last executing test programs: 540.752442ms ago: executing program 1 (id=2): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r3}, 0x10) r4 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r4, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) 459.182609ms ago: executing program 3 (id=4): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000900)=ANY=[@ANYBLOB="8c0000001000370400"/20, @ANYRES32=r2, @ANYBLOB="00000000000000006c0012800e00010069703665727370616e000000580002801400060020010000000000000000000000000002050016000100000014000700fc02000000000000000000000000000004001200050008004b00000008000100", @ANYRES32=0x0, @ANYBLOB="0800040000000200080015"], 0x8c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140), 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xc}}}, 0x24}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) 454.58002ms ago: executing program 1 (id=6): bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x0, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x90c20}}, 0x50) syz_fuse_handle_req(r1, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffe60000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) flock(r3, 0x1) dup3(r0, r1, 0x0) 443.62227ms ago: executing program 0 (id=1): sched_setscheduler(0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000100)={'gretap0\x00', &(0x7f0000000540)={'gretap0\x00', 0x0, 0x80, 0x7800, 0x9, 0x57bb, {{0x7, 0x4, 0x2, 0x12, 0x1c, 0x66, 0x0, 0x8, 0x29, 0x0, @local, @dev={0xac, 0x14, 0x14, 0x24}, {[@noop, @lsrr={0x83, 0x3, 0x5e}, @ra={0x94, 0x4, 0x1}]}}}}}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/netlink\x00') preadv(r3, &(0x7f0000000600)=[{&(0x7f0000000280)=""/215, 0xd7}, {0x0}, {&(0x7f0000000500)=""/61, 0x3d}, {0x0}], 0x4, 0x6c, 0x0) 404.711314ms ago: executing program 3 (id=7): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000380)={[{@test_dummy_encryption}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@stripe={'stripe', 0x3d, 0x7}}, {@commit={'commit', 0x3d, 0x5}}, {@orlov}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@max_batch_time}, {@data_err_abort}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x1881c00, 0x0, 0x0, 0x0, &(0x7f0000000000)) chdir(&(0x7f0000000140)='./bus\x00') mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r0, 0xfffffffffffffffd, 0xbb) 400.456514ms ago: executing program 2 (id=3): sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000029c0)=[{{0x0, 0x0, &(0x7f0000001140)=[{&(0x7f0000000ec0)="60a9982b9ddbbade529ce16162856807a579181bca26c1e6d920384f90ef858094f401d9891de42dab8599d74ac286263ccbf7da472800daf76f3b191772fc5a1934658ca6e7c812eb41a65bdd7730a720a311da6bc5578cba1b840c528c6af2c76136e89261fda91727cb441d06868220ef0ff7c517fb56f3265c5479e10b899a2208eb8098337e37a941597752c98b71df0fb3d35f6610dc2b6ca666448118e8e83a60aeba2438d0b28f286ce15ee95050041b19114e1b274d60d5595792ef8742a7", 0xc3}], 0x1}}], 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000800), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1a08844, &(0x7f0000000640)=ANY=[@ANYBLOB="757466383d312c4b2087b368636865636b3d7374726963742c73686f72746e616d653d6d697865642c6e6f6e756d7461696c3d302c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c696f22dfd9a8bbf9dda2ad636861727365743d73703836322c696f636861727365743d63703433ae2bc5b55d5afcc7267f8a6a75c764372c73686f72746e616d653d77696e39352c756e695f786c6174653d312c756e695f786c6174653d302c757466383d302c756e695f786c6174653d302c003c24d06816418f4be78ed4fbfe47efc82f966a602a8db43ad053c978bbd3501706515140ef63c2a58653ced497550b22917b09702604bc162c57e05beec5bb0c11fc2f9238b25e4527e24bab534e35a458d92a597c3fee89f57053a4a1535771c9877b3ab101fb26937779cff75a95a296fafddf11280fafeb9bd5f2da4a88b43f3e4d5b1a9aed1f65a86d459c62701d3d6f007c7e50da9608a03eff5800"/373], 0x0, 0x377, &(0x7f00000002c0)="$eJzs3UFom+UbAPAn/dKm/bP924MgCsKnN0HLNgXRix2jg2EuU8LUgxjcptLUwYrB7tCsXsSj4FFP3jzowcNuXgRFdvPg1QkyFQ+628CxT77kS/KlSWqZdLP4+x3Cs/d9nvd9v+Rl+ZqSt6+uxNrZ2Th/48b1mJ+vRHXlxErcrMRSJNF3OcbNTWgDAA6Gm1kWf2Q9EV/upaSy/6sCAPZT9/3/9cOllne/3i0/8+4PAAde8fP/Qrkt2ZEzP634wr4tCwDYR6Of/0fEI2MppV/1V8fuDQCAg+eFl15+7ng94vk0nY9Yf6/daDfimWH/8fPxZrTiXByJxbgV0btRyB8q3ceTp+qrR9I07cTPS9HIK9qNiPVOu9G7UziedOtrcTQWY6moL+42sixLTn5RXz2adkXE5U53/livtBuzsVDM/8P/4lwcizTuG6uPOFVfPZYWAzTW+/WzEdvDzy3y9S/HYnz3WlyIVpyNvLZ/W1Nf3Tqapiey+qHKsL7TbtS6eT1TPwEBAAAAAAAAAAAAAAAAAAAAAIA7spwOLA3Oz8mG5/csL0/o756P06svzgfa7p0PlNWyyLLf33m88X4SI+cD7Tifp9NuVGPm3l46AAAAAAAAAAAAAAAAAAAA/GtsbM5Fs9U6d3Fj89JaOehc3NiciYi85a1vP/tqIUZzFooBRqtGgmqRUupKh1VZ0k/OkpGcIkjyySvVXsunVwYrLufUBlcxcRm16V2t1uGHf/po2PJQ0h/59jAniYnXdSnZsYxysP7/3pKmPy27BMf+JudalmXTyrdeGa+KSkR16lLvMMjy4JvrbzzwxEZ/E2Q9jz62eObah5/8utZs5TPnWq25ixu3srVm8e/Jm216kJT2T6XYbJXyTqg2n7x9+tCUkbdHW5rJ97+9+OAHV4uWmd1fpuzM1WHL2xNykt6kn+/smusF+TIHXc/mQf4cjY8zO2HzTwqein/0wt3/8UrzytaPv+y1qvSfhIM6AAAAAAAAAAAAAAAAAADgrih9V7xQfNl3dreqp0/v/8oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4O4Z/v3/QRAz2zta9hb82Yl+y5nod9XyAWOuNOPSPbxaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+q/4KAAD//1UBZGs=") r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 309.908472ms ago: executing program 1 (id=8): syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}, [@ldst={0x3, 0x2, 0x3, 0x1c10a1, 0x0, 0x33}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x40}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 293.540734ms ago: executing program 4 (id=5): r0 = io_uring_setup(0x3c8e, &(0x7f0000000100)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) write$binfmt_aout(r1, &(0x7f0000001000)=ANY=[], 0xff2e) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "df3f0400000000000000000000000609000040"}) r2 = syz_open_pts(r1, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000080)) dup3(r2, r1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000000c0)) close_range(r0, 0xffffffffffffffff, 0x0) 250.048278ms ago: executing program 1 (id=9): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r3}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) 186.743393ms ago: executing program 4 (id=10): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) syz_mount_image$msdos(&(0x7f0000000480), &(0x7f0000000200)='./file0\x00', 0x14814, &(0x7f0000000640)=ANY=[], 0x1, 0x20e, &(0x7f0000000d00)="$eJzs27FqU1EYB/B/alpv7GAHJ1EMdHEq6hMYpIIYECoZdDJQXVoR0iUKYp/HWfAVfBmXDtItcnujbWMKrWmaGn8/OJyPfDnkuwfCd4ZzX916u7X5bufN4se9FLVmFpKH2U9WymioNpyLg3gpx9QyiR8TrQYA/srGRreVfJ11GUxRr9fq3lhdHpPpfJ5BOQAAAAAAAAAAAJyDs9z/X0g+jd7/373gegGAyVX3/5lHjeHc67W6t6vz2wj3/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDZ2R8Mrg/KUQzn4biapEjSSHItST1J+fms6wUAJrc/ON73T+r/SWpJ9H8AmAPPX7x82mq31zeazSL5vtvv9DvVXOUfP2mv32seWDlctdfvd64kKUd7/X6Vbx7PLx6cG8r1D8bml3J3tcqXuUfP2iP55WxexAYAwH9orfnbkf7+q7cna2vj8mV/rqIj54OR/l3PzfrYn1yY0qMAAKe08/7DVnd7+3Xv3IPa2VY1hgWd/J0v9WmVOmnQmPpmXorgW+0ylJFcjt34h4PidPsMzLfDP/1opphNQQAAAAAAAAAAAAAAwB8u4pWjJHdm/ZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMyXnwEAAP//2d9NhA==") r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r2, 0x800) r3 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0) sendfile(r2, r3, 0x0, 0xf800) 180.189914ms ago: executing program 1 (id=11): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@acl}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0xa1000a, &(0x7f00000003c0)=ANY=[@ANYRES8, @ANYRES8, @ANYRESHEX, @ANYRES64, @ANYRES8, @ANYRESDEC=0x0], 0x21, 0x1507, &(0x7f0000001b00)="$eJzs3Au4TtX2MPAx5pyLTdKb5D7HHIs3bUyXJLkkySVJkiNJbgkhSZKQ3G9JSELuSe4huYXkfr/lniRJkiQkJJnf45zO1zmn8//39f/3fZ7vv8fvedbzzvGud8w15h5773ettZ93f9NhSOW6VSrUZmb4b8G/PXQHgBQA6A8A1wFABAAlspTIcmV/Bo3d/3sHEX+uh6Zf7QrE1ST9T9uk/2mb9D9tk/6nbdL/tE36n7ZJ/9M26b8Qadn2GTmvly3tbnL/Py2T9///QY4WHvvFxsI3dvwDKdL/tE36n7ZJ/9M26X/aJv1P26T/aZv0P22T/guRlv3X7x3L3w7+J2xX+/tPCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIUTacCH8ygDA38dXuy4hhBBCCCGEEEL8eUL6q12BEEIIIYQQQggh/u9DUKDBQATpID2kQAbICNdAJrgWMsN1kIDrIQvcAFnhRsgG2SEH5IRckBvygAUCBwwx5IV8kISbID/cDKlQAApCIfBQGIpAUSgGt0BxuBVKwG1QEm6HUlAaykBZuAPKwZ1QHu6CCnA3VIRKUBmqwD1QFe6FanAfVIf7oQY8ADXhQagFf4Ha8BDUgYehLjwC9eBRqA8NoCE0gsb/pfwXoAu8CF2hG3SHHtATekFv6AN9oR/0h5dgALwMA+EVGASDYQi8CkPhNRgGr8NwGAEj4Q0YBaNhDIyFcTAeJsCbMBHegknwNkyGKTAVpsF0mAEz4R2YBbNhDrwLc+E9mAfzYQEshEXwPiyGJbAUPoBl8CEshxWwElbBalgDa2EdrIcNsBE2wWbYAlthG2yHj2AH7IRdsBv2wF7YBx/DfvgEDsCncBA++4P55/8lvyMCAipUaNBgOkyHKZiCGTEjZsJMmBkzYwITmAWzYFbMitkwG+bAHJgLc2EezIOEhIyMeTEvJjGJ+TE/pmIqFsSC6NFjESyCxfAWLI7FsQSWwJJYEkthaSyNZbEslsNyWB7LYwWsgBWxIlbGyngP3oP3YjWshtWxOtbAGlgTa2ItrIW1sTbWwTpYF+tiPayH9bE+NsSG2BgbYxNsgk2xKTbH5tgCW2ArbIWtsTW2wTbYFttiO2yH7bE9dsAO2BE7YSd8AV/AF/FF7IYVVQ/siT2xN/bGvtgP++FLOABfxpfxFRyEg3EIvoqv4ms4DM/hcByBI3EkllOjcQyORVbjcQJOwIk4ESfhJJyMU3AKTsPpOANn4kychbNxNr6Lc/E9fA/n43xciItwES7GJbgUl+IyPI/LcQWuxFW4GtfgalyH63EdbsRNuBG34BbchtvwI/wId+JO3I27cS8aAPwYP8FPcBAexIN4CA/hYTyMR/AIHsWjeAyP4XE8jifwBJ7Ek3gKT+MZPI1n8Syew/N4AS/gRbyIl/C5XF/V2VtgwyBQVxhlVDqVTqWoFJVRZVSZVCaVWWVWCZVQWVQWlVVlVdlUNpVD5VC5VC6VR+VRpEixilVelVclVVLlV/lVqkpVBVVB5ZVXRVQRVUwVU8VVcVVC3aZKqttVKVVaNfNlVVlVTjX35dVdqoKqoCqqSqqyqqKqqKqqqqqmqqnqqrqqoWqomupBVUv1wL74kLrSmbpqMNZTQ7C+aqAaqkbqNXxMNVHDsKlqppqrJ9QIHI6tVBPfWj2l2qgx2FY9o8bis6q9Go8d1POqo+qkOqsXVBfV1HdV3dRk7KF6qmnYW/VRfVU/NQsrqSsdq6xeUYPUYDVEvaoW4mtqmHpdDVcj1Ej1hhqlRqsxaqwap8arCepNNVG9pSapt9VkNUVNVdPUdDVDzVTvqFlqtpqj3lVz1XtqnpqvFqiFapF6Xy1WS9RS9YFapj5Uy9UKtVKtUqvVGrVWrVPr1Qa1UW1Sm9UWtVVtU9vVR2qH2ql2qd1qj9qr9qmP1X71iTqgPlUH1WfqkPpcHVZfqCPqS3VUfaWOqa/VcfWNOqG+VSfVd+qUOq3OqO/VWfWDOqfOqwvqR3VR/aQuqZ/VZRUUaNRKa210pNPp9DpFZ9AZ9TU6k75WZ9bX6YS+XmfRN+is+kadTWfXOXROnUvn1nm01aSdZh3rvDqfTuqbdH59s07VBXRBXUh7XVgX0UV1MX2LLq5v1SX0bbqkvl2X0qV1GV1W36HL6Tt1eX2XrqDv1hV1JV1ZV9H36Kr6Xl1N36er6/t1Df2Arqkf1LX0X3Rt/ZCuox/WdfUjup5+VNfXDXRD3Ug31o/pJvpx3VQ30831E7qFbqlb6Sd1a/2UbqOf1m31M7qdfla318/pDvp53VF30p31z/qyDrqr7qa76x66p+6le+s+uq/up/vrl/QA/bIeqF/Rg/RgPUS/qofq1/Qw/boerkfokfoNPUqP1mP0WD1Oj9cT9Jt6on5LT9Jv68l6ip6qp+npeobu+8tMc/4P8t/6N/kD/3r0bXq7/kjv0Dv1Lr1b79F79T69T+/X+/UBfUAf1Af1IX1IH9aH9RF9RB/VR/UxfUwf18f1CX1Cn9Qn9Sl9Wv+ov9dn9Q/6nD6vz+sf9UV9UV/65WsABo0y2hgTmXQmvUkxGUxGc43JZK41mc11JmGuN1nMDSarudFkM9lNDpPT5DK5TR5jDRln2MQmr8lnkuYm/OWEwhQ0hYw3hU0RU/SP5Jv85maTagr8U/7v1dfYNDZNTBPT1DQ1zU1z08K0MK1MK9PatDZtTBvT1rQ17Uw70960Nx1MB9PRdDSdTWfTxXQxXU1X0910Nz1NL9Pb9DF9TT/T37xkBpgBZqAZaAaZQWaIGWKGmqFmmBlmhpvhZqQZaUaZUWaMGWPGmXFmgplgJpqJZpKZZCabyWaqmWqmm+lmpplpZplZZo6ZY+aauWaemWcWmAVmkVlkFpvFZqlZapaZZWa5WWFWmFVmlVlj1ph1Zp3ZYDaYTWaT2WK2mOVmu9ludpgdZpfZZfaYPWaf2Wf2m/3mgDlgDpqD5pA5ZA6bw+aIOWKOmqPmmDlmjpvj5oQ5YU6ak+aUOWXOmDPmrDlrzplz5oK5YC6ai+aSuWQum8tXTvsiFanIRCZKF6WLUqKUKGOUMcoUZYoyR5mjRJSIskRZoqzRjVG2KHuUI8oZ5YpyR3kiG1HkIo7iKG+UL0pGN0X5o5uj1KhAVDAqFPmocFQkKhoVi26Jike3RiWi26KS0e1Rqah0VCYqG90RlYvujMpHd0UVorujilGlqHJUJbonqhrdG1WL7ouqR/dHNaIHoprRg1Gt6C9R7eihqE70cFQ3eiSqFz0a1Y8aRA2jRlHjP3X+EM5lf9x3td1sd9vD9rS9bG/bx/a1/Wx/+5IdYF+2A+0rdpAdbIfYV+1Q+5odZl+3w+0IO9K+YUfZ0XaMHWvH2fF2gn3TTrRv2Un2bTvZTrFT7TQ73c6wM+07dpadbefYd+1c+56dZ+fbBXahXWTft4vtErvUfmCX2Q/tcrvCrrSr7Gq7xq616+x6u8FutJvsZrvFbrXb7Hb7kd1hd9pddrfdY/faffZju99+Yg/YT+1B+5k9ZD+3h+0X9oj90h61X9lj9mt73H5jT9hv7Un7nT1lT9sz9nt71v5gz9nz9oL90V60P9lL9md72YYrJ/dX3t7JkKF0lI5SKIUyUkbKRJkoM2WmBCUoC2WhrJSVslE2ykE5KBflojyUh65gYspLeSlJScpP+SmVUqkgFSRPnopQESpGxag4FacSVIJKUkkqRaWoDJWhO+gOupPupLvoLrqb7qZKVImqUBWqSlWpGlWj6lSdalANqkk1qRbVotpUm+pQHapLdake1aP6VJ8aUkNqTI2pCTWhptSUmlNzakEtqBW1otbUmtpQG2pLbakdtaP21J46UAfqSB2pM3WmLtSFulJX6k7dqSf1pN7Um/pSX+pP/WkADaCBNJAG0SAaQkNoKA2lYTSMhtMIGklv0CgaTWNoLI2j8TSBJtBEmkiTaBJNpsk0labSdJpOM2kmzaJZNIfm0FyaS/NoHi2gBbSIFtFiWkxLaSkto2W0nJbTSlpJq2k1raW1tJ7W00baSJtpM22lrbSdttMO2kG7aBftoT20j/bRftpPB+gAHaSDdIgOBQSgI3SEjtJROkbH6DgdpxN0gk7SSTpFp+gMnaGzdJbO0Tm6QBfoIv1El+hnukyBUlwGl9Fd4zK5a11md5371ziHy+lyudwuj7Mum8v+TzE551JdAVfw75eYrqhLTbnyWMh5V9gVcUVdKVfalXFl3R2unLvTlf9NXNXd66q5+1x1d7+r4u75p7iGe8DVdI+4Wu5RV9s1cHVcI1fXPeLquUddfdfANXSNXAvX0rVyT7rW7inXxj39m3ixW+LWuw1uo9vk9rtP3AX3ozvuvnEX3U+uq+vm+ruX3AD3shvoXnGD3ODfxCPdG26UG+3GuLFunBv/m3iqm+amuxlupnvHzXKzfxMvcu+7uW6pm+fmuwVu4V/jKzUtdR+4Ze5Dt9ytcCvdKrfarXFr3br/Xesqt8VtddvcPvex2+F2ul1ut9vj9v41vrKOA+5Td9B95o65r91h94U74k64o+6rv8ZX1nfCfetOuu/cKXfanXHfu7PuB3fOnb+y/nBl7d+7n91lFxwwsmLNhiNOx+k5hTNwRr6GM/G1nJmv4wRfz1n4Bs7KN3I2zs45OCfn4tychy0TO2aOOS/n4yTfxPn5Zk7lAlyQC7HnwlyEi3IxvoWL861cgm/jknw7l+LSXIbL8h1cju/k8nwXV+C7uSJX4spche/hqnwvV+P7uDrfzzX4Aa7JD3It/gvX5oe4Dj/MdfkRrsePcn1uwA25ETfmx7gJP85NuRk35ye4BbfkVvwkt+anuA0/zW35GW7Hz3J7fo478PPckTtxZ36Bu/CL3JW7cXfuwT25F/fmPtyX+3F/fokH8Ms8kF/hQTyYh/CrPJRf42H8Og/nETyS3+BRPJrH8Fgex+N5Ar/JE/ktnsRv82SewlN5Gk/nGTyT3+FZPJvn8Ls8l9/jeTyfF/BCXsTv82Jewkv5A17GH/JyXsEreRWv5jW8ltfxet7AG3kTb+YtvJW38Xb+iHfwTt7Fu3kP7+V9/DHv5wy//MB9xof4cz7MX/AR/pKP8ld8jL/m4/wNn+Bv+SR/x6f4NJ/h7/ks/8Dn+Dxf4B/5Iv/El/hnvsyBIcZYxTo2cRSni9PHKXGGOGN8TZwpvjbOHF8XJ+Lr4yzxDXHW+MY4W5w9zhHnjHPFueM8sY0pdjHHcZw3zhcn45vi/PHNcWpcIC4YF4p9XDguEheNi8W3xMXjW+MS8W1xyfj2uFRcOn7k/rLxHXG5+M64fHxXXCG+O64YV4orx1Xie+Kq8b1xtfi+uHp8f1w8fiCuGT8Ywy+fV6kTPxzXjR+J68WPxvXjBnHDuFHcOH4sbhI/HjeNm8XN4yfiFnHLuFX8ZNw6fipuEz/9u/u7xz3innGvuFccwn16QXJhclHy/eTi5JLk0uQHyWXJD5PLkyuSK5OrkquTa5Jrk+uS65MbkhuTm5Kbk1uSW5PbkiFUSQ8evfLaGx/5dD69T/EZfEZ/jc/kr/WZ/XU+4a/3WfwNPqu/0Wfz2X0On9Pn8rl9Hm89eefZxz6vz+eT/iaf39/sU30BX9AX8t4X9kV8I9/YN/ZN/OO+qW/mm/sn/BO+pW/pn/RP+qd8G/+0b+uf8e38s769f84/55/3HX0n39m/4Lv4F31X38139919T9/T9/a9fV/f1/f3/f0AP8AP9AP9ID/ID/FD/FA/1A/zw/xwP9yP9CP9KD/Kj/Fj/Dg/zk/wE/xEP9FP8pN8BABT/VQ/3U/3M/1MP8vP8nP8HD83da6f5+f5BX6BX+QX+cV+sV/ql/plfplf7pf7lX6lX+1X+7V+rV/v1/uNfqPf7Df7rX6r3+63+x1+h9/ld/k9fo/f5/f5/X6/P+AP+IP+oD/kD/nD/rA/4r/0R/1X/pj/2h/33/gT/lt/0n/nT/nT/oz/3p/1P/hz/ry/4H/0F/1P/pL/2V/2wU9IvJmYmHgrMSnxdmJyYkpiamJaYnpiRmJm4p3ErMTsxJzEu4m5ifcS8xLzEwsSCxOLEu8nFieWJJYmPkgsS3yYWJ5YkViZWJVYnVhjIOTeEYe8IV9IhptC/nBzSA0FQsFQKPhQOBQJRUOxcEsoHm4NJcJtoWS4PZQKpUOZ8GioHxqEhqFRaBweC03C46FpaBaahydCi9AytApPhtbhqdAmPB3ahmdCu/BsaB+eCx3C86Fj6BQ6hxdCl/Bi6Bq6he6hR+gZeoXeoU/oG/qF/uGlMCC8HAaGV8KgMDgMCa+GoeG1MCy8HoaHEWFkeCOMCqPDmDA2jAvjw4TwZpgY3gqTwtthcpgSpoZpYXqYEWaGd8KsMDvMCe+GueG9MC/MDwvCwrAovB8WhyVhafggLAsfhuVhRVgZVoXVYU1YG9aF9WFD2Bg2hc1hS9gatoXt4aOwI+wMu8LusCfsDfvCx2F/+CQcCJ+Gg+GzcCh8Hg6HL8KR8GU4Gr4Kx8LX4Xj4JpwI34aT4btwKpwOZ8L34Wz4IZwL58OF8GO4GH4Kl8LP4fIf/MxapT/zFroQQgghxP9Hev3O/h7/5jkDAOqX8U8hhGt35jz6j/s1AGzO9rdxH5WrRQIAnurW4aG/bxUrdu/e/ZfXLtcQ5ZsPAIl/OcAv8QpoDi2hNTSDYv+2vj6q00X+nfmTtwFk/IecFPg1/nX+z/+D+R97YuTikvGFLP/J/PMBUvP9mnPlKvzv8QpofmU10AyK/wfzZ2/yO/Vn+GICQNN/yMkEAE0z/Gv9ReBxeBpa/9MrhRBCCCGEEEKIv+mjyrT7vevnK9fnucyvOenh1/j3rs+FEEIIIYQQQghx9T3bqfOTj7Vu3aydDGQggzQ2aPmfvOZq/2YSQgghhBBC/Nl+Pen/9bkMV7MgIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBAiDfp/8Z/GrvYahRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiKvtfwUAAP//D5g3fQ==") syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) setreuid(0xee01, 0xee01) 121.602049ms ago: executing program 3 (id=12): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x8000000003c) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r2, 0xfff) syz_emit_ethernet(0x8a, &(0x7f0000006340)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a35f2", 0x54, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x15, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @exp_smc={0xfe, 0x6}, @sack={0x5, 0x2}, @timestamp={0x8, 0xa}, @sack={0x5, 0x16, [0x0, 0x0, 0x0, 0x0, 0x0]}, @fastopen={0x22, 0xd, "ce2781a9dfe9bc8597d90a"}]}}}}}}}}, 0x0) 51.174995ms ago: executing program 2 (id=13): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) listen(r0, 0x2) r1 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x2, @local}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x8, 0x8, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r2, 0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f00000005c0)}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xc, &(0x7f00000000c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) close_range(r0, r0, 0x0) 49.915715ms ago: executing program 4 (id=14): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1}) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r0, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/mcfilter6\x00') preadv(r3, &(0x7f0000000040)=[{&(0x7f0000000140)=""/226, 0xe2}], 0x1, 0x5b, 0x0) 16.009658ms ago: executing program 2 (id=15): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xb, 0x8, 0x10, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000680)={{r1}, &(0x7f0000000540), &(0x7f0000000580)='%pI4 \x00'}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r2}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r3, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112) 0s ago: executing program 2 (id=16): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800004e9d00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r4}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) kernel console output (not intermixed with test programs): [ 3.268700][ T101] udevd[101]: starting version 3.2.11 [ 3.293371][ T102] udevd[102]: starting eudev-3.2.11 [ 3.295260][ T101] udevd (101) used greatest stack depth: 22992 bytes left [ 3.417084][ T103] udevadm (103) used greatest stack depth: 22256 bytes left [ 10.792006][ T28] kauditd_printk_skb: 50 callbacks suppressed [ 10.792019][ T28] audit: type=1400 audit(1726029529.166:61): avc: denied { transition } for pid=223 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 10.797088][ T28] audit: type=1400 audit(1726029529.166:62): avc: denied { noatsecure } for pid=223 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 10.799772][ T28] audit: type=1400 audit(1726029529.166:63): avc: denied { write } for pid=223 comm="sh" path="pipe:[14212]" dev="pipefs" ino=14212 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 10.803089][ T28] audit: type=1400 audit(1726029529.166:64): avc: denied { rlimitinh } for pid=223 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 10.806385][ T28] audit: type=1400 audit(1726029529.166:65): avc: denied { siginh } for pid=223 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.96' (ED25519) to the list of known hosts. [ 17.649698][ T28] audit: type=1400 audit(1726029536.026:66): avc: denied { mounton } for pid=279 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 17.650622][ T279] cgroup: Unknown subsys name 'net' [ 17.652892][ T28] audit: type=1400 audit(1726029536.026:67): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 17.656830][ T28] audit: type=1400 audit(1726029536.026:68): avc: denied { unmount } for pid=279 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 17.656962][ T279] cgroup: Unknown subsys name 'devices' [ 17.777425][ T279] cgroup: Unknown subsys name 'hugetlb' [ 17.782816][ T279] cgroup: Unknown subsys name 'rlimit' [ 17.911855][ T28] audit: type=1400 audit(1726029536.286:69): avc: denied { setattr } for pid=279 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 17.934967][ T28] audit: type=1400 audit(1726029536.286:70): avc: denied { mounton } for pid=279 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 17.955164][ T282] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 17.959691][ T28] audit: type=1400 audit(1726029536.286:71): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 17.975267][ T279] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 17.990761][ T28] audit: type=1400 audit(1726029536.346:72): avc: denied { relabelto } for pid=282 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 18.024451][ T28] audit: type=1400 audit(1726029536.346:73): avc: denied { write } for pid=282 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 18.049950][ T28] audit: type=1400 audit(1726029536.346:74): avc: denied { read } for pid=279 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 18.075383][ T28] audit: type=1400 audit(1726029536.346:75): avc: denied { open } for pid=279 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 18.541737][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 18.548690][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 18.555924][ T288] device bridge_slave_0 entered promiscuous mode [ 18.565823][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 18.572652][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 18.579853][ T288] device bridge_slave_1 entered promiscuous mode [ 18.666418][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 18.673258][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 18.680561][ T291] device bridge_slave_0 entered promiscuous mode [ 18.687198][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 18.694024][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 18.701304][ T291] device bridge_slave_1 entered promiscuous mode [ 18.712523][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 18.719421][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 18.726472][ T289] device bridge_slave_0 entered promiscuous mode [ 18.740571][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 18.747466][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 18.754683][ T289] device bridge_slave_1 entered promiscuous mode [ 18.787681][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 18.794523][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 18.801785][ T290] device bridge_slave_0 entered promiscuous mode [ 18.811714][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 18.818757][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 18.825936][ T290] device bridge_slave_1 entered promiscuous mode [ 18.869126][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 18.876036][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 18.883293][ T292] device bridge_slave_0 entered promiscuous mode [ 18.899185][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 18.906037][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 18.913119][ T292] device bridge_slave_1 entered promiscuous mode [ 18.970903][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 18.977774][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 18.984884][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 18.991741][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.044063][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.050914][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.058008][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.064783][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.110536][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.117395][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.124480][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.131290][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.166777][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.173620][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.180756][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.187513][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.211723][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.218582][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.225718][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.232456][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.240371][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.248601][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.257177][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.264173][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.271260][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.278328][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.285236][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.292346][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.299288][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.306224][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.313890][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 19.321158][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.347552][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.354978][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.363365][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.371288][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.378120][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.385700][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.393681][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.400514][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.407764][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.415735][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.422553][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.429736][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.437633][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.444364][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.451764][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.459497][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 19.475933][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.483689][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 19.491694][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.499508][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 19.523597][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 19.536900][ T291] device veth0_vlan entered promiscuous mode [ 19.546179][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 19.553826][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 19.562013][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 19.575252][ T289] device veth0_vlan entered promiscuous mode [ 19.588565][ T288] device veth0_vlan entered promiscuous mode [ 19.596053][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 19.604096][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 19.611559][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.618811][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 19.626858][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 19.634857][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 19.643002][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.650922][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.657754][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.664882][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 19.672955][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.680860][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.687598][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.694719][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 19.702350][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 19.710014][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 19.717709][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 19.725614][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 19.732845][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 19.740499][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 19.747709][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 19.769373][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 19.777196][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.784829][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 19.792672][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 19.803220][ T289] device veth1_macvtap entered promiscuous mode [ 19.813843][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 19.822168][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 19.830317][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 19.837683][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 19.845504][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 19.860512][ T291] device veth1_macvtap entered promiscuous mode [ 19.867571][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 19.874837][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.882133][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 19.890432][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.898350][ T40] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.905161][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.912505][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 19.920561][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.928574][ T40] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.935389][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.943112][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 19.951164][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 19.959132][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 19.974802][ T290] device veth0_vlan entered promiscuous mode [ 19.982581][ T288] device veth1_macvtap entered promiscuous mode [ 19.995097][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 20.003087][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 20.011203][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.019243][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 20.027099][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.034781][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 20.042633][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.050315][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 20.057989][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 20.065752][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 20.073699][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.081957][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 20.090059][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.098157][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 20.106196][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.114203][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 20.122614][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.139978][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 20.147275][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 20.164687][ T290] device veth1_macvtap entered promiscuous mode [ 20.172742][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 20.180848][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.189403][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 20.197532][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.205835][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 20.213783][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.221915][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 20.232085][ T292] device veth0_vlan entered promiscuous mode [ 20.253299][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 20.261043][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 20.273174][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 20.281306][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.289502][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 20.297602][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.306025][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 20.313355][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 20.358190][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 20.371829][ T323] Zero length message leads to an empty skb [ 20.372285][ T292] device veth1_macvtap entered promiscuous mode [ 20.398026][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 20.404182][ T326] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 20.413374][ T327] loop3: detected capacity change from 0 to 1024 [ 20.429946][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.448589][ T327] EXT4-fs: Ignoring removed orlov option [ 20.456551][ T326] loop2: detected capacity change from 0 to 256 [ 20.463128][ T327] EXT4-fs (loop3): Test dummy encryption mode enabled [ 20.465971][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 20.482183][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.494704][ T326] ======================================================= [ 20.494704][ T326] WARNING: The mand mount option has been deprecated and [ 20.494704][ T326] and is ignored by this kernel. Remove the mand [ 20.494704][ T326] option from the mount to silence this warning. [ 20.494704][ T326] ======================================================= [ 20.523583][ T327] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 20.551630][ T342] device pim6reg1 entered promiscuous mode [ 20.574349][ T327] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 20.618955][ T349] syz.4.10[349] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 20.619021][ T349] syz.4.10[349] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 20.619922][ T347] loop1: detected capacity change from 0 to 1024 [ 20.648656][ T327] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 20.671441][ T347] EXT4-fs: Ignoring removed orlov option [ 20.679813][ T289] EXT4-fs (loop3): unmounting filesystem. [ 20.681830][ T349] loop4: detected capacity change from 0 to 256 [ 20.693025][ T349] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 20.713995][ T347] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 20.716482][ T354] xt_hashlimit: size too large, truncated to 1048576 [ 20.785385][ T347] ================================================================== [ 20.793277][ T347] BUG: KASAN: use-after-free in ext4_search_dir+0xf7/0x1b0 [ 20.800306][ T347] Read of size 1 at addr ffff88812016e900 by task syz.1.11/347 [ 20.807684][ T347] [ 20.809858][ T347] CPU: 0 PID: 347 Comm: syz.1.11 Not tainted 6.1.93-syzkaller-00002-gd02968a02321 #0 [ 20.819138][ T347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 20.829040][ T347] Call Trace: [ 20.832155][ T347] [ 20.834931][ T347] dump_stack_lvl+0x151/0x1b7 [ 20.839448][ T347] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 20.844740][ T347] ? _printk+0xd1/0x111 [ 20.848737][ T347] ? __virt_addr_valid+0x242/0x2f0 [ 20.853680][ T347] print_report+0x158/0x4e0 [ 20.858019][ T347] ? 0xffffffffa000066c [ 20.862015][ T347] ? __virt_addr_valid+0x242/0x2f0 [ 20.866965][ T347] ? kasan_addr_to_slab+0xd/0x80 [ 20.871734][ T347] ? ext4_search_dir+0xf7/0x1b0 [ 20.876423][ T347] kasan_report+0x13c/0x170 [ 20.880761][ T347] ? ext4_search_dir+0xf7/0x1b0 [ 20.885449][ T347] __asan_report_load1_noabort+0x14/0x20 [ 20.890917][ T347] ext4_search_dir+0xf7/0x1b0 [ 20.895447][ T347] ext4_find_inline_entry+0x4b6/0x5e0 [ 20.900639][ T347] ? ext4_try_create_inline_dir+0x320/0x320 [ 20.906365][ T347] ? kasan_save_alloc_info+0x1f/0x30 [ 20.911486][ T347] ? __kasan_slab_alloc+0x6c/0x80 [ 20.916348][ T347] ? slab_post_alloc_hook+0x53/0x2c0 [ 20.921468][ T347] ? kmem_cache_alloc_lru+0x102/0x220 [ 20.926676][ T347] ? __d_alloc+0x34/0x700 [ 20.930843][ T347] __ext4_find_entry+0x2b0/0x1af0 [ 20.935706][ T347] ? ext4_fname_setup_ci_filename+0x70/0x480 [ 20.941515][ T347] ? ext4_ci_compare+0x660/0x660 [ 20.946292][ T347] ? memcpy+0x56/0x70 [ 20.950106][ T347] ? ext4_fname_prepare_lookup+0x3b5/0x4e0 [ 20.955748][ T347] ? kasan_save_alloc_info+0x1f/0x30 [ 20.960868][ T347] ? generic_set_encrypted_ci_d_ops+0x91/0xf0 [ 20.966773][ T347] ext4_lookup+0x176/0x740 [ 20.971023][ T347] ? ext4_add_entry+0xed0/0xed0 [ 20.975708][ T347] ? _raw_spin_lock+0xa4/0x1b0 [ 20.980312][ T347] ? _raw_spin_unlock+0x4c/0x70 [ 20.984994][ T347] ? d_alloc+0x199/0x1d0 [ 20.989079][ T347] lookup_one_qstr_excl+0x143/0x290 [ 20.994110][ T347] filename_create+0x28e/0x530 [ 20.998710][ T347] ? kern_path_create+0x1a0/0x1a0 [ 21.003567][ T347] ? kasan_save_alloc_info+0x1f/0x30 [ 21.008691][ T347] do_mkdirat+0xbd/0x450 [ 21.012771][ T347] ? strncpy_from_user+0x169/0x2b0 [ 21.017836][ T347] ? vfs_mkdir+0x570/0x570 [ 21.022068][ T347] ? getname_flags+0x1fd/0x520 [ 21.026675][ T347] __x64_sys_mkdirat+0x89/0xa0 [ 21.031268][ T347] x64_sys_call+0x6c6/0x9a0 [ 21.035695][ T347] do_syscall_64+0x3b/0xb0 [ 21.039947][ T347] ? clear_bhb_loop+0x55/0xb0 [ 21.044462][ T347] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 21.050192][ T347] RIP: 0033:0x7f12d7d7c797 [ 21.054442][ T347] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 21.073884][ T347] RSP: 002b:00007f12d8b92e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 21.082127][ T347] RAX: ffffffffffffffda RBX: 00007f12d8b92ef0 RCX: 00007f12d7d7c797 [ 21.089940][ T347] RDX: 00000000000001ff RSI: 0000000020000080 RDI: 00000000ffffff9c [ 21.097753][ T347] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 21.105561][ T347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000080 [ 21.113372][ T347] R13: 00007f12d8b92eb0 R14: 0000000000000000 R15: 0000000000000000 [ 21.121199][ T347] [ 21.124049][ T347] [ 21.126218][ T347] The buggy address belongs to the physical page: [ 21.132479][ T347] page:ffffea0004805b80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12016e [ 21.142535][ T347] flags: 0x4000000000000000(zone=1) [ 21.147585][ T347] raw: 4000000000000000 ffffea0004805708 ffffea0004805948 0000000000000000 [ 21.155994][ T347] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 21.164407][ T347] page dumped because: kasan: bad access detected [ 21.170663][ T347] page_owner tracks the page as freed [ 21.175862][ T347] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 324, tgid 324 (syz.3.7), ts 20561089200, free_ts 20664896914 [ 21.194700][ T347] post_alloc_hook+0x213/0x220 [ 21.199297][ T347] prep_new_page+0x1b/0x110 [ 21.203636][ T347] get_page_from_freelist+0x27ea/0x2870 [ 21.209018][ T347] __alloc_pages+0x3a1/0x780 [ 21.213444][ T347] __folio_alloc+0x15/0x40 [ 21.217696][ T347] wp_page_copy+0x23b/0x1690 [ 21.222123][ T347] do_wp_page+0xc5c/0xf30 [ 21.226288][ T347] handle_mm_fault+0x15e0/0x30e0 [ 21.231064][ T347] exc_page_fault+0x3b3/0x6d0 [ 21.235575][ T347] asm_exc_page_fault+0x27/0x30 [ 21.240262][ T347] page last free stack trace: [ 21.244776][ T347] free_unref_page_prepare+0x83d/0x850 [ 21.250071][ T347] free_unref_page_list+0xf1/0x7b0 [ 21.255016][ T347] release_pages+0xf7f/0xfe0 [ 21.259444][ T347] free_pages_and_swap_cache+0x8a/0xa0 [ 21.264738][ T347] tlb_finish_mmu+0x1e0/0x3f0 [ 21.269252][ T347] exit_mmap+0x460/0xbe0 [ 21.273332][ T347] __mmput+0x95/0x310 [ 21.277149][ T347] mmput+0x56/0x170 [ 21.280794][ T347] do_exit+0xb29/0x2b80 [ 21.284787][ T347] do_group_exit+0x21a/0x2d0 [ 21.289216][ T347] get_signal+0x169d/0x1820 [ 21.293554][ T347] arch_do_signal_or_restart+0xb0/0x16f0 [ 21.299021][ T347] exit_to_user_mode_loop+0x74/0xa0 [ 21.304056][ T347] exit_to_user_mode_prepare+0x5a/0xa0 [ 21.309349][ T347] syscall_exit_to_user_mode+0x26/0x130 [ 21.314732][ T347] do_syscall_64+0x47/0xb0 [ 21.318985][ T347] [ 21.321154][ T347] Memory state around the buggy address: [ 21.326625][ T347] ffff88812016e800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.334523][ T347] ffff88812016e880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.342421][ T347] >ffff88812016e900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.350317][ T347] ^ [ 21.354225][ T347] ffff88812016e980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.362124][ T347] ffff88812016ea00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.370019][ T347] ================================================================== [ 21.389796][ T347] Disabling lock debugging due to kernel taint [ 21.396717][ T347] EXT4-fs error (device loop1): ext4_find_dest_de:2112: inode #12: block 7: comm syz.1.11: bad entry in directory: directory entry overrun - offset=0, inode=1793120026, rec_len=34652, size=56 fake=0 [ 21.415296][ T359] syz.3.12 (359) used greatest stack depth: 21488 bytes left [ 21.440290][ T291] EXT4-fs error (device loop1): ext4_lookup:1855: inode #11: comm syz-executor: iget: bad extra_isize 62855 (inode size 256) [ 21.453642][ T291] EXT4-fs error (device loop1): ext4_lookup:1855: inode #11: comm syz-executor: iget: bad extra_isize 62855 (inode size 256) [ 21.498075][ T291] EXT4-fs (loop1): unmounting filesystem. [ 21.506550][ T291] syz-executor (291) used greatest stack depth: 21200 bytes left [ 21.996258][ T8] device bridge_slave_1 left promiscuous mode [ 22.002202][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.009873][ T8] device bridge_slave_0 left promiscuous mode [ 22.015898][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.024137][ T8] device veth1_macvtap left promiscuous mode [ 22.030261][ T8] device veth0_vlan left promiscuous mode