last executing test programs:

3.411963181s ago: executing program 4:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
unshare(0x4000400)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x0, 0x2}, @call]}, &(0x7f0000000000)='GPL\x00'}, 0x90)
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0xffffffffffffff3d)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$incfs(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
syz_usb_disconnect(r0)
ioctl$EVIOCRMFF(r0, 0xc0085508, &(0x7f00000000c0))
setresuid(0x0, 0x0, 0x0)
setreuid(0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xa, 0x4, 0x3, 0x8}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)

3.060914725s ago: executing program 2:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x9)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$inet6(0xa, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r2, 0x0, r4, 0x0, 0x8000f28, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r5, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000940)={0x42, 0x4}, 0x10)
r6 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r6, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xffffffff}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x4}, 0x10)
sendmsg$NFT_BATCH(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x24, 0x9, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_SET_EXPRESSIONS={0x10, 0x12, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @cmp={{0x8}, @void}}]}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x0, 0x0, 0x0, {0xa, 0x0, 0x3}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}], {0x14}}, 0x6c}}, 0x10)
splice(r3, 0x0, r1, 0x0, 0x7f, 0xe)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x60, 0x10, 0xfffff63d, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc}, @IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0xffff}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc}, @IFLA_BR_MCAST_ROUTER={0x5}]}}}]}, 0x60}}, 0x0)

2.661715897s ago: executing program 4:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x9)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$inet6(0xa, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r2, 0x0, r4, 0x0, 0x8000f28, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r5, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000940)={0x42, 0x4}, 0x10)
r6 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r6, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xffffffff}}, 0x10)
close(r5)
sendmsg$NFT_BATCH(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x24, 0x9, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_SET_EXPRESSIONS={0x10, 0x12, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @cmp={{0x8}, @void}}]}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x0, 0x0, 0x0, {0xa, 0x0, 0x3}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}], {0x14}}, 0x6c}}, 0x10)
splice(r3, 0x0, r1, 0x0, 0x7f, 0xe)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x60, 0x10, 0xfffff63d, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc}, @IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0xffff}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc}, @IFLA_BR_MCAST_ROUTER={0x5}]}}}]}, 0x60}}, 0x0)

1.323733405s ago: executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x1, 0x0, 0x1, 0x0, r2}, 0x48)
recvmmsg(r0, &(0x7f00000063c0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/150, 0x96}, {&(0x7f00000000c0)=""/128, 0x80}, {&(0x7f0000001780)=""/167, 0xa7}, {&(0x7f0000000240)=""/52, 0x34}], 0x5, &(0x7f0000000280)=""/10, 0xa}, 0xfffffff8}, {{&(0x7f0000001840)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x80, &(0x7f0000000480)=[{&(0x7f00000018c0)=""/94, 0x5e}], 0x1, &(0x7f0000001940)=""/203, 0xcb}, 0x1ff}, {{&(0x7f0000001a40)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000000700)=[{&(0x7f0000001ac0)=""/70, 0x46}], 0x1, &(0x7f0000001b40)}, 0x80000001}, {{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000001c40)=""/110, 0x6e}, {&(0x7f0000001cc0)=""/60, 0x3c}, {&(0x7f0000001d00)=""/72, 0x48}], 0x4}}, {{&(0x7f0000002e80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000003100)=[{&(0x7f0000001d80)=""/3, 0x3}, {&(0x7f0000002f00)=""/157, 0x9d}, {&(0x7f0000002fc0)=""/124, 0x7c}, {&(0x7f0000003040)=""/137, 0x89}], 0x4, &(0x7f0000003140)=""/176, 0xb0}, 0x27ba83ed}, {{&(0x7f0000003200)=@generic, 0x80, &(0x7f00000045c0)=[{&(0x7f0000003280)=""/141, 0x8d}, {&(0x7f0000003340)=""/4096, 0x1000}, {&(0x7f0000004340)=""/212, 0xd4}, {&(0x7f0000004440)=""/32, 0x20}, {&(0x7f0000004480)=""/194, 0xc2}, {&(0x7f0000004580)=""/26, 0x1a}], 0x6}, 0x6}, {{&(0x7f0000004640)=@l2tp={0x2, 0x0, @dev}, 0x80, &(0x7f0000004700)=[{&(0x7f00000046c0)=""/14, 0xe}], 0x1, &(0x7f0000004740)=""/76, 0x4c}, 0x9}, {{&(0x7f00000047c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000005b80)=[{&(0x7f0000004840)=""/224, 0xe0}, {&(0x7f0000004940)=""/237, 0xed}, {&(0x7f0000004a40)=""/4096, 0x1000}, {&(0x7f0000005a40)=""/38, 0x26}, {&(0x7f0000005a80)=""/203, 0xcb}], 0x5}, 0xfffffffe}, {{0x0, 0x0, &(0x7f0000006040)=[{&(0x7f0000005c00)=""/16, 0x10}, {&(0x7f0000005c40)=""/53, 0x35}, {&(0x7f0000005c80)=""/70, 0x46}, {&(0x7f0000005d00)=""/165, 0xa5}, {&(0x7f0000005dc0)=""/254, 0xfe}, {&(0x7f0000005ec0)=""/141, 0x8d}, {&(0x7f0000005f80)=""/138, 0x8a}], 0x7, &(0x7f00000060c0)=""/97, 0x61}, 0x7}, {{&(0x7f0000006140)=@can, 0x80, &(0x7f0000006300)=[{&(0x7f00000061c0)=""/55, 0x37}, {&(0x7f0000006200)=""/251, 0xfb}], 0x2}}], 0xa, 0x2, 0xfffffffffffffffe)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
ioctl$RTC_EPOCH_READ(r3, 0x8008700d, &(0x7f0000001b40))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700)
ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000000))
pwritev(r6, &(0x7f00000004c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="db", 0xfffff000}], 0x3, 0x0, 0x0)

1.22640315s ago: executing program 1:
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfc}, 0xc)
bind$netlink(r0, &(0x7f0000000240)={0x10, 0x0, 0x0, 0x507}, 0xc)
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x40, &(0x7f0000000280)=ANY=[@ANYBLOB='nodots,nodots,dots,dots,nodots,errors=continue,time_offset=0xfffffffffffffa93,dots,showexec,nodots,dots,gid=', @ANYRESHEX=0xee00, @ANYRES32=0x0], 0x2, 0x1e0, &(0x7f0000000780)="$eJzs3bFqU2EUB/B/am1TQewmiuAFF12C+gQViSAGRCWCTgqtSyNCskQX61v4gD6AdOqiEXNjY0oSa2p7af39lhxyzpfzfSTcZMm5r6693d5813vz5fLn1Ou1LG1kI3u1rGcpv+wEADhL9gaDfB0MlqveBwBwckbf/0MzSr7NW++HAwCcPs9evHx0r9VqPi2KerK702/32+VjmX/wsNW8XQytj1ft9vvtc/v5O2W+mMyfz4Uka2k1707Nr+TmjeH6Tz9z9x+3DuRXs3n8xwcAAAAAAAAAAAAAAAAAAAAAgEo0in1T5/s0GrPyZfTbfKAD83uWc9VwQAAAAAAAAAAAAAAAAAAAADiU3vsP2687na3uOFhNMvnMYsHg0swW04IiydGb/m2wlJPrddqC2lGW37pSvvtTa54nOa7NZzR1Yk7N9YlP+PdFez25+KeaLPbKK0nm16zNP+C/CMbXiNUKrksAAAAAAAAAAAAAAAAAAPA/Gv3Xt9btVb0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKhOef//zlZ3keBjkkMUj1rVKj4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ9iPAAAA///JOBz+")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
fcntl$setlease(r1, 0x400, 0x0)
unlink(&(0x7f0000000040)='./file1\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f0000000fc0)=[{{&(0x7f0000000340)=@in={0x2, 0x0, @multicast1}, 0x80, 0x0}, 0x1}, {{&(0x7f00000005c0)=@ieee802154={0x24, @long}, 0x80, &(0x7f0000000e40)=[{&(0x7f0000000640)=""/108, 0x6c}, {&(0x7f0000000700)=""/54, 0x36}, {&(0x7f0000000980)=""/119, 0x77}, {&(0x7f0000000a00)=""/221, 0xdd}, {&(0x7f0000000b00)=""/101, 0x65}, {&(0x7f0000000b80)=""/128, 0x80}, {&(0x7f0000000c00)=""/136, 0x88}, {&(0x7f0000000cc0)=""/73, 0x49}, {&(0x7f0000000d40)=""/232, 0xe8}], 0x9, &(0x7f0000000f00)=""/138, 0x8a}, 0x8001}], 0x2, 0x2, 0x0)
r5 = open(0x0, 0x40c5, 0x0)
r6 = inotify_init()
inotify_add_watch(r6, &(0x7f00000001c0)='./file0\x00', 0x6000400)
write$9p(r5, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b603803123f6ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c26a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca", 0x600)
chown(&(0x7f0000000000)='./file0\x00', 0x0, 0xee01)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r7=>0x0}, &(0x7f0000000280)=0x5)
setuid(r7)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00'}, 0x10)

1.22335099s ago: executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
inotify_init1(0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_int(r4, &(0x7f0000000040)='cpuset.mems\x00', 0x2, 0x0)
r6 = openat$cgroup_ro(r4, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8001)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4)
syz_emit_ethernet(0x4e, &(0x7f0000000240)={@local, @link_local, @val={@void}, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\b\b\x00', 0x14, 0x2f, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {[], {{0x0, 0x8906, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r7, &(0x7f00000077c0)={0x2020}, 0x2020)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r7}})
ioctl$BLKSECDISCARD(r8, 0x127d, &(0x7f0000000080)=0x8)
r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fchdir(r9)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r11 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r10}, 0x10)
close(r11)

1.206010633s ago: executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ptrace(0x10, 0x1)
wait4(0xffffffffffffffff, &(0x7f0000000080), 0x0, &(0x7f0000000140))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b00)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0)
syz_open_procfs$pagemap(0x0, &(0x7f00000002c0))
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x200040c}, 0x10)
write(r1, &(0x7f00000005c0)="240000001e005f0214fffffffffffff80700000000000000000000712700080016000000", 0x24)
fstat(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f0000002440)={0x90, 0x0, 0x0, {0x2, 0x0, 0x0, 0x101, 0x7, 0x400, {0x5, 0x101, 0xfff, 0x8, 0x2, 0x0, 0x8000, 0x9, 0x401, 0x6000, 0x5, 0x0, r3, 0x0, 0x385}}}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
syz_open_procfs(0x0, &(0x7f00000001c0)='status\x00')
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r4}, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000001c000000000000002300850000000700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
dup2(r5, r5)
r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
readv(r6, &(0x7f0000002140)=[{&(0x7f00000010c0)=""/29, 0x1d}], 0x1)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x3000490, &(0x7f0000004300)={[{@lazytime}, {@usrjquota}, {@errors_remount}, {@journal_path={'journal_path', 0x3d, './bus'}}, {@auto_da_alloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40000}}, {@min_batch_time={'min_batch_time', 0x3d, 0x81}}, {@barrier_val}, {@grpjquota}, {}], [{@uid_eq={'uid', 0x3d, r2}}]}, 0x45, 0x7b1, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==")

372.457972ms ago: executing program 2:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="f042f85b0000000000000000000000008500000061000000850000007d000066950000000000000010be63bb13a09176dc82180c9aad7a6590a0"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x46)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe40, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f05dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
timer_create(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x9, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x51, 0x7a, 0xa, 0xff00}, [@call={0x55}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0}, 0x48)
prctl$PR_MCE_KILL(0x23, 0x4, 0x7fffffffeffe)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={0x0}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), r0)
sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000940)=ANY=[@ANYBLOB="ff070000", @ANYRES16=r3, @ANYBLOB="000226bd7000fbdbdf2508000000a80004800900010073797a31000000001300010062726f6164636173742d6c696e6b00001300010062726f6164636173742d6c696e6b00000900010073797a30000000001300010062726f6164636173742d6c696e6b00000900010073797a30000000001300010062726f6164636173742d6c696e6b00000c0007800800040007000000240007800800040009000000080003005c0d000008000400060000000800020001000000400007800800010020000000080002000200000008000200060000000c00040001000000000000000c00040008000000000000000c00030007000000000000002800028008000100e0ffffff04000400080001000800000004000400080002000100000004000400dc0001803c00028008000400ff0300000800030080000000080001000f000000080001001e00000008000100000100000800030001000000080001001a0000000d0001007564703a73797a30000000002c000280080001001d00000008000200050000000800010014000000080004000100000008000200ff7f0000080001007564703a73797a32000000000d0001007564703a73797a320000000008000300090000001c00028008000200810000000800010002000000080001000c0000001200010069623a76657468305f766c616e00000008000300050000005800078008000200ffffff7f0c00040001000000000000000c000300020000000000000008000100ff030000080001007f0000000c000400ff7f0000000000000c00040002000000000000000c000400000000000000000024010480340007800800030003000000080002000200000008000400ff7f0000080001001400000008000200030000000800040087cd00002c0007800800040017da0000080004000900000008000400030000000800010004000000080001001d0000001300010062726f6164636173742d6c696e6b00003c0007800800040000000002080003000100000008000400faffffff08000300010000800800010000000000080002009a00000008000300000000800900010073797a30000000004c000780080001000b000000080001000a00000008000400e00a000008000100190000000800010002000000080003003f0000000800030009000000080003000700000008000300feffffff0900010073797a30000000000c000780080001000b0000000c00038008000100ffffffff440002802400038008000200410100000800020007000000080002000100000008000200080000000800020005000000080001002c000000040004000800010008000000180002800400040008000200070000000400038004000400240003800800030003000000080002000101000008000100000200000800030009000000"], 0x408}, 0x1, 0x0, 0x0, 0x20000040}, 0x14)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000001480)=ANY=[@ANYBLOB='huge=always'])
chdir(&(0x7f0000000140)='./file0\x00')
r4 = creat(&(0x7f00000001c0)='./file1\x00', 0x0)
lseek(r4, 0x7ffffc, 0x0)
write$binfmt_elf64(r4, &(0x7f0000001a40)=ANY=[], 0xfd14)
fallocate(r4, 0x0, 0x0, 0x6)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
socketpair(0x1, 0x1, 0x0, &(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x16, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509011f00000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000000018120000", @ANYRES32, @ANYBLOB="000000e8ff000000b703000000000000850000020c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffdde, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x5}, 0x8}, 0x90)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r6], 0x4c}}, 0x0)

210.358198ms ago: executing program 2:
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x9)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$inet6(0xa, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r2, 0x0, r4, 0x0, 0x8000f28, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r5, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000940)={0x42, 0x4}, 0x10)
r6 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r6, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xffffffff}}, 0x10)
close(r5)
sendmsg$NFT_BATCH(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x24, 0x9, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_SET_EXPRESSIONS={0x10, 0x12, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @cmp={{0x8}, @void}}]}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x0, 0x0, 0x0, {0xa, 0x0, 0x3}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}], {0x14}}, 0x6c}}, 0x10)
splice(r3, 0x0, r1, 0x0, 0x7f, 0xe)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x60, 0x10, 0xfffff63d, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x30, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc}, @IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0xffff}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc}, @IFLA_BR_MCAST_ROUTER={0x5}]}}}]}, 0x60}}, 0x0)

16.936738ms ago: executing program 3:
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='jbd2_checkpoint_stats\x00'}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x40002, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000001010101"], 0x50}}, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x14d52, &(0x7f0000000240)=ANY=[], 0xfe, 0x1221, &(0x7f0000002dc0)="$eJzs3E9rHGUcB/Bf1q1JU/NHrdX2oA968TQ0OXgSNEgKkgWlNkIrCFMz0SXjbsgsgRWxevLq6xCP3gTxDeTia/CWi956UEcym2jSbrRVm/jn8zns/NhnvjPPs8wOzPI8u/viZ+9vrFfZej6I1sREtDYj0u0UKVpx4OmV0fb6jZWlTmf5akpXlq4tvJBSmn3m67c+/OLZbwbn3vxy9qvJ2Jl/e/f7xe92Luxc3P352nvdKnWr1OsPUp5u9vuD/GZZpLVutZGl9HpZ5FWRur2q2DrSvl72NzeHKe+tzUxvbhVVlfLeMG0UwzTop8HWMOXv5t1eyrIszUwHxzrzx7usfn67ruuIuj4TD0dd1/XZmI5z8UjMxGx8HBGPxmPxeJyPJ+JCPBlPxcVmr5PoPgAAAAAAAAAAAAAAAAAAAPx//N76/7mYt/4fAAAAAAAAAAAAAAAAAAAATsAb12+sLHU6y1dTmoooP91e3V4dbUftS+vRjTKKuBxz8WM0q/9HRvWVVzvLl1NjPj4pb+3nb22vPtTkJ/de9vILzd8J7OfbTdtBfmGUT0fzkzF9+PyLMRfnx59/cWx+Kp5/7lA+i7n49p3oRxlrzbl/y3+0kNIrr3XuyF9q9gMAAID/giz9auzze5Yd1z7K38fvA3c8X7fjUvt0x05ENfxgIy/LYutoMXXXO4p7L1oP6Mit+IcMcEzxU/0Ajjyxf5XeR+rQhb13Dzrtj+Wei5f/alfP/s0dO717Eifn7i8OAAAAAAAAAAAA/wZ/foZgO+K46ag/TB00tWPMzLKXTmeoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8As7cCwAAAAAIMzfOo2ODQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA//950sOV")
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000280)={0x4376ea830d56d49d})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x0, 0x200000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000000c0)={0x1, 0x3, 0x9, 0x0, 0xd7, 0x55, 0x80, 0x5, 0x4, 0x91, 0x0, 0x3, 0x0, 0x4, 0x8, 0x6, 0x5, 0x1, 0x9b})

0s ago: executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
inotify_init1(0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_int(r4, &(0x7f0000000040)='cpuset.mems\x00', 0x2, 0x0)
r6 = openat$cgroup_ro(r4, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x8001)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4)
syz_emit_ethernet(0x4e, &(0x7f0000000240)={@local, @link_local, @val={@void}, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\b\b\x00', 0x14, 0x2f, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {[], {{0x0, 0x8906, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r7, &(0x7f00000077c0)={0x2020}, 0x2020)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r7}})
ioctl$BLKSECDISCARD(r8, 0x127d, &(0x7f0000000080)=0x8)
r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fchdir(r9)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r11 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r10}, 0x10)
close(r11)

kernel console output (not intermixed with test programs):

[    5.321480][  T162] udevd[162]: starting eudev-3.2.11
[    6.482927][  T195] ip (195) used greatest stack depth: 23320 bytes left
[    7.082474][  T140] rcS (140) used greatest stack depth: 21912 bytes left
[   14.387902][   T23] kauditd_printk_skb: 50 callbacks suppressed
[   14.387910][   T23] audit: type=1400 audit(1718934757.230:61): avc:  denied  { transition } for  pid=287 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   14.391888][   T23] audit: type=1400 audit(1718934757.230:62): avc:  denied  { noatsecure } for  pid=287 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   14.394692][   T23] audit: type=1400 audit(1718934757.230:63): avc:  denied  { write } for  pid=287 comm="sh" path="pipe:[10515]" dev="pipefs" ino=10515 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   14.397206][  T287] sh (287) used greatest stack depth: 21752 bytes left
[   14.398598][   T23] audit: type=1400 audit(1718934757.230:64): avc:  denied  { rlimitinh } for  pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   14.401793][   T23] audit: type=1400 audit(1718934757.230:65): avc:  denied  { siginh } for  pid=287 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.216' (ED25519) to the list of known hosts.
2024/06/21 01:52:44 fuzzer started
2024/06/21 01:52:44 dialing manager at 10.128.0.163:30000
[   21.787615][   T23] audit: type=1400 audit(1718934764.630:66): avc:  denied  { node_bind } for  pid=345 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   21.810404][   T23] audit: type=1400 audit(1718934764.650:67): avc:  denied  { name_bind } for  pid=345 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   21.852077][   T23] audit: type=1400 audit(1718934764.690:68): avc:  denied  { mounton } for  pid=354 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   21.855966][  T354] cgroup1: Unknown subsys name 'net'
[   21.880089][  T354] cgroup1: Unknown subsys name 'net_prio'
[   21.885857][  T354] cgroup1: Unknown subsys name 'devices'
[   21.893898][   T23] audit: type=1400 audit(1718934764.690:69): avc:  denied  { setattr } for  pid=356 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=892 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   21.913860][  T357] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   21.918092][   T23] audit: type=1400 audit(1718934764.690:70): avc:  denied  { mount } for  pid=354 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.947293][   T23] audit: type=1400 audit(1718934764.730:71): avc:  denied  { unmount } for  pid=354 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.966825][   T23] audit: type=1400 audit(1718934764.740:72): avc:  denied  { mounton } for  pid=360 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   21.991298][   T23] audit: type=1400 audit(1718934764.740:73): avc:  denied  { mount } for  pid=360 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   22.014309][   T23] audit: type=1400 audit(1718934764.760:74): avc:  denied  { relabelto } for  pid=357 comm="mkswap" name="swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.014539][  T355] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   22.039596][   T23] audit: type=1400 audit(1718934764.760:75): avc:  denied  { write } for  pid=357 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.109165][  T354] cgroup1: Unknown subsys name 'hugetlb'
[   22.114851][  T354] cgroup1: Unknown subsys name 'rlimit'
2024/06/21 01:52:45 starting 5 executor processes
[   22.674856][  T369] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.681956][  T369] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.689623][  T369] device bridge_slave_0 entered promiscuous mode
[   22.727491][  T369] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.734310][  T369] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.741712][  T369] device bridge_slave_1 entered promiscuous mode
[   22.874405][  T375] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.881449][  T375] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.888742][  T375] device bridge_slave_0 entered promiscuous mode
[   22.899430][  T375] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.906253][  T375] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.913599][  T375] device bridge_slave_1 entered promiscuous mode
[   22.948783][  T374] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.955604][  T374] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.962988][  T374] device bridge_slave_0 entered promiscuous mode
[   22.985491][  T374] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.992649][  T374] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.999916][  T374] device bridge_slave_1 entered promiscuous mode
[   23.019469][  T376] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.026296][  T376] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.033678][  T376] device bridge_slave_0 entered promiscuous mode
[   23.040660][  T376] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.047580][  T376] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.054870][  T376] device bridge_slave_1 entered promiscuous mode
[   23.129562][  T377] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.136489][  T377] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.143768][  T377] device bridge_slave_0 entered promiscuous mode
[   23.150873][  T377] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.157724][  T377] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.165113][  T377] device bridge_slave_1 entered promiscuous mode
[   23.205147][  T369] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.211991][  T369] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.219125][  T369] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.225950][  T369] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.323258][  T124] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.330440][  T124] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.339024][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   23.346323][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.371095][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.379186][  T124] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.386081][  T124] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.393892][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.402166][  T124] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.409002][  T124] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.457258][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.465010][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.498293][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.505615][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.513829][  T124] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.520666][  T124] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.528428][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   23.569331][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.577710][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.585032][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.593424][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.601871][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.610217][  T379] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.617046][  T379] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.624335][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.632527][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.640579][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.648597][  T379] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.655401][  T379] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.662920][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   23.680559][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   23.688121][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.695356][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   23.703833][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   23.711998][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   23.720297][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.728309][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.735116][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.742361][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   23.750664][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.758735][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.765542][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.772839][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   23.781156][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.789187][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.795995][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.803371][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   23.811747][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.819756][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.826572][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.834121][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   23.842330][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   23.867379][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   23.875542][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.883797][  T124] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.890627][  T124] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.899435][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   23.907492][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.915522][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   23.923657][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.931715][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   23.939724][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.947654][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   23.955412][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.976808][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   23.984714][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.993529][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   24.001807][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.009486][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   24.017347][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.025004][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   24.032859][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.077348][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.085525][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.096589][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.104724][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.123194][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.131739][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.140101][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.147908][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.163134][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.171193][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.179254][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.187371][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.202520][  T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.210808][  T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.219134][  T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.226818][  T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.246739][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.254699][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.263113][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.271135][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.279080][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.287140][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.300089][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.308252][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.316306][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.324770][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.340628][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.348900][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.357192][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.365092][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.373390][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.381559][  T379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.411754][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.814747][  T369] ------------[ cut here ]------------
[   24.820033][  T369] WARNING: CPU: 0 PID: 369 at fs/overlayfs/util.c:450 ovl_dir_modified+0x45c/0x570
[   24.829121][  T369] Modules linked in:
[   24.832857][  T369] CPU: 0 PID: 369 Comm: syz-executor.4 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0
[   24.842748][  T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   24.852657][  T369] RIP: 0010:ovl_dir_modified+0x45c/0x570
[   24.858116][  T369] Code: c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 5c 3b ae ff 49 ff 45 00 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 34 56 7e ff <0f> 0b e9 91 fd ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 30 fc ff
[   24.877561][  T369] RSP: 0018:ffff8881d8eafb48 EFLAGS: 00010293
[   24.883454][  T369] RAX: ffffffff81e5e5ec RBX: 0000000000000000 RCX: ffff8881d8d98000
[   24.891264][  T369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   24.899078][  T369] RBP: ffff8881e8b55bb0 R08: ffffffff81e5e376 R09: ffffed103b5a7e7c
[   24.906893][  T369] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[   24.914702][  T369] R13: ffff8881dad3f338 R14: ffff8881dad3f388 R15: ffff8881e8b55be0
[   24.922512][  T369] FS:  0000555556adc480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   24.931460][  T369] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   24.937883][  T369] CR2: 00007ffd10d21df8 CR3: 00000001d8e96000 CR4: 00000000003406b0
[   24.945696][  T369] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   24.953699][  T369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   24.961492][  T369] Call Trace:
[   24.964629][  T369]  ? __warn+0x162/0x250
[   24.968622][  T369]  ? report_bug+0x3a1/0x4e0
[   24.972959][  T369]  ? ovl_dir_modified+0x45c/0x570
[   24.977816][  T369]  ? ovl_dir_modified+0x45c/0x570
[   24.982670][  T369]  ? do_invalid_op+0x6e/0x110
[   24.987184][  T369]  ? invalid_op+0x1e/0x30
[   24.991354][  T369]  ? ovl_dir_modified+0x1e6/0x570
[   24.996208][  T369]  ? ovl_dir_modified+0x45c/0x570
[   25.001071][  T369]  ? ovl_dir_modified+0x45c/0x570
[   25.005931][  T369]  ? ovl_dir_modified+0x45c/0x570
[   25.010799][  T369]  ? ovl_path_type+0x18e/0x2f0
[   25.015392][  T369]  ovl_do_remove+0x6f0/0xc80
[   25.019822][  T369]  ? retint_kernel+0x1b/0x1b
[   25.024244][  T369]  ? ovl_set_redirect+0x5f0/0x5f0
[   25.029107][  T369]  ? vfs_rmdir+0x16f/0x3c0
[   25.033357][  T369]  ? ovl_rmdir+0x9/0x20
[   25.037351][  T369]  vfs_rmdir+0x285/0x3c0
[   25.041431][  T369]  incfs_kill_sb+0x105/0x200
[   25.045860][  T369]  deactivate_locked_super+0xa8/0x110
[   25.051063][  T369]  deactivate_super+0x1e2/0x2a0
[   25.055758][  T369]  ? vfs_submount+0xb0/0xb0
[   25.060102][  T369]  ? deactivate_locked_super+0x110/0x110
[   25.065559][  T369]  ? fast_dput+0x7a/0x280
[   25.069724][  T369]  cleanup_mnt+0x44e/0x500
[   25.073975][  T369]  task_work_run+0x140/0x170
[   25.078405][  T369]  exit_to_usermode_loop+0x190/0x1a0
[   25.083526][  T369]  prepare_exit_to_usermode+0x199/0x200
[   25.088907][  T369]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   25.094643][  T369] RIP: 0033:0x7f01fdd06257
[   25.098883][  T369] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[   25.118324][  T369] RSP: 002b:00007ffd10d225a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   25.126569][  T369] RAX: 0000000000000000 RBX: 00007f01fdd616c6 RCX: 00007f01fdd06257
[   25.134378][  T369] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd10d22660
[   25.142191][  T369] RBP: 00007ffd10d22660 R08: 0000000000000000 R09: 0000000000000000
[   25.150029][  T369] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd10d23750
[   25.157815][  T369] R13: 00007f01fdd616c6 R14: 0000000000005de8 R15: 0000000000000014
[   25.165627][  T369] ---[ end trace c228b76e4e58e1b5 ]---
[   25.192611][  T369] ------------[ cut here ]------------
[   25.197889][  T369] WARNING: CPU: 0 PID: 369 at fs/overlayfs/util.c:450 ovl_dir_modified+0x45c/0x570
[   25.206981][  T369] Modules linked in:
[   25.210727][  T369] CPU: 0 PID: 369 Comm: syz-executor.4 Tainted: G        W         5.4.274-syzkaller-00002-g6f97bd951d82 #0
[   25.222026][  T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   25.231908][  T369] RIP: 0010:ovl_dir_modified+0x45c/0x570
[   25.237367][  T369] Code: c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 5c 3b ae ff 49 ff 45 00 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 34 56 7e ff <0f> 0b e9 91 fd ff ff 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 30 fc ff
[   25.256806][  T369] RSP: 0018:ffff8881d8eafb48 EFLAGS: 00010293
[   25.262705][  T369] RAX: ffffffff81e5e5ec RBX: 0000000000000000 RCX: ffff8881d8d98000
[   25.270514][  T369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   25.278332][  T369] RBP: ffff8881e8b55bb0 R08: ffffffff81e5e376 R09: ffffed103b5a7e7c
[   25.286140][  T369] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[   25.293960][  T369] R13: ffff8881dad3f338 R14: ffff8881dad3f388 R15: ffff8881e8b55be0
[   25.301763][  T369] FS:  0000555556adc480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   25.310530][  T369] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.317088][  T369] CR2: 000055700af7a078 CR3: 00000001d8e96000 CR4: 00000000003406b0
[   25.325028][  T369] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   25.332838][  T369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   25.340645][  T369] Call Trace:
[   25.343787][  T369]  ? __warn+0x162/0x250
[   25.347771][  T369]  ? report_bug+0x3a1/0x4e0
[   25.352121][  T369]  ? ovl_dir_modified+0x45c/0x570
[   25.356974][  T369]  ? ovl_dir_modified+0x45c/0x570
[   25.361832][  T369]  ? do_invalid_op+0x6e/0x110
[   25.366343][  T369]  ? invalid_op+0x1e/0x30
[   25.370509][  T369]  ? ovl_dir_modified+0x1e6/0x570
[   25.375369][  T369]  ? ovl_dir_modified+0x45c/0x570
[   25.380230][  T369]  ? ovl_dir_modified+0x45c/0x570
[   25.385090][  T369]  ? ovl_dir_modified+0x45c/0x570
[   25.389948][  T369]  ? ovl_path_type+0x18e/0x2f0
[   25.394555][  T369]  ovl_do_remove+0x6f0/0xc80
[   25.398982][  T369]  ? ovl_set_redirect+0x5f0/0x5f0
[   25.403838][  T369]  ? security_inode_rmdir+0xca/0x110
[   25.408958][  T369]  vfs_rmdir+0x285/0x3c0
[   25.413041][  T369]  incfs_kill_sb+0x18d/0x200
[   25.417467][  T369]  deactivate_locked_super+0xa8/0x110
[   25.422670][  T369]  deactivate_super+0x1e2/0x2a0
[   25.427359][  T369]  ? vfs_submount+0xb0/0xb0
[   25.431697][  T369]  ? deactivate_locked_super+0x110/0x110
[   25.437168][  T369]  ? fast_dput+0x7a/0x280
[   25.441331][  T369]  cleanup_mnt+0x44e/0x500
[   25.445584][  T369]  task_work_run+0x140/0x170
[   25.450013][  T369]  exit_to_usermode_loop+0x190/0x1a0
[   25.455138][  T369]  prepare_exit_to_usermode+0x199/0x200
[   25.460516][  T369]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   25.466245][  T369] RIP: 0033:0x7f01fdd06257
[   25.470510][  T369] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[   25.490113][  T369] RSP: 002b:00007ffd10d225a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   25.498446][  T369] RAX: 0000000000000000 RBX: 00007f01fdd616c6 RCX: 00007f01fdd06257
[   25.506259][  T369] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd10d22660
[   25.514067][  T369] RBP: 00007ffd10d22660 R08: 0000000000000000 R09: 0000000000000000
[   25.521879][  T369] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd10d23750
[   25.529690][  T369] R13: 00007f01fdd616c6 R14: 0000000000005de8 R15: 0000000000000014
[   25.537505][  T369] ---[ end trace c228b76e4e58e1b6 ]---
[   26.061878][  T398] tipc: Failed to remove local publication {66,0,0}/3345909323
[   26.069808][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.078164][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   26.086484][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.094829][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   26.103193][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.123899][  T400] syz-executor.2 (400) used greatest stack depth: 21624 bytes left
[   26.153079][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   26.213339][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.662175][  T416] ======================================================
[   26.662175][  T416] WARNING: the mand mount option is being deprecated and
[   26.662175][  T416]          will be removed in v5.15!
[   26.662175][  T416] ======================================================
[   26.704349][  T424] tipc: Failed to remove local publication {66,0,0}/3175523819
[   26.821846][  T422] cgroup: syz-executor.3 (422) created nested cgroup for controller "memory" which has incomplete hierarchy support. Nested cgroups may change behavior in the future.
[   26.838564][  T422] cgroup: "memory" requires setting use_hierarchy to 1 on the root
[   26.917864][   T23] kauditd_printk_skb: 37 callbacks suppressed
[   26.917887][   T23] audit: type=1400 audit(1718934769.760:113): avc:  denied  { mount } for  pid=414 comm="syz-executor.1" name="/" dev="loop1" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   27.061291][  T411] syz-executor.2 (411) used greatest stack depth: 20824 bytes left
[   27.318142][   T23] audit: type=1400 audit(1718934770.130:114): avc:  denied  { watch } for  pid=414 comm="syz-executor.1" path="/root/syzkaller-testdir1970102480/syzkaller.tHrvI6/0/file1/file0" dev="loop1" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1
[   27.412484][  T414] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF
[  127.436381][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  127.443131][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P18
[  127.450074][    C0] 	(detected by 0, t=10002 jiffies, g=1109, q=528)
[  127.456409][    C0] kworker/1:0     R  running task    25688    18      2 0x80004000
[  127.464145][    C0] Workqueue: ipv6_addrconf addrconf_dad_work
[  127.469945][    C0] Call Trace:
[  127.473082][    C0]  __schedule+0xb05/0x1320
[  127.477342][    C0]  ? __local_bh_enable_ip+0x4f/0x70
[  127.482377][    C0]  ? is_mmconf_reserved+0x430/0x430
[  127.487401][    C0]  ? check_preemption_disabled+0x9f/0x320
[  127.492951][    C0]  ? preempt_schedule+0xd9/0xe0
[  127.497641][    C0]  preempt_schedule_common+0x83/0xd0
[  127.502762][    C0]  preempt_schedule+0xd9/0xe0
[  127.507273][    C0]  ? schedule_preempt_disabled+0x20/0x20
[  127.512742][    C0]  ? reschedule_interrupt+0xa/0x20
[  127.517691][    C0]  ___preempt_schedule+0x16/0x20
[  127.522459][    C0]  ? check_preemption_disabled+0x91/0x320
[  127.528015][    C0]  __local_bh_enable_ip+0x60/0x70
[  127.532875][    C0]  ip6_finish_output2+0xfaa/0x18e0
[  127.537825][    C0]  ? __ip6_finish_output+0x790/0x790
[  127.542944][    C0]  ? ip6_mtu+0xe2/0x130
[  127.546938][    C0]  ? __ip6_finish_output+0x5e4/0x790
[  127.552056][    C0]  ip6_output+0x1b3/0x430
[  127.556223][    C0]  ? asan.module_dtor+0x20/0x20
[  127.560912][    C0]  ? ip6_output+0x430/0x430
[  127.565250][    C0]  ? nf_hook_slow+0x196/0x1e0
[  127.569762][    C0]  mld_sendpack+0x606/0xb50
[  127.574103][    C0]  ? add_grec+0x12f0/0x12f0
[  127.578440][    C0]  ? preempt_schedule_common+0xa6/0xd0
[  127.583733][    C0]  ? mld_send_report+0x210/0x210
[  127.588508][    C0]  ? schedule_preempt_disabled+0x20/0x20
[  127.593976][    C0]  ? check_preemption_disabled+0x9f/0x320
[  127.599532][    C0]  ? ___preempt_schedule+0x16/0x20
[  127.604478][    C0]  ? check_preemption_disabled+0x91/0x320
[  127.610032][    C0]  ? __local_bh_enable_ip+0x60/0x70
[  127.615150][    C0]  ? mld_send_initial_cr+0x22d/0x2b0
[  127.620272][    C0]  ipv6_mc_dad_complete+0x70/0x3a0
[  127.625222][    C0]  addrconf_dad_completed+0x6e9/0xdb0
[  127.630430][    C0]  ? addrconf_dad_stop+0x420/0x420
[  127.635376][    C0]  ? ___preempt_schedule+0x16/0x20
[  127.640323][    C0]  ? check_preemption_disabled+0x91/0x320
[  127.645889][    C0]  addrconf_dad_work+0xe4d/0x16f0
[  127.650741][    C0]  ? finish_task_switch+0x130/0x590
[  127.655774][    C0]  ? ipv6_get_saddr_eval+0xea0/0xea0
[  127.660897][    C0]  ? _raw_spin_lock_irq+0xa5/0x1b0
[  127.665840][    C0]  ? _raw_spin_lock_irqsave+0x210/0x210
[  127.671222][    C0]  ? read_word_at_a_time+0xe/0x20
[  127.676078][    C0]  ? strscpy+0x89/0x220
[  127.680074][    C0]  process_one_work+0x765/0xd20
[  127.684764][    C0]  worker_thread+0xaef/0x1470
[  127.689277][    C0]  kthread+0x2da/0x360
[  127.693177][    C0]  ? worker_clr_flags+0x170/0x170
[  127.698037][    C0]  ? kthread_blkcg+0xd0/0xd0
[  127.702464][    C0]  ret_from_fork+0x1f/0x30
[  127.706733][    C0] rcu: rcu_preempt kthread starved for 9994 jiffies! g1109 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  127.717558][    C0] rcu: RCU grace-period kthread stack dump:
[  127.723292][    C0] rcu_preempt     R  running task    28920    11      2 0x80004000
[  127.731015][    C0] Call Trace:
[  127.734148][    C0]  __schedule+0xb05/0x1320
[  127.738401][    C0]  ? is_mmconf_reserved+0x430/0x430
[  127.743428][    C0]  ? _raw_spin_lock_irqsave+0xf9/0x210
[  127.748726][    C0]  ? _raw_spin_lock+0x1b0/0x1b0
[  127.753410][    C0]  schedule+0x12c/0x1d0
[  127.757402][    C0]  schedule_timeout+0x188/0x3d0
[  127.762092][    C0]  ? prepare_to_swait_event+0x35c/0x3a0
[  127.767471][    C0]  ? console_conditional_schedule+0x10/0x10
[  127.773199][    C0]  ? run_local_timers+0x160/0x160
[  127.778060][    C0]  ? finish_swait+0xa5/0x1a0
[  127.782495][    C0]  rcu_gp_kthread+0xea0/0x1d10
[  127.787085][    C0]  ? _raw_spin_unlock_irq+0x4a/0x60
[  127.792119][    C0]  ? dyntick_save_progress_counter+0x1b0/0x1b0
[  127.798113][    C0]  ? rcu_barrier_callback+0x50/0x50
[  127.803151][    C0]  ? _raw_spin_lock+0x1b0/0x1b0
[  127.807832][    C0]  ? is_mmconf_reserved+0x430/0x430
[  127.812863][    C0]  ? __wake_up_locked+0xb7/0x110
[  127.817640][    C0]  ? __kthread_parkme+0xb0/0x1b0
[  127.822410][    C0]  kthread+0x2da/0x360
[  127.826316][    C0]  ? rcu_barrier_callback+0x50/0x50
[  127.831352][    C0]  ? kthread_blkcg+0xd0/0xd0
[  127.835787][    C0]  ret_from_fork+0x1f/0x30
serialport: VM disconnected.