last executing test programs:

1.475647022s ago: executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000380)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x2, {0x2, 0x8}}, 0x0, 0x0, &(0x7f00000002c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x0, 0x0, 0x0, "c116b277", "56ac5913"}}, 0x0}, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.368638518s ago: executing program 3:
r0 = socket(0x10, 0x803, 0x0)
write(r0, &(0x7f0000000040)="2600000022004701050007108980e8ff06006d20002b1f00c0e90101c7bb0000b00000000000", 0x26)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000d9bffc), 0x4)
sendto(r0, &(0x7f00000005c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000100)=""/98, 0x62}, {&(0x7f00000004c0)=""/203, 0xcb}, {&(0x7f0000001a40)=""/4093, 0xffd}, {&(0x7f0000000240)=""/185, 0xb9}, {&(0x7f0000001080)=""/189, 0xbd}, {&(0x7f0000000000)=""/26, 0x1a}, {&(0x7f0000000740)=""/45, 0x2d}], 0x7}}], 0x1, 0x0, 0x0)

1.312955417s ago: executing program 3:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x38}}, 0x0)
r0 = socket$inet6(0xa, 0x3, 0xff)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x207}, 0x1c)
r1 = dup2(r0, r0)
sendmmsg$unix(r1, &(0x7f0000004d00)=[{{&(0x7f0000000000)=@abs, 0x6e, 0x0}}], 0x1, 0x0)

1.305204828s ago: executing program 3:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f00000003c0)={[{@errors_remount}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7}}, {@noquota}, {@resuid}, {@bh}, {@nobh}, {@data_err_abort}, {@delalloc}, {@resgid}]}, 0x10, 0x4d0, &(0x7f0000000ec0)="$eJzs3c9rHG0dAPDvTLJvf+U1qXqoBdtiK2nR7iaNbYOHWkHsqaDWe43JJoRssiG7aZtQJMW7gogKnjx5EfwPpH+CCAW9SxVFtNWDB3VlZ2f7I+42kW53+iafD0zneZ7Z3e/3adiZeWYedgI4tM5FxM2IGImISxExnren+XKrXdnpvO75s4fz7SWJVuvOX5NI8rbuZyX5+kTnLXE0Ir5xK+Lbyf/GbWxtr8zVatWNvF5prq5XGlvbl5dX55aqS9W1mZnpa7PXZ6/OTg2knxMRceMrf/zR93/+1Ru/+vz939/988XvtNMay7e/2o9B6nS9lP1fdI1GxMa7CFaAkXxd6rP9eyNDTAYAgD21z/E/HhGfyc7/x2MkOzsFAAAADpLWl8biX0lECwAAADiw0mwObJKW87kAY5Gm5XJnDu8n43haqzean1usb64tdObKTkQpXVyuVafyucITUUra9el8jm23fmVXfSYiTkbED8ePZfXyfL22UPTFDwAAADgkTuwa//9jPBv/Hyk6LwAAAGDAJopOAAAAAHjnjP8BAADg4DP+BwAAgAPta7dvt5dW9/nXC/e2Nlfq9y4vVBsr5dXN+fJ8fWO9vFSvL2W/2be61+fV6vX1L8Ta5oNKs9poVhpb23dX65trzbvLrz0CGwAAABiik2cf/y6JiJ0vHsuWtg+KTgoYimSP7dlDQp7mlT8MISFgaEaKTgAozGjRCQCFKRWdAFC4va4D9J288+vB5wIAALwbk5/qf//ftQE42NKiEwAAhs79fzi8Sq/PALxaXCZAUT62x/a3v//fav1fCQEAAAM3li1JWs7vBY5FmpbLER9mjwUoJYvLtepUPj747XjpSLs+nb0z2XPOMAAAAAAAAAAAAAAAAAAAAAAAAADQ0Wol0QIAAAAOtIj0T0n2a/4Rk+MXxnZfH/gg+ed4to6I+z+98+MHc83mxnS7/W8v2ps/yduvdFsAAACAInXH6d1xPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM0vNnD+e7yzDj/uXLETHRM/7Zo9nqaJQi4vjfkxh95X1JRIwMIP7Oo4g41St+0k4rJqKTRa/4xwqMn0bEiQHEh8PscXv/c7PX9y+Nc9m69/dvNF/eVv/9Xxrd/d9In/3Ph/uMcfrJLyt94z+KOD3ae//TjZ/0iX9+n/G/9c3t7X7bWj+LmOx5/Elei1Vprq5XGlvbl5dX55aqS9W1mZnpa7PXZ6/OTlUWl2vV/N+eMX7w6fjPm/p/vE/8iT36f2Gf/f/3kwfPPtEplnrFv3i+9/H3VJ/4aX7s+2xebm+f7JZ3OuVXnfnFb868qf8Lffr/4u/f40Dbjnlxn/2/9PXvPt3nSwGAIWhsba/M1WrVjY9iIY33Ig2FgRSOvGxJ34d8Dnmh6D0TAAAwaC9P+ovOBAAAAAAAAAAAAAAAAAAAAA6vYfyc2O6YO8V0FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgjf4bAAD//xAA2Eo=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='blkio.throttle.io_service_bytes_recursive\x00', 0x26e1, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x0, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f00000002c0)='./bus\x00', 0x14113e, 0x0)
write$binfmt_script(r1, &(0x7f0000000080), 0x208e24b)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000480)={0x2020, 0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
fchown(r2, 0x0, r4)
ioctl$FS_IOC_SETFLAGS(r0, 0x6611, 0x0)

813.329804ms ago: executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x7fff)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x43}}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@ccm_128={{0x304}, "c4d7826fade200", "75e29881592b9fd38bcad042e286f2cd", ')\x00\x000', "578619a280c847dd"}, 0x28)
sendfile(r0, r1, &(0x7f0000000100), 0x10001)

809.543655ms ago: executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800004e9d00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = socket$nl_route(0x10, 0x3, 0x0)
connect$netlink(r0, &(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000140)=0x7, 0x4)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x10)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001440)=@newtaction={0x850, 0x31, 0x1, 0x0, 0x0, {}, [{0x83c, 0x1, [@m_police={0x838, 0x0, 0x0, 0x0, {{0xb}, {0x80c, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x481, 0x9, 0x80000001, 0x270, 0x1, 0x5, 0x8, 0xfffffcef, 0x40, 0x0, 0x0, 0x7, 0xe, 0x1, 0x3f, 0x0, 0x1ff, 0x14, 0xc3, 0x4f4d, 0x80, 0x81, 0x1ca000, 0xffffffff, 0x8001, 0x5, 0x4, 0x7fff, 0x8, 0x2, 0x2, 0x81, 0x4, 0x7, 0x7fff, 0x7f, 0x7fff, 0x4, 0x1, 0x80000000, 0x1b2, 0x0, 0xffffffff, 0x6, 0x7fff, 0x20, 0x6, 0x6d, 0xffffffff, 0x0, 0xcb4d, 0x7, 0x4, 0x6, 0x2, 0x0, 0x4, 0x0, 0xfffffff8, 0x12000000, 0xab, 0x6, 0x8000, 0x3, 0x6fb, 0x8, 0x5c0000, 0x5, 0x6, 0xc9, 0x5, 0x5, 0xffff, 0x8000, 0x5, 0x5196, 0x6, 0x5, 0x20, 0x7, 0x9, 0x2, 0x760e, 0x1f, 0x6, 0x3, 0x4, 0x7, 0x0, 0x4, 0x0, 0x52caa97d, 0x8, 0x3, 0x400, 0x1, 0x6, 0x6, 0x4, 0x1000, 0xc04, 0x4, 0x0, 0x32, 0x3, 0xfff, 0x8, 0x3, 0x8, 0x6, 0x1f, 0x8001, 0x1491, 0x0, 0x8, 0xffffffdc, 0x7ff, 0x400, 0x8, 0x8, 0x3, 0x8, 0x3, 0x1, 0x7, 0x2, 0x3, 0x5bf, 0x9, 0x3, 0x4440, 0x4, 0x7ff, 0x0, 0x9, 0x906, 0x7f, 0xff, 0x5, 0x6, 0x1, 0x88a1, 0x7, 0xa6b, 0x5744, 0x0, 0x10000, 0x4, 0x10000, 0x4, 0xd2a3, 0x4, 0xfffffff7, 0x7ff, 0xfffffeff, 0x4, 0x8, 0xa99, 0xffffffff, 0x8, 0x9f, 0x1, 0x23, 0x10001, 0x9, 0x5, 0x1, 0x0, 0x24b4, 0x8, 0x8, 0x1, 0x2, 0xffffffff, 0x2f1, 0x4, 0x6, 0x9, 0x4, 0xfffffffb, 0x9, 0xfffffff9, 0x8001, 0x0, 0xffff, 0x1000, 0x4, 0x6000, 0x6c9, 0x8, 0x10001, 0x200, 0xbf8, 0x2000, 0x9ce9, 0x68, 0xc73, 0x5, 0x0, 0x400, 0x1000, 0x5, 0x8, 0xff, 0x9, 0x7, 0x5, 0xc3abf343, 0x8, 0xfffffffc, 0x6, 0x7fff, 0x4, 0x5, 0xc62, 0x81, 0x36, 0x6, 0xffffff80, 0x1, 0x10001, 0x10000, 0x10000, 0x0, 0x8, 0x77, 0x48, 0x3ff, 0x2fca, 0x3, 0x7, 0x3, 0x89, 0x1, 0x0, 0x0, 0x40, 0xfffffffc, 0x35, 0x0, 0x40, 0x5, 0x7, 0x6, 0x80, 0x200, 0x2, 0x7, 0x8000, 0x6, 0xfffffffe, 0x3, 0x7, 0x1, 0x9, 0xfffffff9]}, @TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x449, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x850}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000020000f0000f901000000000002"], 0x1c}}, 0x0)

746.199795ms ago: executing program 4:
pipe(&(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x141b01, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0)

715.853169ms ago: executing program 3:
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080), 0x4)
r0 = epoll_create1(0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002040)='/proc/stat\x00', 0x0, 0x0)
epoll_pwait(r0, &(0x7f0000000000)=[{}], 0x1, 0xe591, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000004500)={0xc000200c})

655.312359ms ago: executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'tunl0\x00', &(0x7f0000000140)=@ethtool_cmd={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45}})

630.675842ms ago: executing program 3:
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x12, 0x9c023d2d7e91de25, 0x0, 0x0, {}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x1, '\tESN'}]}, 0x54}}, 0x0)

620.045544ms ago: executing program 4:
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
pipe2$9p(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r4 = dup(r3)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}})
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000d00)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@fscache}]}})
chdir(&(0x7f0000000000)='./file0\x00')
mount$incfs(0x0, &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0)
fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
setuid(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x1c, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0)

548.794025ms ago: executing program 4:
r0 = socket(0x10, 0x803, 0x0)
write(r0, &(0x7f0000000040)="2600000022004701050007108980e8ff06006d20002b1f00c0e90101c7bb0000b00000000000", 0x26)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000d9bffc), 0x4)
sendto(r0, &(0x7f00000005c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000100)=""/98, 0x62}, {&(0x7f00000004c0)=""/203, 0xcb}, {&(0x7f0000001a40)=""/4093, 0xffd}, {&(0x7f0000000240)=""/185, 0xb9}, {&(0x7f0000001080)=""/189, 0xbd}, {&(0x7f0000000000)=""/26, 0x1a}, {&(0x7f0000000740)=""/45, 0x2d}], 0x7}}], 0x1, 0x0, 0x0)

528.953518ms ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x3, 0x48}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r1, 0x800)
unshare(0x22020400)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r3 = inotify_init()
inotify_add_watch(r3, &(0x7f00000000c0)='./bus\x00', 0x1)
pread64(r2, &(0x7f0000000100)=""/216, 0xd8, 0x0)
execve(&(0x7f0000000200)='./bus\x00', &(0x7f00000002c0)=[&(0x7f0000000240)='syzkaller\x00', &(0x7f0000000280)='\x00'], &(0x7f00000003c0)=[0x0])

452.98836ms ago: executing program 0:
r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x16d43e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0)
ftruncate(r1, 0x7fff)
fcntl$setstatus(r0, 0x4, 0x6800)
io_setup(0x7f, &(0x7f0000000100)=<r2=>0x0)
io_submit(r2, 0x2, &(0x7f0000000440)=[&(0x7f0000001540)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000001c0)="bc", 0x1}, &(0x7f0000000080)={0x0, 0x0, 0x2, 0x5, 0x0, r0, 0x0, 0x0, 0x8000}])

452.48791ms ago: executing program 2:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="020000000000000080000040"])

381.547391ms ago: executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_INPUT(r0, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)

372.407743ms ago: executing program 4:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
chdir(&(0x7f0000000000)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)

340.381497ms ago: executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x7fff)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x43}}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@ccm_128={{0x304}, "c4d7826fade200", "75e29881592b9fd38bcad042e286f2cd", ')\x00\x000', "578619a280c847dd"}, 0x28)
sendfile(r0, r1, &(0x7f0000000100), 0x10001)

327.128109ms ago: executing program 2:
unshare(0x400)
pipe(&(0x7f0000000bc0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
fcntl$setpipe(r0, 0x8, 0x80000000)

281.965156ms ago: executing program 2:
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x2000000, &(0x7f0000000180), 0x1, 0x520, &(0x7f0000000900)="$eJzs3d1rLGcZAPBnNtmer+iu2otaaHuwlZyiZzdpbBu8aCuIdwWl3h9Dsgkhm2zIbupJKJqD9woi2tteeSMI3grS/0BRCnovKkrRUwV7oY7M7OTkZLub5JD9oMnvB2/mnZmdeZ53kn3n85wJ4NK6GRGvRcRURDwfEZVieqkocdAt2ec+uP/WclaSSNM3/p5EUkzLPpYUJXOjWOxqd5D7d3o8bntvf2Op2WzsFOP1zuZ2vb23f3t9c2mtsdbYWliYf2nx5cUXF+eG0s6sXa989S8//sFPv/bKr7747T/e+dut72T5zhTzD9sxbN1tUs62xQPTEbEzimATMFW0pzzpRAAAOJPsGP/TEfG5/Pi/ElP50dzZJCPNDAAAABiW9NWZ+E8SkQIAAAAXVil/BjYp1YpnAWaiVKrVus/wPh7XS81Wu/OF1dbu1kr3WdlqlEur683GXPFMbTXKSTY+n9ePxl94MJ4cPHy94UeVa/n82nKruTK5yx4AAABwqdzoOf//V6V7/n+Ce2NLDgAAABie6lE1rUwyEQAAAGBkqh+Z8s5E8gAAAABG56Pn/wAAAMAF8vXXX89Kmr//uhqx8ube7kbrzdsrjfZGbXN3ubbc2tmurbVaa830SsTmaetrtlrbX4qt3bv1TqPdqbf39u9stna3OnfWj70CGwAAABijTz3z7h+SiDj48rW8ZB7LfkwNWMCzAnBhlB7lw38eXR7A+A3azQMX3/SkEwAmptwdJJPOA5ic0zqAgQ/v/Gb4uQAAAKMx+9n+9/+nj64NABfUI93/By4U9//h8nL/Hy6vsiMAuPRGf/8/TU9dFwAAMFIzeUlKteJe4EyUPky7ohrlZHW92ZiLiE9GxO8r5SvZ+Hy+ZOIfDQAAAAAAAAAAAAAAAAAAAAAAAADAGaVpEikAAABwoUWU/poU7/+arTw303t94LHkw0o+zN8O8MZP7i51Ojvz2fR/FNMjOm8X0194lCsP3jwOAAAAo3J4nn54Hg8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw/TB/beWD8vxOaWRxn3/KxFR7Rd/Oq7mw6tRjojr/0xi+nChZyKSiJgaQvyDexHxRL/4SZZWVIssjsUvtsq1PIuRx38qTdPv9ot/49zR4XJ7N+t/Xuv3/SvFzXzY//s/XZTzGtz/lR70f1N94mc9zyfOsP4rEfHkez+vD54b8eR0//7nMH4yIP6z/VbZZ6N865v7+4PyS9+JmD3a/3z/eISjWr2zuV1v7+3fXt9cWmusNbYWFuZfWnx58cXFufrqerNR/Owb44dP/fJ/g+K/fy/iet/9X7f/faj9S73tfy6rlAet+ch/37t7/zN5rZL2rCKPf+vZ/r//J47HP7Zps7+Jzxf7gWz+7GH9oFt/2NM/++3TJ7V/ZUD7T/v93+pZ16D98fPf+N6fTtxAAMBYtff2N5aazcbOyCtvp2k6plj5gci42nXuyuMfn1Tbe7/4Xbfyau+smye0Ir0y7j82lXNXenuKX4+/cwIAAIbq6KB/0pkAAAAAAAAAAAAAAAAAAADA5TWO/06sN+bBZJoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCi/wcAAP//rgHbtw==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f00000001c0)='./bus\x00', 0x0)
mkdirat(r0, &(0x7f0000000040)='./file1\x00', 0x0)
symlinkat(&(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
mount$overlay(0x0, &(0x7f00000022c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r1, 0x0, 0x0)

263.041689ms ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='percpu_free_percpu\x00', r1}, 0x10)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f0, 0x0, 0x168, 0x10, 0x0, 0xb, 0x220, 0x250, 0x250, 0x220, 0x250, 0x3, 0x0, {[{{@uncond, 0x6000000, 0x108, 0x128, 0x0, {0x0, 0x28e}, [@common=@unspec=@quota={{0x38}}, @inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x0, 0x5}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350)

203.362638ms ago: executing program 0:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000140)={{0xffffffffffffffff}})

106.421733ms ago: executing program 0:
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
pipe2$9p(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r4 = dup(r3)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}})
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000d00)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@fscache}]}})
chdir(&(0x7f0000000000)='./file0\x00')
mount$incfs(0x0, &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0)
fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
setuid(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x1c, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0)

34.465764ms ago: executing program 0:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x1c3a23, 0x0)
userfaultfd(0x80001)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"})
syz_open_pts(r1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
pselect6(0x40, &(0x7f0000000600), 0x0, &(0x7f0000000680)={0xff}, 0x0, 0x0)
ioctl$EVIOCGSW(r0, 0x5452, &(0x7f0000001440)=""/4103)

0s ago: executing program 2:
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan1\x00'})
ioperm(0x0, 0x208, 0x7)
mprotect(&(0x7f0000091000/0xc00000)=nil, 0xffffffffdff6efff, 0x0)
open$dir(&(0x7f0000000440)='./file0\x00', 0x60060, 0x70)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x4008, 0x3, 0x1d8, 0x110, 0x32, 0x148, 0x110, 0x148, 0x1f0, 0x240, 0x240, 0x1f0, 0x240, 0x7fffffe, 0x0, {[{{@ip={@empty, @loopback, 0x0, 0x0, 'ip6gretap0\x00', 'tunl0\x00'}, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "c0122d14aa4adbb2f185677879ad9ea60815c4a6f77b178f14a2f7054a9b"}}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x238)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x8, 0x3, 0x2c0, 0xd8, 0xffffffff, 0xffffffff, 0xd8, 0xffffffff, 0x1f0, 0xffffffff, 0xffffffff, 0x1f0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@mcast2, @local, [], [], 'vlan0\x00', 'wlan1\x00'}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [], [], 'hsr0\x00', 'veth1_to_hsr\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x320)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000007e40)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1=0xe0000010}}, 0x1c, 0x0}}], 0x6c00, 0x0)

kernel console output (not intermixed with test programs):

[    7.305280][   T23] audit: type=1400 audit(1718564940.600:27): avc:  denied  { create } for  pid=184 comm="dbus-daemon" name="messagebus.pid" scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[    7.310236][   T23] audit: type=1400 audit(1718564940.600:28): avc:  denied  { write open } for  pid=184 comm="dbus-daemon" path="/run/messagebus.pid" dev="tmpfs" ino=10361 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[    7.313888][   T23] audit: type=1400 audit(1718564940.600:29): avc:  denied  { getattr } for  pid=184 comm="dbus-daemon" path="/run/messagebus.pid" dev="tmpfs" ino=10361 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[    7.515122][   T23] audit: type=1400 audit(1718564940.830:30): avc:  denied  { search } for  pid=198 comm="dhcpcd" name="/" dev="tmpfs" ino=213 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   17.281185][   T23] kauditd_printk_skb: 30 callbacks suppressed
[   17.281197][   T23] audit: type=1400 audit(1718564950.600:61): avc:  denied  { transition } for  pid=289 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   17.290406][   T23] audit: type=1400 audit(1718564950.600:62): avc:  denied  { noatsecure } for  pid=289 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   17.295786][   T23] audit: type=1400 audit(1718564950.600:63): avc:  denied  { write } for  pid=289 comm="sh" path="pipe:[589]" dev="pipefs" ino=589 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   17.307113][   T23] audit: type=1400 audit(1718564950.600:64): avc:  denied  { rlimitinh } for  pid=289 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   17.326407][   T23] audit: type=1400 audit(1718564950.600:65): avc:  denied  { siginh } for  pid=289 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.1.206' (ED25519) to the list of known hosts.
2024/06/16 19:09:19 fuzzer started
2024/06/16 19:09:19 dialing manager at 10.128.0.163:30000
[   25.813363][   T23] audit: type=1400 audit(1718564959.130:66): avc:  denied  { node_bind } for  pid=348 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   25.834265][   T23] audit: type=1400 audit(1718564959.130:67): avc:  denied  { name_bind } for  pid=348 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   25.888048][   T23] audit: type=1400 audit(1718564959.200:68): avc:  denied  { setattr } for  pid=358 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   25.923667][   T23] audit: type=1400 audit(1718564959.240:69): avc:  denied  { mounton } for  pid=359 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   25.948361][   T23] audit: type=1400 audit(1718564959.240:70): avc:  denied  { mount } for  pid=359 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   25.951594][  T357] cgroup1: Unknown subsys name 'net'
[   25.971515][   T23] audit: type=1400 audit(1718564959.270:71): avc:  denied  { mounton } for  pid=357 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   25.983975][  T364] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   26.000583][   T23] audit: type=1400 audit(1718564959.270:72): avc:  denied  { mount } for  pid=357 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   26.007596][  T357] cgroup1: Unknown subsys name 'net_prio'
[   26.030597][   T23] audit: type=1400 audit(1718564959.350:73): avc:  denied  { relabelto } for  pid=364 comm="mkswap" name="swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   26.035741][  T357] cgroup1: Unknown subsys name 'devices'
[   26.061423][   T23] audit: type=1400 audit(1718564959.380:74): avc:  denied  { write } for  pid=364 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   26.091781][   T23] audit: type=1400 audit(1718564959.410:75): avc:  denied  { unmount } for  pid=357 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   26.151395][  T360] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   26.201708][  T357] cgroup1: Unknown subsys name 'hugetlb'
[   26.207581][  T357] cgroup1: Unknown subsys name 'rlimit'
2024/06/16 19:09:19 starting 5 executor processes
[   26.751555][  T374] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.758605][  T374] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.765873][  T374] device bridge_slave_0 entered promiscuous mode
[   26.773146][  T374] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.780166][  T374] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.787972][  T374] device bridge_slave_1 entered promiscuous mode
[   26.936401][  T376] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.943396][  T376] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.950897][  T376] device bridge_slave_0 entered promiscuous mode
[   26.960586][  T376] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.967420][  T376] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.975105][  T376] device bridge_slave_1 entered promiscuous mode
[   27.082958][  T382] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.089823][  T382] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.097106][  T382] device bridge_slave_0 entered promiscuous mode
[   27.104299][  T382] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.111152][  T382] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.118669][  T382] device bridge_slave_1 entered promiscuous mode
[   27.134148][  T374] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.141016][  T374] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.148144][  T374] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.154968][  T374] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.171740][  T381] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.178619][  T381] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.185920][  T381] device bridge_slave_0 entered promiscuous mode
[   27.218940][  T381] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.225774][  T381] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.233531][  T381] device bridge_slave_1 entered promiscuous mode
[   27.279883][  T380] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.286715][  T380] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.294485][  T380] device bridge_slave_0 entered promiscuous mode
[   27.301793][  T380] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.308658][  T380] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.315954][  T380] device bridge_slave_1 entered promiscuous mode
[   27.396694][  T376] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.403611][  T376] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.410697][  T376] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.417520][  T376] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.437245][  T367] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.444276][  T367] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.451953][  T367] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.459093][  T367] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.467014][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   27.474630][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   27.487256][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   27.495559][  T124] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.502604][  T124] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.516930][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   27.525294][  T367] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.532137][  T367] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.604991][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   27.629482][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   27.637198][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   27.644840][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   27.652960][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   27.661622][  T107] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.668487][  T107] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.676237][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   27.684434][  T107] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.691305][  T107] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.728855][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   27.736769][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   27.745558][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   27.755180][  T107] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.762036][  T107] bridge0: port 1(bridge_slave_0) entered forwarding state
[   27.769872][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   27.778181][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   27.786346][  T107] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.793270][  T107] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.801319][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   27.819915][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   27.827967][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   27.836320][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   27.845092][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   27.867322][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   27.875613][  T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   27.894616][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   27.902715][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   27.911227][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   27.919533][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   27.946373][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   27.954812][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   27.982753][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   27.990627][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   28.012183][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   28.021139][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   28.030406][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   28.038809][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   28.047003][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   28.055224][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   28.063432][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   28.071905][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   28.098518][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   28.106657][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   28.115125][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   28.124091][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   28.133265][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   28.141503][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   28.149867][  T124] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.157245][  T124] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.164850][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   28.173567][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   28.182041][  T124] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.188979][  T124] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.196156][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   28.204361][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   28.212328][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   28.220544][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   28.246470][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   28.254222][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   28.263897][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   28.275527][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   28.284494][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   28.292340][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   28.299833][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   28.307095][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   28.315602][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   28.323838][  T367] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.330872][  T367] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.338700][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   28.346888][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   28.355029][  T367] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.361874][  T367] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.369716][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   28.377800][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   28.386308][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   28.434208][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   28.460061][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   28.470855][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   28.482259][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   28.491480][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   28.501072][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   28.523464][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   28.532358][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   28.562286][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   28.573525][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   28.584006][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   28.592881][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   28.617535][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   28.629164][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   28.658507][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   28.669309][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   28.696784][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   28.704671][  T413] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   28.808605][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   28.826272][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   28.848717][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   28.872807][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   28.890287][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   28.898940][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   28.920790][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   28.932622][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   28.972612][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   28.989861][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   29.032682][  T422] bridge: RTM_NEWNEIGH with invalid state 0x0
[   29.170340][  T436] EXT4-fs (loop3): Ignoring removed bh option
[   29.176476][  T436] EXT4-fs (loop3): Ignoring removed nobh option
[   29.193432][  T436] EXT4-fs (loop3): 1 orphan inode deleted
[   29.199247][  T436] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,auto_da_alloc=0x0000000000000007,noquota,resuid=0x0000000000000000,bh,nobh,data_err=abort,delalloc,resgid=0x0000000000000000,
[   29.220908][  T436] ext4 filesystem being mounted at /root/syzkaller-testdir568292863/syzkaller.S6MlLw/6/file1 supports timestamps until 2038 (0x7fffffff)
[   29.498611][   T18] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   29.513350][  T436] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6099: Corrupt filesystem
[   29.563578][  T436] EXT4-fs (loop3): Remounting filesystem read-only
[   29.579320][  T451] EXT4-fs error (device loop3): swap_inode_boot_loader:125: comm syz-executor.3: inode #5: comm syz-executor.3: iget: illegal inode #
[   29.579522][  T436] EXT4-fs error (device loop3) in ext4_setattr:5881: Corrupt filesystem
[   29.606615][  T436] syz-executor.3 (436) used greatest stack depth: 22296 bytes left
[   29.632758][  T374] EXT4-fs error (device loop3): ext4_map_blocks:617: inode #2: block 3: comm syz-executor.3: lblock 0 mapped to illegal pblock 3 (length 1)
[   29.726762][  T374] syz-executor.3 (374) used greatest stack depth: 19544 bytes left
[   29.758265][   T18] usb 2-1: Using ep0 maxpacket: 32
[   29.878396][   T18] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   29.897667][   T18] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   29.910467][   T18] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   29.993073][   T18] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   30.002314][   T18] usb 2-1: config 0 descriptor??
[   30.039082][   T18] hub 2-1:0.0: USB hub found
[   30.082486][  T465] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.090646][  T465] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.105086][  T465] device bridge_slave_0 entered promiscuous mode
[   30.117626][  T465] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.124808][  T465] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.131903][  T481] EXT4-fs (loop4): Ignoring removed orlov option
[   30.135421][  T465] device bridge_slave_1 entered promiscuous mode
[   30.157467][  T481] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[   30.191911][  T481] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue
[   30.225620][  T494] xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables
[   30.249052][  T465] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.255904][  T465] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.263206][  T465] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.270078][  T465] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.280105][  T488] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[   30.298472][   T18] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19)
[   30.316038][  T488] EXT4-fs error (device loop2): ext4_orphan_get:1236: inode #15: comm syz-executor.2: iget: bad i_size value: -67835469387268086
[   30.341711][  T488] EXT4-fs error (device loop2): ext4_orphan_get:1240: comm syz-executor.2: couldn't read orphan inode 15 (err -117)
[   30.342108][  T481] EXT4-fs error (device loop4): get_max_inline_xattr_value_size:68: inode #12: comm syz-executor.4: corrupt xattr in inline inode
[   30.367435][  T488] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[   30.384136][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.385999][  T488] ext2 filesystem being mounted at /root/syzkaller-testdir386878228/syzkaller.YcFjji/8/file0 supports timestamps until 2038 (0x7fffffff)
[   30.406986][  T367] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.414880][  T481] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2221: inode #12: comm syz-executor.4: corrupted in-inode xattr
[   30.423991][  T488] overlayfs: upper fs needs to support d_type.
[   30.433582][  T367] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.454781][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   30.464075][  T380] ==================================================================
[   30.464846][  T124] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.471965][  T380] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xc1f/0xc30
[   30.471975][  T380] Read of size 4 at addr ffff8881ebbcb000 by task syz-executor.4/380
[   30.471977][  T380] 
[   30.471989][  T380] CPU: 1 PID: 380 Comm: syz-executor.4 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0
[   30.471994][  T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   30.472003][  T380] Call Trace:
[   30.478839][  T124] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.486808][  T380]  dump_stack+0x1d8/0x241
[   30.496349][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   30.496990][  T380]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   30.507907][  T124] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.516850][  T380]  ? printk+0xd1/0x111
[   30.516863][  T380]  ? ext4_xattr_delete_inode+0xc1f/0xc30
[   30.516874][  T380]  print_address_description+0x8c/0x600
[   30.516891][  T380]  ? ext4_xattr_delete_inode+0xc1f/0xc30
[   30.520084][  T124] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.527201][  T380]  __kasan_report+0xf3/0x120
[   30.583621][  T380]  ? ext4_xattr_delete_inode+0xc1f/0xc30
[   30.589078][  T380]  kasan_report+0x30/0x60
[   30.593243][  T380]  ext4_xattr_delete_inode+0xc1f/0xc30
[   30.598635][  T380]  ? check_preemption_disabled+0x9f/0x320
[   30.604187][  T380]  ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0
[   30.610188][  T380]  ? __ext4_journal_start_sb+0x295/0x460
[   30.615642][  T380]  ext4_evict_inode+0x1378/0x1ac0
[   30.620509][  T380]  ? ext4_truncate_restart_trans+0xe0/0xe0
[   30.626146][  T380]  ? wb_io_lists_depopulated+0x85/0x170
[   30.631526][  T380]  ? ext4_truncate_restart_trans+0xe0/0xe0
[   30.637171][  T380]  evict+0x29b/0x6a0
[   30.640993][  T380]  vfs_rmdir+0x24b/0x3c0
[   30.645167][  T380]  do_rmdir+0x2c1/0x580
[   30.649260][  T380]  ? d_delete_notify+0xc0/0xc0
[   30.653854][  T380]  ? _raw_spin_unlock_irq+0x4a/0x60
[   30.659060][  T380]  do_syscall_64+0xca/0x1c0
[   30.663403][  T380]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   30.669204][  T380] RIP: 0033:0x7f9a76b4b687
[   30.673459][  T380] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   30.693265][  T380] RSP: 002b:00007fff7231f1c8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
[   30.701764][  T380] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f9a76b4b687
[   30.709660][  T380] RDX: 0000000000000200 RSI: 00007fff72320370 RDI: 00000000ffffff9c
[   30.717472][  T380] RBP: 00007f9a76ba8636 R08: 0000000000000000 R09: 0000000000000000
[   30.725471][  T380] R10: 0000000000000100 R11: 0000000000000207 R12: 00007fff72320370
[   30.733370][  T380] R13: 00007f9a76ba8636 R14: 000000000000756f R15: 0000000000000008
[   30.741201][  T380] 
[   30.743357][  T380] The buggy address belongs to the page:
[   30.748827][  T380] page:ffffea0007aef2c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[   30.757766][  T380] flags: 0x8000000000000000()
[   30.762285][  T380] raw: 8000000000000000 ffffea0007af96c8 ffffea0007ad2c08 0000000000000000
[   30.770871][  T380] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   30.779539][  T380] page dumped because: kasan: bad access detected
[   30.785791][  T380] page_owner tracks the page as freed
[   30.790998][  T380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT)
[   30.802747][  T380]  prep_new_page+0x18f/0x370
[   30.807166][  T380]  get_page_from_freelist+0x2d13/0x2d90
[   30.812585][  T380]  __alloc_pages_nodemask+0x393/0x840
[   30.817752][  T380]  pte_alloc_one+0x1b/0xb0
[   30.821994][  T380]  __pte_alloc+0x1d/0x1c0
[   30.826166][  T380]  copy_page_range+0x1c24/0x26f0
[   30.831369][  T380]  copy_mm+0xb23/0x10d0
[   30.835360][  T380]  copy_process+0x1291/0x3230
[   30.839873][  T380]  _do_fork+0x197/0x900
[   30.843867][  T380]  __x64_sys_clone+0x26b/0x2c0
[   30.848466][  T380]  do_syscall_64+0xca/0x1c0
[   30.852815][  T380]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   30.858732][  T380] page last free stack trace:
[   30.863227][  T380]  free_unref_page_prepare+0x297/0x380
[   30.868525][  T380]  free_unref_page_list+0x10a/0x590
[   30.873684][  T380]  release_pages+0xad8/0xb20
[   30.878097][  T380]  tlb_finish_mmu+0x177/0x320
[   30.882700][  T380]  exit_mmap+0x2dc/0x520
[   30.887236][  T380]  __mmput+0x8e/0x2c0
[   30.891164][  T380]  do_exit+0xc08/0x2bc0
[   30.895157][  T380]  do_group_exit+0x138/0x300
[   30.899587][  T380]  get_signal+0xdb1/0x1440
[   30.903834][  T380]  do_signal+0xb0/0x11f0
[   30.907925][  T380]  exit_to_usermode_loop+0xc0/0x1a0
[   30.912953][  T380]  prepare_exit_to_usermode+0x199/0x200
[   30.918333][  T380]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   30.924154][  T380] 
[   30.926325][  T380] Memory state around the buggy address:
[   30.931893][  T380]  ffff8881ebbcaf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.939784][  T380]  ffff8881ebbcaf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.947683][  T380] >ffff8881ebbcb000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
2024/06/16 19:09:24 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[   30.955576][  T380]                    ^
[   30.959485][  T380]  ffff8881ebbcb080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   30.967385][  T380]  ffff8881ebbcb100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   30.975278][  T380] ==================================================================
[   30.983176][  T380] Disabling lock debugging due to kernel taint
[   31.025299][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   31.038452][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   31.106626][  T418] device bridge_slave_1 left promiscuous mode
[   31.112835][   T18] usbhid 2-1:0.0: can't add hid device: -71
[   31.118644][   T18] usbhid: probe of 2-1:0.0 failed with error -71
[   31.127670][  T418] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.144983][  T418] device bridge_slave_0 left promiscuous mode
[   31.151004][  T418] bridge0: port 1(bridge_slave_0) entered disabled state
[