703a73797a30000000002c000280080001001d00000008000200050000000800010014000000080004000100000008000200ff7f0000080001007564703a73797a32000000000d0001007564703a73797a320000000008000300090000001c00028008000200810000000800010002000000080001000c0000001200010069623a76657468305f766c616e00000008000300050000005800078008000200ffffff7f0c00040001000000000000000c000300020000000000000008000100ff030000080001007f0000000c000400ff7f0000000000000c00040002000000000000000c000400000000000000000024010480340007800800030003000000080002000200000008000400ff7f0000080001001400000008000200030000000800040087cd00002c0007800800040017da0000080004000900000008000400030000000800010004000000080001001d0000001300010062726f6164636173742d6c696e6b00003c0007800800040000000002080003000100000008000400faffffff08000300010000800800010000000000080002009a00000008000300000000800900010073797a30000000004c000780080001000b000000080001000a00000008000400e00a000008000100190000000800010002000000080003003f0000000800030009000000080003000700000008000300feffffff0900010073797a30000000000c000780080001000b0000000c00038008000100ffffffff440002802400038008000200410100000800020007000000080002000100000008000200080000000800020005000000080001002c000000040004000800010008000000180002800400040008000200070000000400038004000400240003800800030003000000080002000101000008000100000200000800030009000000"], 0x408}, 0x1, 0x0, 0x0, 0x20000040}, 0x14)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000001480)=ANY=[@ANYBLOB='huge=always'])
chdir(&(0x7f0000000140)='./file0\x00')
r4 = creat(&(0x7f00000001c0)='./file1\x00', 0x0)
lseek(r4, 0x7ffffc, 0x0)
write$binfmt_elf64(r4, &(0x7f0000001a40)=ANY=[], 0xfd14)
fallocate(r4, 0x0, 0x0, 0x6)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
socketpair(0x1, 0x1, 0x0, &(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x16, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509011f00000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000000018120000", @ANYRES32, @ANYBLOB="000000e8ff000000b703000000000000850000020c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffdde, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x5}, 0x8}, 0x90)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r6], 0x4c}}, 0x0)
210.358198ms ago: executing program 2:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x9)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$inet6(0xa, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r2, 0x0, r4, 0x0, 0x8000f28, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r5, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000940)={0x42, 0x4}, 0x10)
r6 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r6, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xffffffff}}, 0x10)
close(r5)
sendmsg$NFT_BATCH(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x24, 0x9, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_SET_EXPRESSIONS={0x10, 0x12, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @cmp={{0x8}, @void}}]}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x0, 0x0, 0x0, {0xa, 0x0, 0x3}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}], {0x14}}, 0x6c}}, 0x10)
splice(r3, 0x0, r1, 0x0, 0x7f, 0xe)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x60, 0x10, 0xfffff63d, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc}, @IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0xffff}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc}, @IFLA_BR_MCAST_ROUTER={0x5}]}}}]}, 0x60}}, 0x0)
16.936738ms ago: executing program 3:
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='jbd2_checkpoint_stats\x00'}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x40002, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000001010101"], 0x50}}, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x14d52, &(0x7f0000000240)=ANY=[], 0xfe, 0x1221, &(0x7f0000002dc0)="$eJzs3E9rHGUcB/Bf1q1JU/NHrdX2oA968TQ0OXgSNEgKkgWlNkIrCFMz0SXjbsgsgRWxevLq6xCP3gTxDeTia/CWi956UEcym2jSbrRVm/jn8zns/NhnvjPPs8wOzPI8u/viZ+9vrFfZej6I1sREtDYj0u0UKVpx4OmV0fb6jZWlTmf5akpXlq4tvJBSmn3m67c+/OLZbwbn3vxy9qvJ2Jl/e/f7xe92Luxc3P352nvdKnWr1OsPUp5u9vuD/GZZpLVutZGl9HpZ5FWRur2q2DrSvl72NzeHKe+tzUxvbhVVlfLeMG0UwzTop8HWMOXv5t1eyrIszUwHxzrzx7usfn67ruuIuj4TD0dd1/XZmI5z8UjMxGx8HBGPxmPxeJyPJ+JCPBlPxcVmr5PoPgAAAAAAAAAAAAAAAAAAAPx//N76/7mYt/4fAAAAAAAAAAAAAAAAAAAATsAb12+sLHU6y1dTmoooP91e3V4dbUftS+vRjTKKuBxz8WM0q/9HRvWVVzvLl1NjPj4pb+3nb22vPtTkJ/de9vILzd8J7OfbTdtBfmGUT0fzkzF9+PyLMRfnx59/cWx+Kp5/7lA+i7n49p3oRxlrzbl/y3+0kNIrr3XuyF9q9gMAAID/giz9auzze5Yd1z7K38fvA3c8X7fjUvt0x05ENfxgIy/LYutoMXXXO4p7L1oP6Mit+IcMcEzxU/0Ajjyxf5XeR+rQhb13Dzrtj+Wei5f/alfP/s0dO717Eifn7i8OAAAAAAAAAAAA/wZ/foZgO+K46ag/TB00tWPMzLKXTmeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8As7cCwAAAAAIMzfOo2ODQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA//950sOV")
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000280)={0x4376ea830d56d49d})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x0, 0x200000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000000c0)={0x1, 0x3, 0x9, 0x0, 0xd7, 0x55, 0x80, 0x5, 0x4, 0x91, 0x0, 0x3, 0x0, 0x4, 0x8, 0x6, 0x5, 0x1, 0x9b})
0s ago: executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
inotify_init1(0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_int(r4, &(0x7f0000000040)='cpuset.mems\x00', 0x2, 0x0)
r6 = openat$cgroup_ro(r4, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8001)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4)
syz_emit_ethernet(0x4e, &(0x7f0000000240)={@local, @link_local, @val={@void}, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\b\b\x00', 0x14, 0x2f, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {[], {{0x0, 0x8906, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r7, &(0x7f00000077c0)={0x2020}, 0x2020)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r7}})
ioctl$BLKSECDISCARD(r8, 0x127d, &(0x7f0000000080)=0x8)
r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fchdir(r9)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r11 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r10}, 0x10)
close(r11)
kernel console output (not intermixed with test programs):
[ 5.321480][ T162] udevd[162]: starting eudev-3.2.11
[ 6.482927][ T195] ip (195) used greatest stack depth: 23320 bytes left
[ 7.082474][ T140] rcS (140) used greatest stack depth: 21912 bytes left
[ 14.387902][ T23] kauditd_printk_skb: 50 callbacks suppressed
[ 14.387910][ T23] audit: type=1400 audit(1718934757.230:61): avc: denied { transition } for pid=287 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 14.391888][ T23] audit: type=1400 audit(1718934757.230:62): avc: denied { noatsecure } for pid=287 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 14.394692][ T23] audit: type=1400 audit(1718934757.230:63): avc: denied { write } for pid=287 comm="sh" path="pipe:[10515]" dev="pipefs" ino=10515 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 14.397206][ T287] sh (287) used greatest stack depth: 21752 bytes left
[ 14.398598][ T23] audit: type=1400 audit(1718934757.230:64): avc: denied { rlimitinh } for pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 14.401793][ T23] audit: type=1400 audit(1718934757.230:65): avc: denied { siginh } for pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.216' (ED25519) to the list of known hosts.
2024/06/21 01:52:44 fuzzer started
2024/06/21 01:52:44 dialing manager at 10.128.0.163:30000
[ 21.787615][ T23] audit: type=1400 audit(1718934764.630:66): avc: denied { node_bind } for pid=345 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 21.810404][ T23] audit: type=1400 audit(1718934764.650:67): avc: denied { name_bind } for pid=345 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[ 21.852077][ T23] audit: type=1400 audit(1718934764.690:68): avc: denied { mounton } for pid=354 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 21.855966][ T354] cgroup1: Unknown subsys name 'net'
[ 21.880089][ T354] cgroup1: Unknown subsys name 'net_prio'
[ 21.885857][ T354] cgroup1: Unknown subsys name 'devices'
[ 21.893898][ T23] audit: type=1400 audit(1718934764.690:69): avc: denied { setattr } for pid=356 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=892 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 21.913860][ T357] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 21.918092][ T23] audit: type=1400 audit(1718934764.690:70): avc: denied { mount } for pid=354 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 21.947293][ T23] audit: type=1400 audit(1718934764.730:71): avc: denied { unmount } for pid=354 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 21.966825][ T23] audit: type=1400 audit(1718934764.740:72): avc: denied { mounton } for pid=360 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 21.991298][ T23] audit: type=1400 audit(1718934764.740:73): avc: denied { mount } for pid=360 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 22.014309][ T23] audit: type=1400 audit(1718934764.760:74): avc: denied { relabelto } for pid=357 comm="mkswap" name="swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 22.014539][ T355] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 22.039596][ T23] audit: type=1400 audit(1718934764.760:75): avc: denied { write } for pid=357 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 22.109165][ T354] cgroup1: Unknown subsys name 'hugetlb'
[ 22.114851][ T354] cgroup1: Unknown subsys name 'rlimit'
2024/06/21 01:52:45 starting 5 executor processes
[ 22.674856][ T369] bridge0: port 1(bridge_slave_0) entered blocking state
[ 22.681956][ T369] bridge0: port 1(bridge_slave_0) entered disabled state
[ 22.689623][ T369] device bridge_slave_0 entered promiscuous mode
[ 22.727491][ T369] bridge0: port 2(bridge_slave_1) entered blocking state
[ 22.734310][ T369] bridge0: port 2(bridge_slave_1) entered disabled state
[ 22.741712][ T369] device bridge_slave_1 entered promiscuous mode
[ 22.874405][ T375] bridge0: port 1(bridge_slave_0) entered blocking state
[ 22.881449][ T375] bridge0: port 1(bridge_slave_0) entered disabled state
[ 22.888742][ T375] device bridge_slave_0 entered promiscuous mode
[ 22.899430][ T375] bridge0: port 2(bridge_slave_1) entered blocking state
[ 22.906253][ T375] bridge0: port 2(bridge_slave_1) entered disabled state
[ 22.913599][ T375] device bridge_slave_1 entered promiscuous mode
[ 22.948783][ T374] bridge0: port 1(bridge_slave_0) entered blocking state
[ 22.955604][ T374] bridge0: port 1(bridge_slave_0) entered disabled state
[ 22.962988][ T374] device bridge_slave_0 entered promiscuous mode
[ 22.985491][ T374] bridge0: port 2(bridge_slave_1) entered blocking state
[ 22.992649][ T374] bridge0: port 2(bridge_slave_1) entered disabled state
[ 22.999916][ T374] device bridge_slave_1 entered promiscuous mode
[ 23.019469][ T376] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.026296][ T376] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.033678][ T376] device bridge_slave_0 entered promiscuous mode
[ 23.040660][ T376] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.047580][ T376] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.054870][ T376] device bridge_slave_1 entered promiscuous mode
[ 23.129562][ T377] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.136489][ T377] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.143768][ T377] device bridge_slave_0 entered promiscuous mode
[ 23.150873][ T377] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.157724][ T377] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.165113][ T377] device bridge_slave_1 entered promiscuous mode
[ 23.205147][ T369] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.211991][ T369] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 23.219125][ T369] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.225950][ T369] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 23.323258][ T124] bridge0: port 1(bridge_slave_0) entered disabled state
[ 23.330440][ T124] bridge0: port 2(bridge_slave_1) entered disabled state
[ 23.339024][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 23.346323][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 23.371095][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 23.379186][ T124] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.386081][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 23.393892][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 23.402166][ T124] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.409002][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 23.457258][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 23.465010][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 23.498293][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 23.505615][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 23.513829][ T124] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.520666][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 23.528428][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 23.569331][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 23.577710][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 23.585032][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 23.593424][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 23.601871][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 23.610217][ T379] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.617046][ T379] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 23.624335][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 23.632527][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 23.640579][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 23.648597][ T379] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.655401][ T379] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 23.662920][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 23.680559][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 23.688121][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 23.695356][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 23.703833][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 23.711998][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 23.720297][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 23.728309][ T74] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.735116][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 23.742361][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 23.750664][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 23.758735][ T74] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.765542][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 23.772839][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 23.781156][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 23.789187][ T74] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.795995][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 23.803371][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 23.811747][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 23.819756][ T74] bridge0: port 1(bridge_slave_0) entered blocking state
[ 23.826572][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 23.834121][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 23.842330][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 23.867379][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 23.875542][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 23.883797][ T124] bridge0: port 2(bridge_slave_1) entered blocking state
[ 23.890627][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 23.899435][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 23.907492][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 23.915522][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 23.923657][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 23.931715][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 23.939724][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 23.947654][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 23.955412][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 23.976808][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 23.984714][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 23.993529][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 24.001807][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 24.009486][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 24.017347][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 24.025004][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 24.032859][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 24.077348][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 24.085525][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 24.096589][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 24.104724][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 24.123194][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 24.131739][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 24.140101][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 24.147908][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 24.163134][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 24.171193][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 24.179254][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 24.187371][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 24.202520][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 24.210808][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 24.219134][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 24.226818][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 24.246739][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 24.254699][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 24.263113][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 24.271135][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 24.279080][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 24.287140][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 24.300089][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 24.308252][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 24.316306][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 24.324770][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 24.340628][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 24.348900][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 24.357192][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 24.365092][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 24.373390][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 24.381559][ T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 24.411754][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 24.814747][ T369] ------------[ cut here ]------------
[ 24.820033][ T369] WARNING: CPU: 0 PID: 369 at fs/overlayfs/util.c:450 ovl_dir_modified+0x45c/0x570
[ 24.829121][ T369] Modules linked in:
[ 24.832857][ T369] CPU: 0 PID: 369 Comm: syz-executor.4 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0
[ 24.842748][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 24.852657][ T369] RIP: 0010:ovl_dir_modified+0x45c/0x570
[ 24.858116][ T369] Code: c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 5c 3b ae ff 49 ff 45 00 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 34 56 7e ff <0f> 0b e9 91 fd ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 30 fc ff
[ 24.877561][ T369] RSP: 0018:ffff8881d8eafb48 EFLAGS: 00010293
[ 24.883454][ T369] RAX: ffffffff81e5e5ec RBX: 0000000000000000 RCX: ffff8881d8d98000
[ 24.891264][ T369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 24.899078][ T369] RBP: ffff8881e8b55bb0 R08: ffffffff81e5e376 R09: ffffed103b5a7e7c
[ 24.906893][ T369] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 24.914702][ T369] R13: ffff8881dad3f338 R14: ffff8881dad3f388 R15: ffff8881e8b55be0
[ 24.922512][ T369] FS: 0000555556adc480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 24.931460][ T369] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 24.937883][ T369] CR2: 00007ffd10d21df8 CR3: 00000001d8e96000 CR4: 00000000003406b0
[ 24.945696][ T369] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 24.953699][ T369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 24.961492][ T369] Call Trace:
[ 24.964629][ T369] ? __warn+0x162/0x250
[ 24.968622][ T369] ? report_bug+0x3a1/0x4e0
[ 24.972959][ T369] ? ovl_dir_modified+0x45c/0x570
[ 24.977816][ T369] ? ovl_dir_modified+0x45c/0x570
[ 24.982670][ T369] ? do_invalid_op+0x6e/0x110
[ 24.987184][ T369] ? invalid_op+0x1e/0x30
[ 24.991354][ T369] ? ovl_dir_modified+0x1e6/0x570
[ 24.996208][ T369] ? ovl_dir_modified+0x45c/0x570
[ 25.001071][ T369] ? ovl_dir_modified+0x45c/0x570
[ 25.005931][ T369] ? ovl_dir_modified+0x45c/0x570
[ 25.010799][ T369] ? ovl_path_type+0x18e/0x2f0
[ 25.015392][ T369] ovl_do_remove+0x6f0/0xc80
[ 25.019822][ T369] ? retint_kernel+0x1b/0x1b
[ 25.024244][ T369] ? ovl_set_redirect+0x5f0/0x5f0
[ 25.029107][ T369] ? vfs_rmdir+0x16f/0x3c0
[ 25.033357][ T369] ? ovl_rmdir+0x9/0x20
[ 25.037351][ T369] vfs_rmdir+0x285/0x3c0
[ 25.041431][ T369] incfs_kill_sb+0x105/0x200
[ 25.045860][ T369] deactivate_locked_super+0xa8/0x110
[ 25.051063][ T369] deactivate_super+0x1e2/0x2a0
[ 25.055758][ T369] ? vfs_submount+0xb0/0xb0
[ 25.060102][ T369] ? deactivate_locked_super+0x110/0x110
[ 25.065559][ T369] ? fast_dput+0x7a/0x280
[ 25.069724][ T369] cleanup_mnt+0x44e/0x500
[ 25.073975][ T369] task_work_run+0x140/0x170
[ 25.078405][ T369] exit_to_usermode_loop+0x190/0x1a0
[ 25.083526][ T369] prepare_exit_to_usermode+0x199/0x200
[ 25.088907][ T369] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 25.094643][ T369] RIP: 0033:0x7f01fdd06257
[ 25.098883][ T369] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[ 25.118324][ T369] RSP: 002b:00007ffd10d225a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 25.126569][ T369] RAX: 0000000000000000 RBX: 00007f01fdd616c6 RCX: 00007f01fdd06257
[ 25.134378][ T369] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd10d22660
[ 25.142191][ T369] RBP: 00007ffd10d22660 R08: 0000000000000000 R09: 0000000000000000
[ 25.150029][ T369] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd10d23750
[ 25.157815][ T369] R13: 00007f01fdd616c6 R14: 0000000000005de8 R15: 0000000000000014
[ 25.165627][ T369] ---[ end trace c228b76e4e58e1b5 ]---
[ 25.192611][ T369] ------------[ cut here ]------------
[ 25.197889][ T369] WARNING: CPU: 0 PID: 369 at fs/overlayfs/util.c:450 ovl_dir_modified+0x45c/0x570
[ 25.206981][ T369] Modules linked in:
[ 25.210727][ T369] CPU: 0 PID: 369 Comm: syz-executor.4 Tainted: G W 5.4.274-syzkaller-00002-g6f97bd951d82 #0
[ 25.222026][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 25.231908][ T369] RIP: 0010:ovl_dir_modified+0x45c/0x570
[ 25.237367][ T369] Code: c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 5c 3b ae ff 49 ff 45 00 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 34 56 7e ff <0f> 0b e9 91 fd ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 30 fc ff
[ 25.256806][ T369] RSP: 0018:ffff8881d8eafb48 EFLAGS: 00010293
[ 25.262705][ T369] RAX: ffffffff81e5e5ec RBX: 0000000000000000 RCX: ffff8881d8d98000
[ 25.270514][ T369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 25.278332][ T369] RBP: ffff8881e8b55bb0 R08: ffffffff81e5e376 R09: ffffed103b5a7e7c
[ 25.286140][ T369] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 25.293960][ T369] R13: ffff8881dad3f338 R14: ffff8881dad3f388 R15: ffff8881e8b55be0
[ 25.301763][ T369] FS: 0000555556adc480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 25.310530][ T369] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 25.317088][ T369] CR2: 000055700af7a078 CR3: 00000001d8e96000 CR4: 00000000003406b0
[ 25.325028][ T369] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 25.332838][ T369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 25.340645][ T369] Call Trace:
[ 25.343787][ T369] ? __warn+0x162/0x250
[ 25.347771][ T369] ? report_bug+0x3a1/0x4e0
[ 25.352121][ T369] ? ovl_dir_modified+0x45c/0x570
[ 25.356974][ T369] ? ovl_dir_modified+0x45c/0x570
[ 25.361832][ T369] ? do_invalid_op+0x6e/0x110
[ 25.366343][ T369] ? invalid_op+0x1e/0x30
[ 25.370509][ T369] ? ovl_dir_modified+0x1e6/0x570
[ 25.375369][ T369] ? ovl_dir_modified+0x45c/0x570
[ 25.380230][ T369] ? ovl_dir_modified+0x45c/0x570
[ 25.385090][ T369] ? ovl_dir_modified+0x45c/0x570
[ 25.389948][ T369] ? ovl_path_type+0x18e/0x2f0
[ 25.394555][ T369] ovl_do_remove+0x6f0/0xc80
[ 25.398982][ T369] ? ovl_set_redirect+0x5f0/0x5f0
[ 25.403838][ T369] ? security_inode_rmdir+0xca/0x110
[ 25.408958][ T369] vfs_rmdir+0x285/0x3c0
[ 25.413041][ T369] incfs_kill_sb+0x18d/0x200
[ 25.417467][ T369] deactivate_locked_super+0xa8/0x110
[ 25.422670][ T369] deactivate_super+0x1e2/0x2a0
[ 25.427359][ T369] ? vfs_submount+0xb0/0xb0
[ 25.431697][ T369] ? deactivate_locked_super+0x110/0x110
[ 25.437168][ T369] ? fast_dput+0x7a/0x280
[ 25.441331][ T369] cleanup_mnt+0x44e/0x500
[ 25.445584][ T369] task_work_run+0x140/0x170
[ 25.450013][ T369] exit_to_usermode_loop+0x190/0x1a0
[ 25.455138][ T369] prepare_exit_to_usermode+0x199/0x200
[ 25.460516][ T369] entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[ 25.466245][ T369] RIP: 0033:0x7f01fdd06257
[ 25.470510][ T369] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[ 25.490113][ T369] RSP: 002b:00007ffd10d225a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 25.498446][ T369] RAX: 0000000000000000 RBX: 00007f01fdd616c6 RCX: 00007f01fdd06257
[ 25.506259][ T369] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd10d22660
[ 25.514067][ T369] RBP: 00007ffd10d22660 R08: 0000000000000000 R09: 0000000000000000
[ 25.521879][ T369] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd10d23750
[ 25.529690][ T369] R13: 00007f01fdd616c6 R14: 0000000000005de8 R15: 0000000000000014
[ 25.537505][ T369] ---[ end trace c228b76e4e58e1b6 ]---
[ 26.061878][ T398] tipc: Failed to remove local publication {66,0,0}/3345909323
[ 26.069808][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 26.078164][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 26.086484][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 26.094829][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 26.103193][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 26.123899][ T400] syz-executor.2 (400) used greatest stack depth: 21624 bytes left
[ 26.153079][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 26.213339][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 26.662175][ T416] ======================================================
[ 26.662175][ T416] WARNING: the mand mount option is being deprecated and
[ 26.662175][ T416] will be removed in v5.15!
[ 26.662175][ T416] ======================================================
[ 26.704349][ T424] tipc: Failed to remove local publication {66,0,0}/3175523819
[ 26.821846][ T422] cgroup: syz-executor.3 (422) created nested cgroup for controller "memory" which has incomplete hierarchy support. Nested cgroups may change behavior in the future.
[ 26.838564][ T422] cgroup: "memory" requires setting use_hierarchy to 1 on the root
[ 26.917864][ T23] kauditd_printk_skb: 37 callbacks suppressed
[ 26.917887][ T23] audit: type=1400 audit(1718934769.760:113): avc: denied { mount } for pid=414 comm="syz-executor.1" name="/" dev="loop1" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[ 27.061291][ T411] syz-executor.2 (411) used greatest stack depth: 20824 bytes left
[ 27.318142][ T23] audit: type=1400 audit(1718934770.130:114): avc: denied { watch } for pid=414 comm="syz-executor.1" path="/root/syzkaller-testdir1970102480/syzkaller.tHrvI6/0/file1/file0" dev="loop1" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1
[ 27.412484][ T414] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF
[ 127.436381][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 127.443131][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P18
[ 127.450074][ C0] (detected by 0, t=10002 jiffies, g=1109, q=528)
[ 127.456409][ C0] kworker/1:0 R running task 25688 18 2 0x80004000
[ 127.464145][ C0] Workqueue: ipv6_addrconf addrconf_dad_work
[ 127.469945][ C0] Call Trace:
[ 127.473082][ C0] __schedule+0xb05/0x1320
[ 127.477342][ C0] ? __local_bh_enable_ip+0x4f/0x70
[ 127.482377][ C0] ? is_mmconf_reserved+0x430/0x430
[ 127.487401][ C0] ? check_preemption_disabled+0x9f/0x320
[ 127.492951][ C0] ? preempt_schedule+0xd9/0xe0
[ 127.497641][ C0] preempt_schedule_common+0x83/0xd0
[ 127.502762][ C0] preempt_schedule+0xd9/0xe0
[ 127.507273][ C0] ? schedule_preempt_disabled+0x20/0x20
[ 127.512742][ C0] ? reschedule_interrupt+0xa/0x20
[ 127.517691][ C0] ___preempt_schedule+0x16/0x20
[ 127.522459][ C0] ? check_preemption_disabled+0x91/0x320
[ 127.528015][ C0] __local_bh_enable_ip+0x60/0x70
[ 127.532875][ C0] ip6_finish_output2+0xfaa/0x18e0
[ 127.537825][ C0] ? __ip6_finish_output+0x790/0x790
[ 127.542944][ C0] ? ip6_mtu+0xe2/0x130
[ 127.546938][ C0] ? __ip6_finish_output+0x5e4/0x790
[ 127.552056][ C0] ip6_output+0x1b3/0x430
[ 127.556223][ C0] ? asan.module_dtor+0x20/0x20
[ 127.560912][ C0] ? ip6_output+0x430/0x430
[ 127.565250][ C0] ? nf_hook_slow+0x196/0x1e0
[ 127.569762][ C0] mld_sendpack+0x606/0xb50
[ 127.574103][ C0] ? add_grec+0x12f0/0x12f0
[ 127.578440][ C0] ? preempt_schedule_common+0xa6/0xd0
[ 127.583733][ C0] ? mld_send_report+0x210/0x210
[ 127.588508][ C0] ? schedule_preempt_disabled+0x20/0x20
[ 127.593976][ C0] ? check_preemption_disabled+0x9f/0x320
[ 127.599532][ C0] ? ___preempt_schedule+0x16/0x20
[ 127.604478][ C0] ? check_preemption_disabled+0x91/0x320
[ 127.610032][ C0] ? __local_bh_enable_ip+0x60/0x70
[ 127.615150][ C0] ? mld_send_initial_cr+0x22d/0x2b0
[ 127.620272][ C0] ipv6_mc_dad_complete+0x70/0x3a0
[ 127.625222][ C0] addrconf_dad_completed+0x6e9/0xdb0
[ 127.630430][ C0] ? addrconf_dad_stop+0x420/0x420
[ 127.635376][ C0] ? ___preempt_schedule+0x16/0x20
[ 127.640323][ C0] ? check_preemption_disabled+0x91/0x320
[ 127.645889][ C0] addrconf_dad_work+0xe4d/0x16f0
[ 127.650741][ C0] ? finish_task_switch+0x130/0x590
[ 127.655774][ C0] ? ipv6_get_saddr_eval+0xea0/0xea0
[ 127.660897][ C0] ? _raw_spin_lock_irq+0xa5/0x1b0
[ 127.665840][ C0] ? _raw_spin_lock_irqsave+0x210/0x210
[ 127.671222][ C0] ? read_word_at_a_time+0xe/0x20
[ 127.676078][ C0] ? strscpy+0x89/0x220
[ 127.680074][ C0] process_one_work+0x765/0xd20
[ 127.684764][ C0] worker_thread+0xaef/0x1470
[ 127.689277][ C0] kthread+0x2da/0x360
[ 127.693177][ C0] ? worker_clr_flags+0x170/0x170
[ 127.698037][ C0] ? kthread_blkcg+0xd0/0xd0
[ 127.702464][ C0] ret_from_fork+0x1f/0x30
[ 127.706733][ C0] rcu: rcu_preempt kthread starved for 9994 jiffies! g1109 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 127.717558][ C0] rcu: RCU grace-period kthread stack dump:
[ 127.723292][ C0] rcu_preempt R running task 28920 11 2 0x80004000
[ 127.731015][ C0] Call Trace:
[ 127.734148][ C0] __schedule+0xb05/0x1320
[ 127.738401][ C0] ? is_mmconf_reserved+0x430/0x430
[ 127.743428][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 127.748726][ C0] ? _raw_spin_lock+0x1b0/0x1b0
[ 127.753410][ C0] schedule+0x12c/0x1d0
[ 127.757402][ C0] schedule_timeout+0x188/0x3d0
[ 127.762092][ C0] ? prepare_to_swait_event+0x35c/0x3a0
[ 127.767471][ C0] ? console_conditional_schedule+0x10/0x10
[ 127.773199][ C0] ? run_local_timers+0x160/0x160
[ 127.778060][ C0] ? finish_swait+0xa5/0x1a0
[ 127.782495][ C0] rcu_gp_kthread+0xea0/0x1d10
[ 127.787085][ C0] ? _raw_spin_unlock_irq+0x4a/0x60
[ 127.792119][ C0] ? dyntick_save_progress_counter+0x1b0/0x1b0
[ 127.798113][ C0] ? rcu_barrier_callback+0x50/0x50
[ 127.803151][ C0] ? _raw_spin_lock+0x1b0/0x1b0
[ 127.807832][ C0] ? is_mmconf_reserved+0x430/0x430
[ 127.812863][ C0] ? __wake_up_locked+0xb7/0x110
[ 127.817640][ C0] ? __kthread_parkme+0xb0/0x1b0
[ 127.822410][ C0] kthread+0x2da/0x360
[ 127.826316][ C0] ? rcu_barrier_callback+0x50/0x50
[ 127.831352][ C0] ? kthread_blkcg+0xd0/0xd0
[ 127.835787][ C0] ret_from_fork+0x1f/0x30
serialport: VM disconnected.