last executing test programs: 2.849870718s ago: executing program 1 (id=97): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000001c0)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000380)={0x0, 0x1fffe000000}) 2.572331517s ago: executing program 1 (id=98): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f00000003c0)=@framed={{}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}, @printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x72}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@bridge_setlink={0x2c, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r5}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x4, 0x0, 0x1, {0x4, 0x9}}]}]}, 0x2c}}, 0x0) r6 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, 0x0, 0x0) sendmmsg$unix(r8, 0x0, 0x0, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r9 = socket(0x10, 0x803, 0x0) sendto(r9, 0x0, 0x0, 0x0, 0x0, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r10, 0x0, 0x0) sendmsg$NL80211_CMD_CONNECT(r10, 0x0, 0x0) recvmmsg(r9, &(0x7f00000037c0), 0x0, 0x0, &(0x7f0000003700)={0x77359400}) socket$packet(0x11, 0x3, 0x300) 1.959250505s ago: executing program 0 (id=112): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x17, 0x3, &(0x7f0000000000)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{r2}, &(0x7f0000000d00), &(0x7f0000000d40)='%+9llu \x00'}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r2, 0x0, 0x0}, 0x20) 1.880699185s ago: executing program 0 (id=114): syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0xfd, 0x11f3, &(0x7f0000001b80)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=") truncate(&(0x7f0000000380)='./file2\x00', 0x104) 1.788860655s ago: executing program 0 (id=117): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x8205, &(0x7f0000000480)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x8}}, {@data_err_abort}, {@minixdf}, {@errors_remount}, {@abort}, {@noblock_validity}, {@barrier}, {@journal_dev={'journal_dev', 0x3d, 0xf35}}]}, 0x1, 0x618, &(0x7f0000000640)="$eJzs3c9rHG0dAPDvzCYxed9oWpFii2LAQwvS/KjFqqe2F3soWLAHEQ8NTVJDN21oUrC1YAoeFBREvIr04j/gXYpXbyKoN89CFYl4UOnKzM60a3Y32ebN7mwznw/M9plnZvd5vjv7dJ5nNs9OALU1nz2kEWcj4k4SMdexbTbaG+eL/fb+8exutiTRan3j70kkRV65/+vi3w+zhyRiOiJ+fz3ik43ucrefPL2/0my1fT9icWdza3H7ydOLG5sr99burT1YvvTly1eWvrJ8eflY4izjunHz65/5yQ++86X1PzQvJnE1bk9+bzX2xXFc5mM+XhchduZPRMSVLNHjfXnflCEkFdeDo2kUn8fJiDgTc9HI19rmYuPHlVYOGKpWI6IF1FSi/UNNlf2Acmw/jHHwOHt1rT0A6o5/on1tJKbzsdEHe0nHyKg93j11DOVnZfz32blfZEv0uQ4xcQzl9LP7PCI+3Sv+JK/bqfwqThZ/GmnH87L0UkRMFe/FYOP/ya6c+X3ro/78vUv8ncchi/9q8W+Wf/2I5VcdPwD19PJacSLfzdbenv+ynmHZ/4ke/Z/ZHueuo6j6/Ne//1ee76fza+Tpvn5Y1t+51fsluzo5f/nRjZ/1K7+z/5ctWfllX3AUXj2POLcv/h/mHb3kzfFPehz/bJc7A5bxtT/+7Ua/bVXH33oRcb7n+OdtjzZLLe5sbpV5+76fXFzfaK4ttR97lvGb3337V/3Krzr+7PhHn/HfQcc/y9sasIxf33qx2W/b7KHxp3+dSm7nqaki57srOzuPliOmkpvFLh35lw6uS7lP+RpZ/Bc+37v994q/KCo/0Lv/9270t/XN+3v99hv4+HcPnTKvWweHe6gs/tU+n//Djv9PByzjX996/Nl9WTNl4qD4Z7pfKtl95wgBAAAAAACgPtL8O9gkXXiTTtOFhfYc3k/FB2nz4fbOF9YfPn6wGnEh/3vIybT8pnuuvZ5k68vF38OW65f2rX8xIk5HxM8bM/n6wt2HzdWqgwcAAAAAAAAAAAAAAAAAAIAx8WEx/7+8T/U/G+35/wPZOTPk2gFDN8wbzAHjTfuH+srbf1p1LYAqOP9DfWn/UF/aP9SX9g/1pf1DfWn/UF/aP9SX9g8AAAAAJ9Lpz738cxIRu1+dyZfMVLFtstKaAcP27m18fij1AEavMdKnAePkzVf/pv9D7QzU//938eOAw68OUIGkV2beOWgd3Phf9nwmAAAAAAAAAAAAADAE58+a/w91lcZvq64CUJHuifxn9wac6Oc3AOA956f/ob4+0hjfBQI4EQ6bxT/db4P5/wAAAAAAAAAAAAAwMrP5kqQLxS1AZyNNFxYiPh4Rp2IyWd9ori1FxCci4k+NyY9l68tVVxoAAAAAAAAAAAAAAAAAAABOmO0nT++vNJtrjzoT/+nKOdmJ8i6o41KfzkQkoy90JiLGIfbhJCY6cpKI3ezIj0XFHm3HWFQjzatR8X9MAAAAAAAAAAAAAAAAAABQQx1zj3s798sR1wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARu/t/f+PnkgOeZ2qYwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k//CwAA//9vNjw9") open(&(0x7f0000000040)='.\x00', 0x418601, 0x8) 1.732662675s ago: executing program 2 (id=118): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000044c0), 0x2, 0x0) write$UHID_INPUT(r0, 0x0, 0xfffffffffffffcf4) 1.732431775s ago: executing program 4 (id=119): r0 = socket(0x8000000010, 0x2, 0x0) write(r0, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9463cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) r1 = socket(0x840000000002, 0x3, 0x100) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) sendmmsg$inet(r1, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000180)={{0x2, 0x0, @remote}, {0x20000010304, @dev}, 0x4, {0x2, 0x0, @multicast1=0xe000cc02}}) 1.729285615s ago: executing program 1 (id=120): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000003c0)=@nat={'nat\x00', 0x670, 0x5, 0x328, 0xa8, 0x1c0, 0xfeffffff, 0xa8, 0xa8, 0x310, 0x310, 0xffffffff, 0x310, 0x310, 0x5, 0x0, {[{{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x6800, {0x0, @multicast2, @rand_addr, @port, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0x98, 0x0, {0x0, 0x7}}, @common=@unspec=@STANDARD={0x28}}, {{@uncond, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @local}}}}, {{@ip={@multicast2, @multicast2, 0x0, 0x0, 'veth1_virt_wifi\x00', 'pim6reg0\x00'}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @port, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x388) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) bind$inet(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r4, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, 0x0, 0x0) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e2b, 0xb, @private1={0xfc, 0x1, '\x00', 0x6}, 0x6}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000002940), 0x0, 0x0) 1.726311895s ago: executing program 2 (id=121): socketpair$unix(0x1, 0x2, 0x0, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8946, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'}) 1.592887574s ago: executing program 2 (id=122): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000240)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x0, 0x2e, 0x0, "8ddbb51a3cfd954e41e8ccb21f650fa6a867fb9bbcf0feeee4dc036d0675af58b39fa8d54ee8323507a61a95cf134ce8f605671338c7f8838a00bdfba71bc4b828c7de258b6b9ca1fc52bcc83e2a016a"}, 0xd8) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0xffffffff, @rand_addr, 0x40000}, 0x1c) listen(r0, 0x1a103e43) syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "083ff2", 0x14, 0x6, 0x0, @remote, @mcast2, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x4}}}}}}}, 0x0) 1.517022514s ago: executing program 2 (id=123): sched_setscheduler(0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0, 0xeeef0000}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000740)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000140)={0x1, r2}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) 1.348598114s ago: executing program 4 (id=124): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0xc0189436, &(0x7f0000000140)) 1.134742053s ago: executing program 4 (id=125): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$uhid(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000540)={0xb, {'syz1\x00', 'syz0\x00', 'syz0\x00', 0x28, 0x6, 0x3, 0x7f, 0x6, 0x4, "01b74ec422f9ed3f83a38c7729ad0a148c323669874391c24ff3450f85d36aeffe1976f14c68dfe1"}}, 0x140) 1.041372583s ago: executing program 0 (id=126): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) rt_sigqueueinfo(r0, 0x36, 0x0) ptrace$peeksig(0x4209, r0, &(0x7f0000000140)={0x0, 0x1, 0x2}, &(0x7f0000000000)=[{}, {}]) 989.595113ms ago: executing program 2 (id=128): mkdir(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0xfd, 0x11f3, &(0x7f0000001b80)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=") truncate(&(0x7f0000000380)='./file2\x00', 0x104) 656.608842ms ago: executing program 1 (id=129): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0) sendmsg$NL802154_CMD_DEL_SEC_DEV(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000ffdbdf251b0000000c000600020000000200000010002e800c0004000200aaaaaaaaaaaa10002e800c0004000201aaaaaaaaaaaa10002e800c00040000000000000000000c00060001"], 0x74}, 0x1, 0x0, 0x0, 0x44000180}, 0x40000) 615.618282ms ago: executing program 0 (id=130): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}]}, @NFT_MSG_NEWSETELEM={0x8c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x60, 0x3, 0x0, 0x1, [{0x5c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x50, 0xb, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}, {0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x5}, @NFTA_LIMIT_UNIT={0xc}]}}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x110}}, 0x0) 594.027641ms ago: executing program 1 (id=131): r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x800) connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x2300, 0x0) ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000040)=0x1) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000580)=0x2) 548.630091ms ago: executing program 3 (id=132): unshare(0x68060200) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="440100001000130100000000000000007f0000010000000000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc0000000000000000000000000000000000000032000000ac14140000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c"], 0x144}, 0x1, 0x0, 0x0, 0x81}, 0x4004000) 548.167721ms ago: executing program 0 (id=133): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x6, &(0x7f00000000c0)={0x18, {{0x29, 0x0, 0x43000000, @mcast1}}, {{0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}}}, 0x108) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4) connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 530.673191ms ago: executing program 3 (id=134): ioperm(0x2, 0x1, 0x9) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) flistxattr(r0, 0x0, 0x0) 528.561991ms ago: executing program 1 (id=135): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f0000000d00)=[{&(0x7f0000000100)="89e7ee2c7cdad9b4b47380c988cafbe882cac5050093517d176c709a", 0x1c}], 0x1) 216.29802ms ago: executing program 3 (id=136): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), r0) sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="2119838f00000000000003"], 0x30}, 0x1, 0x0, 0x0, 0x90}, 0x0) 193.42126ms ago: executing program 2 (id=137): r0 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e") write(r0, &(0x7f0000000100)="8f6242cf987210c4f5d8b61605c6e8c779c65f5c5fde94d5c5a5ba641ee5fcabc5c4a2eddbacae2417599c98f591311af66b1eb647c8641882597dc599ba7d5c7037f392016f5baa10ce990777cb8e2b0c92716e12e3529b701d42506757bd829466e752e6fd18121cc00e6171fff07d3f5a879f1dcd4ffc7afb9b50b8c1a50191c1f22564c8f14bd50d0c5ed2dbc8c182d94d480846cf7854524504eb8275f5e43c642d84c81792603335c516f484388bbaea1db79ea8", 0xb7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(0xffffffffffffffff, 0x40106614, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, 0x0, 0x0) r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r5, &(0x7f00000001c0)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000080)={{{@in=@loopback, @in6=@private0, 0x0, 0x0, 0xfffe, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x20000000, 0x32}, 0x2, @in6=@loopback, 0x3507, 0x4, 0x0, 0xb7}}, 0xe8) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) 138.8528ms ago: executing program 3 (id=138): sched_setscheduler(0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0, 0xeeef0000}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000740)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000140)={0x1, r2}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x20000) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) 138.56839ms ago: executing program 4 (id=139): openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x281c2, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) linkat(r2, &(0x7f0000000180)='./file1\x00', r2, &(0x7f00000001c0)='./file3\x00', 0x0) 77.18352ms ago: executing program 4 (id=140): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000080), 0x10) sendmsg$can_bcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x1, 0x2, 0x0, {}, {0x0, 0x2710}, {0x1, 0x1, 0x0, 0x1}, 0x1, @can={{0x4, 0x1, 0x1, 0x1}, 0x4, 0x2, 0x0, 0x0, "c0ddd87cd899fa3f"}}, 0x48}}, 0x2400c094) 76.49019ms ago: executing program 3 (id=141): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)=@newtfilter={0x90, 0x2c, 0xd27, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x58, 0x2, [@TCA_FLOWER_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffffff8, 0xfff, 0x0, 0x5, 0xb}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}, @TCA_CHAIN={0x8}]}, 0x90}}, 0x24000000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 206.95µs ago: executing program 4 (id=142): socketpair(0x23, 0x80009, 0x88, &(0x7f00000000c0)) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x60, 0x0, 0x0, 0x0, 0xee01}}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x9}}}, 0xb8}}, 0x4000) 0s ago: executing program 3 (id=143): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$uinput(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge0\x00'}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) renameat2(r2, 0x0, r2, 0x0, 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.20' (ED25519) to the list of known hosts. [ 26.138943][ T23] audit: type=1400 audit(1738368407.020:66): avc: denied { mounton } for pid=345 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.141073][ T345] cgroup1: Unknown subsys name 'net' [ 26.161413][ T23] audit: type=1400 audit(1738368407.020:67): avc: denied { mount } for pid=345 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.167707][ T345] cgroup1: Unknown subsys name 'net_prio' [ 26.189282][ T23] audit: type=1400 audit(1738368407.070:68): avc: denied { read } for pid=146 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 26.194230][ T345] cgroup1: Unknown subsys name 'devices' [ 26.221899][ T23] audit: type=1400 audit(1738368407.100:69): avc: denied { unmount } for pid=345 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.420978][ T345] cgroup1: Unknown subsys name 'hugetlb' [ 26.426601][ T345] cgroup1: Unknown subsys name 'rlimit' [ 26.604475][ T23] audit: type=1400 audit(1738368407.480:70): avc: denied { setattr } for pid=345 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9547 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 26.627699][ T23] audit: type=1400 audit(1738368407.480:71): avc: denied { mounton } for pid=345 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 26.635935][ T349] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 26.652258][ T23] audit: type=1400 audit(1738368407.480:72): avc: denied { mount } for pid=345 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 26.683515][ T23] audit: type=1400 audit(1738368407.540:73): avc: denied { relabelto } for pid=349 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.708773][ T23] audit: type=1400 audit(1738368407.540:74): avc: denied { write } for pid=349 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.738611][ T23] audit: type=1400 audit(1738368407.620:75): avc: denied { read } for pid=345 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.773505][ T345] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.355066][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.362105][ T357] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.369619][ T357] device bridge_slave_0 entered promiscuous mode [ 27.381772][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.388736][ T360] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.396114][ T360] device bridge_slave_0 entered promiscuous mode [ 27.402856][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.409805][ T357] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.416997][ T357] device bridge_slave_1 entered promiscuous mode [ 27.433490][ T360] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.440461][ T360] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.448097][ T360] device bridge_slave_1 entered promiscuous mode [ 27.512407][ T358] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.519295][ T358] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.526547][ T358] device bridge_slave_0 entered promiscuous mode [ 27.537203][ T358] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.544110][ T358] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.551764][ T358] device bridge_slave_1 entered promiscuous mode [ 27.595661][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.602587][ T359] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.609987][ T359] device bridge_slave_0 entered promiscuous mode [ 27.620805][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.627641][ T359] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.635395][ T359] device bridge_slave_1 entered promiscuous mode [ 27.700218][ T361] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.707063][ T361] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.714826][ T361] device bridge_slave_0 entered promiscuous mode [ 27.725808][ T361] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.732890][ T361] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.740291][ T361] device bridge_slave_1 entered promiscuous mode [ 27.882810][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.889774][ T359] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.896860][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.903646][ T359] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.912399][ T360] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.919258][ T360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.926368][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.933304][ T360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.963768][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.970621][ T357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.977721][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.984515][ T357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.999532][ T358] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.006449][ T358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.013611][ T358] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.020350][ T358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.064960][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.072898][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.080317][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.087296][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.094491][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.101706][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.109042][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.116025][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.123291][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.148840][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.157096][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.163947][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.174910][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.183578][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.190430][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.214156][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.221984][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 28.230015][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.256043][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.264194][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.272590][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.279438][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.286985][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.298541][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.306605][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.313446][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.340878][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.349383][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.357374][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.364228][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.371837][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.380124][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.386946][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.394547][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.402617][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.409460][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.416622][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.424765][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.431630][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.462743][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.471487][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.480500][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 28.489000][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.496752][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.505089][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.513413][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 28.521450][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.558934][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.567245][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.576166][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 28.584407][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.592399][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.600378][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.608320][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 28.616183][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.624461][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.632798][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.641124][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 28.648894][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.656578][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 28.663996][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.671519][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 28.680284][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.688465][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.695277][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.716368][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 28.724049][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 28.732452][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.740766][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 28.749260][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.757223][ T103] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.764060][ T103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.771477][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.779721][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.803193][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.812094][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.820516][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.829494][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.843212][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 28.851502][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.859805][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.867740][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.888896][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 28.896711][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.904905][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.913379][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.933854][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.941881][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.950476][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.950945][ T360] request_module fs-gadgetfs succeeded, but still no fs? [ 28.959990][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.974147][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.008127][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 29.015980][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.024555][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 29.033035][ T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.126059][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.136069][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 29.145554][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.153856][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.264754][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.274170][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.285036][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.295291][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.305374][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.417655][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.473139][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.481591][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 29.489567][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.337983][ T397] device bridge_slave_0 left promiscuous mode [ 30.343970][ T397] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.390600][ T397] device bridge_slave_1 left promiscuous mode [ 30.396605][ T397] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.470253][ T405] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 30.470794][ T397] syz.1.2 (397) used greatest stack depth: 21272 bytes left [ 30.500124][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 30.508414][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.516488][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 30.529662][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.539166][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 30.547382][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.567939][ T405] overlayfs: missing 'lowerdir' [ 30.679131][ T418] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4'. [ 31.060020][ T412] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 31.166017][ T23] kauditd_printk_skb: 42 callbacks suppressed [ 31.166029][ T23] audit: type=1400 audit(1738368411.960:118): avc: denied { add_name } for pid=411 comm="syz.4.12" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 31.410290][ T23] audit: type=1400 audit(1738368411.960:119): avc: denied { create } for pid=411 comm="syz.4.12" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 31.471958][ T23] audit: type=1400 audit(1738368411.960:120): avc: denied { read write } for pid=411 comm="syz.4.12" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 31.538082][ T23] audit: type=1400 audit(1738368411.960:121): avc: denied { open } for pid=411 comm="syz.4.12" path="/2/file0/file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 31.564334][ T432] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 31.579025][ T432] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 31.591135][ T432] EXT4-fs (loop4): This should not happen!! Data will be lost [ 31.591135][ T432] [ 31.600593][ T432] EXT4-fs (loop4): Total free blocks count 0 [ 31.606373][ T432] EXT4-fs (loop4): Free/Dirty block details [ 31.612129][ T432] EXT4-fs (loop4): free_blocks=2415919104 [ 31.617662][ T432] EXT4-fs (loop4): dirty_blocks=16 [ 31.622610][ T432] EXT4-fs (loop4): Block reservation details [ 31.628433][ T432] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 31.674967][ T125] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 31.683462][ T433] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 11 with error 28 [ 31.695545][ T433] EXT4-fs (loop4): This should not happen!! Data will be lost [ 31.695545][ T433] [ 31.745963][ T23] audit: type=1400 audit(1738368412.150:122): avc: denied { create } for pid=422 comm="syz.3.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 31.765225][ T23] audit: type=1400 audit(1738368412.160:123): avc: denied { write } for pid=422 comm="syz.3.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 32.058632][ T438] ====================================================== [ 32.058632][ T438] WARNING: the mand mount option is being deprecated and [ 32.058632][ T438] will be removed in v5.15! [ 32.058632][ T438] ====================================================== [ 32.119926][ T438] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 32.145758][ T438] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 32.169096][ T438] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 32.176938][ T438] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002] [ 32.185184][ T125] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 32.193529][ T438] System zones: 0-1, 15-15, 18-18, 34-34 [ 32.209287][ T438] EXT4-fs (loop3): orphan cleanup on readonly fs [ 32.235138][ T23] audit: type=1400 audit(1738368413.080:124): avc: denied { create } for pid=445 comm="syz.0.18" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 32.254236][ T125] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 32.263774][ T23] audit: type=1400 audit(1738368413.090:125): avc: denied { setopt } for pid=445 comm="syz.0.18" lport=47 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 32.283636][ T125] usb 3-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00 [ 32.292573][ T125] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.339650][ T438] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 32.802760][ T125] usb 3-1: config 0 descriptor?? [ 32.828327][ T438] EXT4-fs warning (device loop3): ext4_enable_quotas:6100: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 32.859761][ T23] audit: type=1400 audit(1738368413.240:126): avc: denied { prog_run } for pid=440 comm="syz.4.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 32.883343][ T438] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 32.927926][ T438] EXT4-fs error (device loop3): ext4_validate_block_bitmap:418: comm syz.3.17: bg 0: block 40: padding at end of block bitmap is not set [ 32.942451][ T438] EXT4-fs error (device loop3) in ext4_free_blocks:5016: Corrupt filesystem [ 32.951208][ T438] EXT4-fs (loop3): 1 truncate cleaned up [ 32.956780][ T438] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv1,nouid32,jqfmt=vfsv0,norecovery,norecovery,dioread_lock,,errors=continue [ 33.107745][ T456] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,auto_da_alloc,minixdf,,errors=continue [ 33.120418][ T456] ext4 filesystem being mounted at /4/bus supports timestamps until (%ptR?) (0x7fffffff) [ 33.475236][ T125] hid-generic 0003:05AC:4262.0001: collection stack underflow [ 33.489937][ T125] hid-generic 0003:05AC:4262.0001: item 0 1 0 12 parsing failed [ 33.614451][ T125] hid-generic: probe of 0003:05AC:4262.0001 failed with error -22 [ 33.812692][ T125] usb 3-1: USB disconnect, device number 2 [ 35.184260][ T494] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 35.891894][ T503] syz.2.34 (503) used greatest stack depth: 20600 bytes left [ 35.919811][ T519] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 35.944206][ T519] ext4 filesystem being mounted at /8/file0 supports timestamps until (%ptR?) (0x7fffffff) [ 36.093381][ T519] EXT4-fs error (device loop3): ext4_get_first_dir_block:3644: inode #12: block 32: comm syz.3.40: bad entry in directory: rec_len is too small for name_len - offset=0, inode=12, rec_len=12, size=2048 fake=0 [ 36.113709][ T519] EXT4-fs error (device loop3): ext4_get_first_dir_block:3647: inode #12: comm syz.3.40: directory missing '.' [ 36.517936][ T23] kauditd_printk_skb: 37 callbacks suppressed [ 36.517955][ T23] audit: type=1400 audit(1738368417.390:164): avc: denied { wake_alarm } for pid=510 comm="syz.0.37" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 36.674297][ T23] audit: type=1400 audit(1738368417.546:165): avc: denied { execute } for pid=535 comm="syz.3.43" path=2F6D656D66643A1033717D329ACEAF03DF795BD9FF5238F41C0869E45ED5FDA90DAC374194A0202864656C6574656429 dev="tmpfs" ino=14533 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 36.724898][ T23] audit: type=1400 audit(1738368417.586:166): avc: denied { create } for pid=535 comm="syz.3.43" dev="anon_inodefs" ino=14534 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 36.763351][ T23] audit: type=1400 audit(1738368417.586:167): avc: denied { ioctl } for pid=535 comm="syz.3.43" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=14534 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 36.945054][ T23] audit: type=1400 audit(1738368417.816:168): avc: denied { block_suspend } for pid=537 comm="syz.3.45" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 37.047925][ T23] audit: type=1400 audit(1738368417.876:169): avc: denied { bind } for pid=542 comm="syz.4.47" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 37.070321][ T553] [ 37.072524][ T553] ********************************************************** [ 37.103682][ T553] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 37.120280][ T23] audit: type=1400 audit(1738368417.876:170): avc: denied { read write } for pid=542 comm="syz.4.47" name="ppp" dev="devtmpfs" ino=9447 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 37.120350][ T553] ** ** [ 37.157469][ T23] audit: type=1400 audit(1738368417.876:171): avc: denied { open } for pid=542 comm="syz.4.47" path="/dev/ppp" dev="devtmpfs" ino=9447 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 37.189067][ T553] ** trace_printk() being used. Allocating extra memory. ** [ 37.229362][ T551] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 37.253631][ T553] ** ** [ 37.280648][ T23] audit: type=1400 audit(1738368417.876:172): avc: denied { ioctl } for pid=542 comm="syz.4.47" path="/dev/ppp" dev="devtmpfs" ino=9447 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 37.287283][ T551] capability: warning: `syz.1.50' uses deprecated v2 capabilities in a way that may be insecure [ 37.305113][ T23] audit: type=1400 audit(1738368418.026:173): avc: denied { append } for pid=146 comm="syslogd" name="messages" dev="tmpfs" ino=10851 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 37.316016][ T553] ** This means that this is a DEBUG kernel and it is ** [ 37.344734][ T553] ** unsafe for production use. ** [ 37.477823][ T553] ** ** [ 37.512642][ T553] ** If you see this message and you are not debugging ** [ 37.617743][ T553] ** the kernel, report this immediately to your vendor! ** [ 37.625574][ T553] ** ** [ 37.633249][ T553] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 37.640746][ T553] ********************************************************** [ 37.824599][ T574] netlink: 28 bytes leftover after parsing attributes in process `syz.4.56'. [ 37.987506][ T568] EXT4-fs (loop0): Unsupported blocksize for fs encryption [ 38.802419][ T598] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 39.053622][ T607] Zero length message leads to an empty skb [ 40.641702][ T629] tmpfs: Unknown parameter 'usrquota' [ 40.833046][ T648] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 41.143018][ T646] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.183665][ T646] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 41.192947][ T646] FAT-fs (loop4): Filesystem has been set read-only [ 41.280192][ T665] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 41.731676][ T673] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.979258][ T23] kauditd_printk_skb: 87 callbacks suppressed [ 41.979270][ T23] audit: type=1400 audit(1738368422.856:261): avc: denied { rename } for pid=678 comm="syz.4.89" name="#1" dev="tmpfs" ino=15021 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 42.036537][ T23] audit: type=1400 audit(1738368422.896:262): avc: denied { mount } for pid=682 comm="syz.4.91" name="/" dev="configfs" ino=10715 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 42.162240][ T23] audit: type=1400 audit(1738368422.896:263): avc: denied { read } for pid=682 comm="syz.4.91" name="/" dev="configfs" ino=10715 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 42.201794][ T23] audit: type=1400 audit(1738368422.896:264): avc: denied { open } for pid=682 comm="syz.4.91" path="/22/file0" dev="configfs" ino=10715 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 42.224883][ T23] audit: type=1400 audit(1738368422.896:265): avc: denied { search } for pid=682 comm="syz.4.91" name="/" dev="configfs" ino=10715 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 42.416544][ T23] audit: type=1400 audit(1738368422.906:266): avc: denied { unmount } for pid=357 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 42.450324][ T23] audit: type=1400 audit(1738368423.316:267): avc: denied { setopt } for pid=697 comm="syz.1.98" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 42.664993][ T23] audit: type=1400 audit(1738368423.536:268): avc: denied { name_bind } for pid=706 comm="syz.2.100" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 42.713176][ T701] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.740345][ T701] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 42.756955][ T701] FAT-fs (loop0): Filesystem has been set read-only [ 42.867228][ T23] audit: type=1400 audit(1738368423.736:269): avc: denied { create } for pid=715 comm="syz.0.104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 42.899573][ T718] netlink: 4 bytes leftover after parsing attributes in process `syz.0.105'. [ 42.993033][ T724] netlink: 8 bytes leftover after parsing attributes in process `syz.4.107'. [ 43.038948][ T720] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 43.133199][ T23] audit: type=1400 audit(1738368424.006:270): avc: denied { ioctl } for pid=737 comm="syz.4.113" path="socket:[14230]" dev="sockfs" ino=14230 ioctlcmd=0x48c8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 43.202129][ T740] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.225928][ T740] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 43.246972][ T740] FAT-fs (loop0): Filesystem has been set read-only [ 43.481638][ T756] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 43.533288][ T756] EXT4-fs (loop0): orphan cleanup on readonly fs [ 43.603731][ T756] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6102: Corrupt filesystem [ 43.770849][ T756] EXT4-fs (loop0): Remounting filesystem read-only [ 43.780558][ T756] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:455: comm syz.0.117: Invalid block bitmap block 3 in block_group 0 [ 43.803861][ T756] EXT4-fs error (device loop0): ext4_map_blocks:617: inode #3: block 1: comm syz.0.117: lblock 6 mapped to illegal pblock 1 (length 1) [ 43.856327][ T756] EXT4-fs error (device loop0): ext4_map_blocks:617: inode #3: block 48: comm syz.0.117: lblock 0 mapped to illegal pblock 48 (length 1) [ 43.870839][ T756] EXT4-fs (loop0): 1 orphan inode deleted [ 43.876786][ T756] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000008,data_err=abort,minixdf,errors=remount-ro,abort,noblock_validity,barrier,journal_dev=0x0000000000000f35, [ 43.973943][ T756] syz.0.117 (756) used greatest stack depth: 20024 bytes left [ 44.177130][ T450] hid-generic 0006:0003:007F.0002: unknown main item tag 0x0 [ 44.414636][ T450] hid-generic 0006:0003:007F.0002: item fetching failed at offset 5/40 [ 44.423100][ T450] hid-generic: probe of 0006:0003:007F.0002 failed with error -22 [ 44.572491][ T784] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.589682][ T784] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 44.604119][ T784] FAT-fs (loop2): Filesystem has been set read-only [ 44.606514][ T802] tipc: Started in network mode [ 44.616606][ T802] tipc: Own node identity 26e8f585e384, cluster identity 4711 [ 44.649265][ T802] tipc: Enabled bearer , priority 0 [ 44.672355][ T804] netlink: 28 bytes leftover after parsing attributes in process `syz.3.136'. [ 44.944717][ T805] device syzkaller0 entered promiscuous mode [ 44.990810][ T801] tipc: Resetting bearer [ 45.010706][ T801] tipc: Disabling bearer [ 45.037465][ T814] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 45.138313][ T825] ================================================================== [ 45.146332][ T825] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x599/0x650 [ 45.155353][ T825] Read of size 1 at addr ffff8881e087a3d8 by task syz.4.142/825 [ 45.162789][ T825] [ 45.164978][ T825] CPU: 1 PID: 825 Comm: syz.4.142 Not tainted 5.4.289-syzkaller-00025-g49530c73f82d #0 [ 45.174421][ T825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 45.184314][ T825] Call Trace: [ 45.187452][ T825] dump_stack+0x1d8/0x241 [ 45.191623][ T825] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 45.197255][ T825] ? printk+0xd1/0x111 [ 45.201166][ T825] ? xfrm_policy_inexact_list_reinsert+0x599/0x650 [ 45.207500][ T825] ? wake_up_klogd+0xb2/0xf0 [ 45.211928][ T825] ? xfrm_policy_inexact_list_reinsert+0x599/0x650 [ 45.218264][ T825] print_address_description+0x8c/0x600 [ 45.223637][ T825] ? panic+0x89d/0x89d [ 45.227548][ T825] ? check_preemption_disabled+0x9f/0x320 [ 45.233109][ T825] ? check_preemption_disabled+0x9f/0x320 [ 45.238673][ T825] ? xfrm_policy_inexact_list_reinsert+0x599/0x650 [ 45.244997][ T825] __kasan_report+0xf3/0x120 [ 45.249419][ T825] ? xfrm_policy_inexact_list_reinsert+0x599/0x650 [ 45.255752][ T825] kasan_report+0x30/0x60 [ 45.259927][ T825] xfrm_policy_inexact_list_reinsert+0x599/0x650 [ 45.266079][ T825] ? switch_mm_irqs_off+0x6b5/0xab0 [ 45.271112][ T825] ? xfrm_policy_addr_delta+0x234/0x340 [ 45.276491][ T825] xfrm_policy_inexact_insert_node+0x8f3/0xb00 [ 45.282494][ T825] ? __schedule+0xb0d/0x1320 [ 45.286916][ T825] ? xfrm_policy_inexact_alloc_bin+0x5b2/0x1440 [ 45.292987][ T825] xfrm_policy_inexact_alloc_chain+0x4f9/0xb10 [ 45.298979][ T825] xfrm_policy_inexact_insert+0x69/0x10e0 [ 45.304526][ T825] ? preempt_schedule_notrace+0x140/0x140 [ 45.310088][ T825] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 45.314940][ T825] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 45.319984][ T825] ? policy_hash_bysel+0x12c/0x6f0 [ 45.324927][ T825] xfrm_policy_insert+0xe1/0x8a0 [ 45.329714][ T825] xfrm_add_policy+0x4f2/0x980 [ 45.334298][ T825] ? __nla_validate+0x50/0x50 [ 45.338810][ T825] ? xfrm_dump_sa_done+0xc0/0xc0 [ 45.343583][ T825] ? __nla_parse+0x3a/0x50 [ 45.347837][ T825] xfrm_user_rcv_msg+0x689/0x9b0 [ 45.352612][ T825] ? xfrm_netlink_rcv+0x80/0x80 [ 45.357304][ T825] ? _raw_spin_unlock_irqrestore+0x57/0x80 [ 45.362939][ T825] ? retint_kernel+0x1b/0x1b [ 45.367382][ T825] netlink_rcv_skb+0x1d5/0x420 [ 45.372061][ T825] ? xfrm_netlink_rcv+0x80/0x80 [ 45.376745][ T825] ? nla_put_string+0x30/0x30 [ 45.381255][ T825] ? mutex_trylock+0xa0/0xa0 [ 45.385681][ T825] xfrm_netlink_rcv+0x6e/0x80 [ 45.390191][ T825] netlink_unicast+0x936/0xb20 [ 45.394884][ T825] ? netlink_detachskb+0x90/0x90 [ 45.399667][ T825] ? __check_object_size+0x2aa/0x3a0 [ 45.404788][ T825] netlink_sendmsg+0xa18/0xcf0 [ 45.409392][ T825] ? netlink_getsockopt+0x550/0x550 [ 45.414415][ T825] ? ____sys_sendmsg+0x51b/0x8f0 [ 45.419186][ T825] ? netlink_getsockopt+0x550/0x550 [ 45.424216][ T825] ____sys_sendmsg+0x5ac/0x8f0 [ 45.428821][ T825] ? __sys_sendmsg_sock+0x2b0/0x2b0 [ 45.433853][ T825] __sys_sendmsg+0x28b/0x380 [ 45.438277][ T825] ? ____sys_sendmsg+0x8f0/0x8f0 [ 45.443058][ T825] ? schedule+0x143/0x1d0 [ 45.447216][ T825] do_syscall_64+0xca/0x1c0 [ 45.451556][ T825] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 45.457290][ T825] RIP: 0033:0x7f6ed4ef8da9 [ 45.461536][ T825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 45.480974][ T825] RSP: 002b:00007f6ed3563038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 45.489221][ T825] RAX: ffffffffffffffda RBX: 00007f6ed5111fa0 RCX: 00007f6ed4ef8da9 [ 45.497036][ T825] RDX: 0000000000004000 RSI: 0000000020000580 RDI: 0000000000000005 [ 45.504852][ T825] RBP: 00007f6ed4f7a2a0 R08: 0000000000000000 R09: 0000000000000000 [ 45.512774][ T825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 45.520585][ T825] R13: 0000000000000000 R14: 00007f6ed5111fa0 R15: 00007ffce15a6678 [ 45.528396][ T825] [ 45.530563][ T825] Allocated by task 825: [ 45.534653][ T825] __kasan_kmalloc+0x171/0x210 [ 45.539249][ T825] sk_prot_alloc+0xbd/0x3e0 [ 45.543585][ T825] sk_alloc+0x35/0x2f0 [ 45.547493][ T825] pfkey_create+0x122/0x670 [ 45.551844][ T825] __sock_create+0x3cb/0x7a0 [ 45.556258][ T825] __sys_socket+0x132/0x370 [ 45.560686][ T825] __x64_sys_socket+0x76/0x80 [ 45.565198][ T825] do_syscall_64+0xca/0x1c0 [ 45.569552][ T825] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 45.575358][ T825] [ 45.577542][ T825] Freed by task 0: [ 45.581085][ T825] (stack is not available) [ 45.585339][ T825] [ 45.587513][ T825] The buggy address belongs to the object at ffff8881e087a000 [ 45.587513][ T825] which belongs to the cache kmalloc-1k of size 1024 [ 45.601407][ T825] The buggy address is located 984 bytes inside of [ 45.601407][ T825] 1024-byte region [ffff8881e087a000, ffff8881e087a400) [ 45.614588][ T825] The buggy address belongs to the page: [ 45.620074][ T825] page:ffffea0007821e00 refcount:1 mapcount:0 mapping:ffff8881f5c02280 index:0x0 compound_mapcount: 0 [ 45.630823][ T825] flags: 0x8000000000010200(slab|head) [ 45.636138][ T825] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5c02280 [ 45.644541][ T825] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 45.652952][ T825] page dumped because: kasan: bad access detected [ 45.659207][ T825] page_owner tracks the page as allocated [ 45.664776][ T825] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL) [ 45.681132][ T825] prep_new_page+0x18f/0x370 [ 45.685529][ T825] get_page_from_freelist+0x2d13/0x2d90 [ 45.691023][ T825] __alloc_pages_nodemask+0x393/0x840 [ 45.696218][ T825] alloc_slab_page+0x39/0x3c0 [ 45.700731][ T825] new_slab+0x97/0x440 [ 45.704637][ T825] ___slab_alloc+0x2fe/0x490 [ 45.709062][ T825] __slab_alloc+0x62/0xa0 [ 45.713240][ T825] __kmalloc+0x19b/0x2e0 [ 45.717304][ T825] sk_prot_alloc+0xbd/0x3e0 [ 45.721650][ T825] sk_alloc+0x35/0x2f0 [ 45.725552][ T825] can_create+0x2dc/0x590 [ 45.729726][ T825] __sock_create+0x3cb/0x7a0 [ 45.734150][ T825] __sys_socket+0x132/0x370 [ 45.738492][ T825] __x64_sys_socket+0x76/0x80 [ 45.742995][ T825] do_syscall_64+0xca/0x1c0 [ 45.747339][ T825] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 45.753063][ T825] page last free stack trace: [ 45.757579][ T825] __free_pages_ok+0x847/0x950 [ 45.762180][ T825] __free_pages+0x91/0x140 [ 45.766433][ T825] __free_slab+0x221/0x2e0 [ 45.770685][ T825] unfreeze_partials+0x14e/0x180 [ 45.775458][ T825] put_cpu_partial+0x44/0x180 [ 45.779973][ T825] __slab_free+0x297/0x360 [ 45.784227][ T825] qlist_free_all+0x43/0xb0 [ 45.788566][ T825] quarantine_reduce+0x1d9/0x210 [ 45.793345][ T825] __kasan_kmalloc+0x41/0x210 [ 45.797947][ T825] kmem_cache_alloc+0xd9/0x250 [ 45.802584][ T825] getname_flags+0xb8/0x4e0 [ 45.806894][ T825] do_sys_open+0x357/0x810 [ 45.811131][ T825] do_syscall_64+0xca/0x1c0 [ 45.815476][ T825] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 45.821218][ T825] [ 45.823360][ T825] Memory state around the buggy address: [ 45.828941][ T825] ffff8881e087a280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.836838][ T825] ffff8881e087a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.844734][ T825] >ffff8881e087a380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 45.852628][ T825] ^ [ 45.859402][ T825] ffff8881e087a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.867301][ T825] ffff8881e087a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.875194][ T825] ================================================================== [ 45.883092][ T825] Disabling lock debugging due to kernel taint