[ 31.091290] kauditd_printk_skb: 8 callbacks suppressed [ 31.091297] audit: type=1800 audit(1555022545.204:33): pid=6805 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 31.122990] audit: type=1800 audit(1555022545.204:34): pid=6805 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 60.087956] random: sshd: uninitialized urandom read (32 bytes read) [ 60.604600] audit: type=1400 audit(1555022574.714:35): avc: denied { map } for pid=6980 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 60.667486] random: sshd: uninitialized urandom read (32 bytes read) [ 61.259482] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.47' (ECDSA) to the list of known hosts. [ 66.890122] random: sshd: uninitialized urandom read (32 bytes read) 2019/04/11 22:43:01 fuzzer started [ 67.088062] audit: type=1400 audit(1555022581.194:36): avc: denied { map } for pid=6989 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 68.791567] random: cc1: uninitialized urandom read (8 bytes read) 2019/04/11 22:43:03 dialing manager at 10.128.0.105:38417 2019/04/11 22:43:03 syscalls: 2412 2019/04/11 22:43:03 code coverage: enabled 2019/04/11 22:43:03 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/04/11 22:43:03 extra coverage: extra coverage is not supported by the kernel 2019/04/11 22:43:03 setuid sandbox: enabled 2019/04/11 22:43:03 namespace sandbox: enabled 2019/04/11 22:43:03 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/11 22:43:03 fault injection: enabled 2019/04/11 22:43:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/11 22:43:03 net packet injection: enabled 2019/04/11 22:43:03 net device setup: enabled [ 70.824958] random: crng init done 22:43:49 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = accept$unix(0xffffffffffffffff, 0x0, 0x0) fstatfs(r0, 0x0) 22:43:49 executing program 2: 22:43:49 executing program 1: 22:43:49 executing program 3: 22:43:49 executing program 4: 22:43:49 executing program 5: [ 115.285931] audit: type=1400 audit(1555022629.394:37): avc: denied { map } for pid=7005 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13346 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 116.180213] IPVS: ftp: loaded support on port[0] = 21 [ 116.502571] chnl_net:caif_netlink_parms(): no params data found [ 116.513055] IPVS: ftp: loaded support on port[0] = 21 [ 116.557990] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.564946] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.572131] device bridge_slave_0 entered promiscuous mode [ 116.586028] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.592473] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.599356] device bridge_slave_1 entered promiscuous mode [ 116.617512] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 116.626209] IPVS: ftp: loaded support on port[0] = 21 [ 116.636596] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 116.686657] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 116.694639] team0: Port device team_slave_0 added [ 116.714957] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 116.722010] team0: Port device team_slave_1 added [ 116.729348] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 116.738775] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 116.753625] chnl_net:caif_netlink_parms(): no params data found [ 116.843346] IPVS: ftp: loaded support on port[0] = 21 [ 116.843449] device hsr_slave_0 entered promiscuous mode [ 116.890470] device hsr_slave_1 entered promiscuous mode [ 116.930533] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 116.939423] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 116.968806] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.975521] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.982435] device bridge_slave_0 entered promiscuous mode [ 116.995283] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.001867] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.011609] device bridge_slave_1 entered promiscuous mode [ 117.030855] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 117.040830] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 117.072697] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 117.079882] team0: Port device team_slave_0 added [ 117.096212] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 117.103784] team0: Port device team_slave_1 added [ 117.109509] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.116031] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.122881] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.129204] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.174102] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 117.181756] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 117.197639] IPVS: ftp: loaded support on port[0] = 21 [ 117.222523] chnl_net:caif_netlink_parms(): no params data found [ 117.292342] device hsr_slave_0 entered promiscuous mode [ 117.330402] device hsr_slave_1 entered promiscuous mode [ 117.371010] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 117.384057] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 117.435518] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.442226] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.449088] device bridge_slave_0 entered promiscuous mode [ 117.490685] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.497043] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.504157] device bridge_slave_1 entered promiscuous mode [ 117.514323] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.520703] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.527312] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.533691] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.546198] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.553318] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.561976] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.568538] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.592328] chnl_net:caif_netlink_parms(): no params data found [ 117.602737] IPVS: ftp: loaded support on port[0] = 21 [ 117.623187] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 117.635324] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 117.660299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.695995] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 117.712687] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 117.719905] team0: Port device team_slave_0 added [ 117.727802] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 117.735262] team0: Port device team_slave_1 added [ 117.751722] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.758134] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.765231] device bridge_slave_0 entered promiscuous mode [ 117.808694] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 117.817005] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 117.824569] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.831056] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.838057] device bridge_slave_1 entered promiscuous mode [ 117.862647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 117.870495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 117.877625] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 117.933594] device hsr_slave_0 entered promiscuous mode [ 117.970472] device hsr_slave_1 entered promiscuous mode [ 118.032960] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 118.041687] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 118.050499] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 118.062231] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 118.068307] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.078408] chnl_net:caif_netlink_parms(): no params data found [ 118.092064] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 118.124827] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 118.134633] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 118.141859] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 118.148866] team0: Port device team_slave_0 added [ 118.154929] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 118.163124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 118.170901] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.177229] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.188842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.196161] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 118.215730] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 118.223697] team0: Port device team_slave_1 added [ 118.245973] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.252454] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.259274] device bridge_slave_0 entered promiscuous mode [ 118.265712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 118.273588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 118.281548] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.287885] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.297220] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 118.308660] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 118.316100] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 118.325708] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.333264] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.340258] device bridge_slave_1 entered promiscuous mode [ 118.351474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 118.402968] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 118.411096] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 118.424042] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 118.444232] chnl_net:caif_netlink_parms(): no params data found [ 118.457567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 118.467329] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 118.522423] device hsr_slave_0 entered promiscuous mode [ 118.560650] device hsr_slave_1 entered promiscuous mode [ 118.602078] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 118.608436] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 118.619235] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 118.634588] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 118.644025] team0: Port device team_slave_0 added [ 118.649688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 118.656827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 118.664874] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 118.680484] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 118.687549] team0: Port device team_slave_1 added [ 118.693786] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 118.701622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 118.709303] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 118.717518] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 118.730896] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 118.739882] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 118.747010] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 118.755204] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 118.761628] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.768070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 118.775778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 118.797977] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 118.809873] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.816652] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.823933] device bridge_slave_0 entered promiscuous mode [ 118.832185] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 118.840529] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.846869] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.854111] device bridge_slave_1 entered promiscuous mode [ 118.862259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 118.869689] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 118.877396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 118.885394] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 118.893026] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.899345] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.913206] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 118.922229] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 118.939728] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 118.983680] device hsr_slave_0 entered promiscuous mode [ 119.020488] device hsr_slave_1 entered promiscuous mode [ 119.060412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 119.067928] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 119.075410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.083245] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.091062] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.097388] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.104353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.129887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.138447] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 119.148492] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 119.157014] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 119.168066] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 119.176787] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 119.184613] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 119.196453] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 119.216685] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 119.225285] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 119.235931] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 119.242081] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.248479] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 119.255921] team0: Port device team_slave_0 added [ 119.262112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.269714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.276642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.285839] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 119.295631] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 119.306010] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 119.314610] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 119.323217] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 119.330788] team0: Port device team_slave_1 added [ 119.335985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 119.344616] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.352533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.360393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.367919] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.374301] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.383153] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 119.396292] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 119.404309] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 119.412027] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 119.419045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 119.427633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 119.435473] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 119.443158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.451359] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.459085] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.465473] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.474819] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 119.485361] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.494400] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 119.502221] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 119.517885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 119.528445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 119.536009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.545882] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 119.554852] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 119.573463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.580104] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 119.587503] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 119.595913] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.606947] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 119.613516] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 119.628057] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 119.638554] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 119.656496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 119.664747] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.682797] device hsr_slave_0 entered promiscuous mode [ 119.720394] device hsr_slave_1 entered promiscuous mode [ 119.762099] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 119.769224] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 119.786536] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 119.795464] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 119.803523] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.809651] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 119.819993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.827233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.835615] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 119.846498] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 119.855437] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 119.865662] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.874849] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 119.891341] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 119.903291] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 119.910788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 119.919345] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 119.927278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 119.935348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 119.943129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 119.953077] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 119.960681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.968532] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.976551] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.982934] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.990420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.998301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.006381] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.012780] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.021415] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 120.036812] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 120.043492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 120.057201] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 22:43:54 executing program 0: [ 120.069536] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 120.083532] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 120.098677] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 120.107238] 8021q: adding VLAN 0 to HW filter on device batadv0 22:43:54 executing program 0: 22:43:54 executing program 0: [ 120.122863] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 120.133673] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 120.156243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 120.166751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 22:43:54 executing program 0: [ 120.184880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 120.205606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 120.216283] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 120.224175] 8021q: adding VLAN 0 to HW filter on device team0 22:43:54 executing program 0: 22:43:54 executing program 0: [ 120.249018] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 120.265703] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 120.281602] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 120.293417] 8021q: adding VLAN 0 to HW filter on device batadv0 22:43:54 executing program 0: [ 120.300713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.308623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.325380] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.331796] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.339459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.347928] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.360642] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.367302] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.374543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 120.386406] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.394775] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 120.402231] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 120.414485] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 120.423729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 120.437066] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.445958] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 120.455456] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 120.465119] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 120.472644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 120.481254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 120.489191] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 22:43:54 executing program 2: [ 120.497265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.505416] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.528929] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 120.558587] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 120.566609] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 120.579481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 120.595150] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 120.606182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 120.614318] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.622416] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 120.631024] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 120.643900] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready 22:43:54 executing program 1: [ 120.653757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.666439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 120.681444] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.689383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 120.702282] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.720797] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 120.734415] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 120.742586] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 120.748715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.756847] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.767948] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.776375] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 120.785844] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 120.795880] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 120.804696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 120.811969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.825188] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 120.840497] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 120.846616] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.856507] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.868199] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 120.880564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.888597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.896906] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.903295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.911480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 120.920801] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 120.930640] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 120.937505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.946295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.954133] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.960552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.967854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 120.978344] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 120.986276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 120.998720] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 121.007373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 121.015608] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 121.025534] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 121.034035] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 121.041152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 121.049198] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 121.062083] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 121.070466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 121.079047] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 121.091419] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 121.099846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 121.115997] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 121.128366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 121.144014] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 121.151632] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 121.169021] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 121.181378] 8021q: adding VLAN 0 to HW filter on device batadv0 22:43:56 executing program 3: migrate_pages(0x0, 0x101, &(0x7f00000000c0)=0x3, &(0x7f0000000100)=0x3) 22:43:56 executing program 0: 22:43:56 executing program 2: 22:43:56 executing program 1: 22:43:56 executing program 4: 22:43:56 executing program 5: r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @ah_ip4_spec={@remote, @multicast1}, {0x0, @remote}, @usr_ip6_spec={@empty, @initdev}, {0x0, @local}}}}) 22:43:56 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x800006}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=@ipmr_getroute={0x1c, 0x1e, 0x525, 0x0, 0x0, {0xa00000a}}, 0x1c}}, 0x0) 22:43:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000000080)=0x7f, 0x4) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd9c) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1b, &(0x7f00000000c0)=ANY=[@ANYBLOB='B'], 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 22:43:56 executing program 3: syz_emit_ethernet(0x66, &(0x7f00000f8000)={@random="cd390b081bf2", @local, [], {@ipv6={0x86dd, {0x0, 0x6, "a2fbe8", 0x30, 0x3a, 0x0, @ipv4={[], [], @multicast2}, @mcast2={0xff, 0xf}, {[], @icmpv6=@pkt_toobig={0x4, 0x2, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x0, 0x0, @mcast2, @loopback}}}}}}}, 0x0) 22:43:56 executing program 1: r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000040)=0xffffffffffffffb4, 0x8) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c4600000000"], 0x8) read$eventfd(r0, &(0x7f0000000000), 0x8) 22:43:56 executing program 4: 22:43:56 executing program 5: r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @ah_ip4_spec={@remote, @multicast1}, {0x0, @remote}, @usr_ip6_spec={@empty, @initdev}, {0x0, @local}}}}) 22:43:56 executing program 0: 22:43:56 executing program 4: 22:43:56 executing program 5: r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @ah_ip4_spec={@remote, @multicast1}, {0x0, @remote}, @usr_ip6_spec={@empty, @initdev}, {0x0, @local}}}}) 22:43:56 executing program 3: [ 122.488734] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 22:43:56 executing program 1: r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000040)=0xffffffffffffffb4, 0x8) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c4600000000"], 0x8) read$eventfd(r0, &(0x7f0000000000), 0x8) 22:43:56 executing program 4: 22:43:56 executing program 0: 22:43:56 executing program 2: 22:43:56 executing program 4: 22:43:56 executing program 5: r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @ah_ip4_spec={@remote, @multicast1}, {0x0, @remote}, @usr_ip6_spec={@empty, @initdev}, {0x0, @local}}}}) 22:43:56 executing program 3: 22:43:56 executing program 0: 22:43:56 executing program 1: 22:43:56 executing program 0: 22:43:56 executing program 1: 22:43:56 executing program 2: 22:43:56 executing program 3: 22:43:56 executing program 4: 22:43:56 executing program 0: 22:43:56 executing program 5: ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @ah_ip4_spec={@remote, @multicast1}, {0x0, @remote}, @usr_ip6_spec={@empty, @initdev}, {0x0, @local}}}}) 22:43:56 executing program 3: 22:43:56 executing program 2: syz_execute_func(&(0x7f0000000000)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") r0 = socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x200, 0x0, 0x0, 0x0, 0x0) creat(&(0x7f0000000000)='./file1\x00', 0x28) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) r2 = dup2(r0, r1) execve(&(0x7f00000002c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) open$dir(&(0x7f00000000c0)='./file0\x00', 0x841, 0x0) clone(0x7102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000240)='./file1\x00', 0x0, 0x0) sendmsg$TIPC_NL_NET_SET(r2, &(0x7f0000000340)={0x0, 0xfffffffffffffef5, &(0x7f0000000300)={0x0}}, 0x0) 22:43:56 executing program 4: r0 = socket(0x10, 0x802, 0x0) getsockopt(r0, 0x100000001, 0x1, 0x0, &(0x7f0000001080)) 22:43:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:43:57 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280), 0x3) 22:43:57 executing program 5: ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @ah_ip4_spec={@remote, @multicast1}, {0x0, @remote}, @usr_ip6_spec={@empty, @initdev}, {0x0, @local}}}}) 22:43:57 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:57 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r0, 0x29, 0xd0, &(0x7f0000b67000), &(0x7f0000000000)=0x4) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000a6c000/0x3000)=nil, 0x3000, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) writev(r2, &(0x7f0000000700), 0x100000000000000d) write$RDMA_USER_CM_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) 22:43:57 executing program 5: ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @ah_ip4_spec={@remote, @multicast1}, {0x0, @remote}, @usr_ip6_spec={@empty, @initdev}, {0x0, @local}}}}) 22:43:57 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280), 0x3) 22:43:57 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:43:57 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:57 executing program 2: r0 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) write$P9_RWALK(0xffffffffffffffff, 0x0, 0x1ca) r1 = gettid() write$P9_RWSTAT(0xffffffffffffffff, 0x0, 0x551b0e7e) timer_create(0x0, &(0x7f0000000040)={0x0, 0x12}, &(0x7f0000044000)) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) sendmmsg(r0, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) write$P9_RLOPEN(0xffffffffffffffff, 0x0, 0x0) tkill(r1, 0x16) 22:43:57 executing program 5: socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @ah_ip4_spec={@remote, @multicast1}, {0x0, @remote}, @usr_ip6_spec={@empty, @initdev}, {0x0, @local}}}}) 22:43:57 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:57 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:57 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]}) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffff9c, 0x6, 0x1d, &(0x7f0000000000), &(0x7f0000000040)=0x14) 22:43:57 executing program 5: socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @ah_ip4_spec={@remote, @multicast1}, {0x0, @remote}, @usr_ip6_spec={@empty, @initdev}, {0x0, @local}}}}) 22:43:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:43:57 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:57 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:57 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = epoll_create1(0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, 0x0) 22:43:57 executing program 5: socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)=@ethtool_rxnfc={0x0, 0x0, 0x0, {0x0, @ah_ip4_spec={@remote, @multicast1}, {0x0, @remote}, @usr_ip6_spec={@empty, @initdev}, {0x0, @local}}}}) 22:43:57 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:57 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:57 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]}) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffff9c, 0x6, 0x1d, 0x0, 0x0) 22:43:57 executing program 5: r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f2, 0x0) 22:43:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:43:57 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:57 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:57 executing program 5: r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f2, 0x0) 22:43:57 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:57 executing program 5: r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f2, 0x0) 22:43:57 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, 0x0, 0x0) 22:43:57 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000004c0)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, 0x0, 0x0) 22:43:57 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:43:57 executing program 3: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:57 executing program 5: r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', 0x0}) 22:43:57 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:57 executing program 3: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:58 executing program 2: 22:43:58 executing program 5: r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', 0x0}) 22:43:58 executing program 4: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$bt_rfcomm(r0, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:43:58 executing program 3: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:58 executing program 0: 22:43:58 executing program 5: r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f2, &(0x7f0000000040)={'ip6_vti0\x00', 0x0}) 22:43:58 executing program 2: 22:43:58 executing program 4: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$bt_rfcomm(r0, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:58 executing program 0: 22:43:58 executing program 2: 22:43:58 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x20, 0x10, 0xc362e63b3f31ba5f}, 0x20}}, 0x0) 22:43:58 executing program 3: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$bt_rfcomm(r0, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r0, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:58 executing program 4: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$bt_rfcomm(r0, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:58 executing program 2: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc028aa03, &(0x7f00000a0fe0)={{&(0x7f00005e3000/0x800000)=nil, 0x730000}, 0x200000}) prctl$PR_SET_MM(0x23, 0x0, &(0x7f0000d18000/0x2000)=nil) 22:43:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:43:58 executing program 0: r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) dup2(r0, r1) 22:43:58 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x20, 0x10, 0xc362e63b3f31ba5f}, 0x20}}, 0x0) 22:43:58 executing program 3: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$bt_rfcomm(r0, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r0, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:58 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) [ 124.302664] hrtimer: interrupt took 49034 ns 22:43:58 executing program 3: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$bt_rfcomm(r0, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r0, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:58 executing program 5: socketpair(0x1, 0x20001000000005, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) socket$kcm(0x2, 0xa, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x891b, &(0x7f0000000200)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x02\x00\xdc\xff\xc0\x00\x80\x00\x00\x00\x02?\xfa\xf3W\x14\xf9\x92N2\xde\xf8\xff\tj\xf3\xb8\xb4\xd2\xaf\x99\x97r\xe1v\xb2]W\xe4\xc3\xd9\xa7\xa4 \x90\x87\xa4\x1c#\x14\xa2\xee\xd0\xe3vY\xbc1\xdff4\x93O\xc6`%P\\c\xe7`;V\xfc7\xec\xd9,[\xc2\xeaL\xceg&\x1e7\xb9,\xe4\xf79i\xe2\xad\xf9\xf2\x85Z\x85\x15\xd8I&\x9e}\xeb\xb1\xa6Zf\x11\xf6\x01y\xe2\xcb\xa6\x95R\xaa\xff-\xfcU\x1c\x85\x9f\x8d\xc17l\xa5\xb9\xca\x9ej\xcf\xeeW') 22:43:58 executing program 0: r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) dup2(r0, r1) 22:43:58 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:58 executing program 2: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc028aa03, &(0x7f00000a0fe0)={{&(0x7f00005e3000/0x800000)=nil, 0x730000}, 0x200000}) prctl$PR_SET_MM(0x23, 0x0, &(0x7f0000d18000/0x2000)=nil) 22:43:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:43:58 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:58 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) ioctl$sock_ifreq(r1, 0x8937, &(0x7f0000000100)={'veth0\x00', @ifru_settings={0x10001, 0x0, @fr=0x0}}) setsockopt$inet_mtu(r1, 0x0, 0x3, 0x0, 0x0) 22:43:58 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:58 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x6, @remote}, 0x1cc) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000000c0)={r1, 0x1, 0x6, @remote}, 0x10) 22:43:58 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:43:58 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:58 executing program 2: mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x2172, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0xe000, 0x3, &(0x7f0000ff2000/0xe000)=nil) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@rand_addr="ce599df894ef063f5960fc4823cc6171"}, 0x20) 22:43:58 executing program 0: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$kcm(r0, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001680)=""/184, 0xb8}, 0x40000061) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000018c0)={0x0, 0x0}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000001900)={0x12, 0x5, 0x4, 0x1, 0x20, 0xffffffffffffff9c, 0x4, [], 0x0, r1, 0x2, 0xfffffffffffffc01}, 0x3c) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x7db, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000080)=ANY=[@ANYBLOB="00000900000000000700000000000000caa9690ac140b9e929e3f8654e79905b8a93f31c03e56b5a5f8a686a"]) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002740)}, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000000)) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x48, 0x100004000, {"f37e73429e0e58d6ce1ac2c2bdfaa00b53aed3c377814d5e3ab6c8a66df882629f589872f189a67bb58a912b2e32"}}, {0x0, "773775a7a850c8f05938ebf37fb6af8fe0f8b63ce340b15141308615e12e1292962edffde4836cb6879757c9e074e7953e7cb3084faa349a23f6b7d8715342413e67ebd8affec59267af0ee57a15411273a286bc17e4a8e1617d97b0d3f111c8c8b083a2d54881b7b77d92c13f011aec2ebb29b6b83baa92ded36efb512220022f64f492437f3b8c19edbff31fe602391f0febb860e2e23e2b50c4e2fce9101cf23eaf9672725bb4e50fe5b3bf2e17b4c63d6aed29337d4dad515ed01c2333000ba36403738491d80a6789e00a121452069fb8476d2ebd6e9358395f9b30"}}, 0x0, 0x128, 0x0, 0x100000}, 0x20) socketpair(0x0, 0x0, 0x0, 0x0) gettid() perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000000)={0x1, 0x9, [@link_local, @broadcast, @remote, @broadcast, @broadcast, @empty, @remote, @dev={[], 0x17}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}]}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) [ 124.630283] protocol 88fb is buggy, dev hsr_slave_0 [ 124.635550] protocol 88fb is buggy, dev hsr_slave_1 22:43:58 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:58 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0xa, 0x3, 0x11) sendmsg$kcm(r1, &(0x7f00000027c0)={&(0x7f0000000280)=@nl=@unspec={0x0, 0x1100, 0x0, 0xfffffdef}, 0x80, 0x0}, 0x0) 22:43:58 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:43:58 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:58 executing program 2: mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x2172, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0xe000, 0x3, &(0x7f0000ff2000/0xe000)=nil) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@rand_addr="ce599df894ef063f5960fc4823cc6171"}, 0x20) 22:43:58 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:58 executing program 5: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x40000000002, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000507ed0080648c6394f20531d200050011404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1}, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x91) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f0000001940)=""/172, 0xac}], 0x1, &(0x7f0000001a40)=""/146, 0x92}, 0x0) 22:43:58 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:43:58 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:59 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) accept(0xffffffffffffffff, 0x0, &(0x7f0000000200)) syz_extract_tcp_res$synack(&(0x7f0000000340), 0x1, 0x0) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000380)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x9) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100000c7, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/igmp6\x00') setsockopt$netlink_NETLINK_CAP_ACK(0xffffffffffffffff, 0x10e, 0xa, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) [ 124.904186] audit: type=1400 audit(1555022639.004:38): avc: denied { create } for pid=7446 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 22:43:59 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) [ 125.031577] audit: type=1400 audit(1555022639.044:39): avc: denied { write } for pid=7446 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 22:43:59 executing program 0: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$kcm(r0, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001680)=""/184, 0xb8}, 0x40000061) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000018c0)={0x0, 0x0}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000001900)={0x12, 0x5, 0x4, 0x1, 0x20, 0xffffffffffffff9c, 0x4, [], 0x0, r1, 0x2, 0xfffffffffffffc01}, 0x3c) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x7db, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000080)=ANY=[@ANYBLOB="00000900000000000700000000000000caa9690ac140b9e929e3f8654e79905b8a93f31c03e56b5a5f8a686a"]) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002740)}, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000000)) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x48, 0x100004000, {"f37e73429e0e58d6ce1ac2c2bdfaa00b53aed3c377814d5e3ab6c8a66df882629f589872f189a67bb58a912b2e32"}}, {0x0, "773775a7a850c8f05938ebf37fb6af8fe0f8b63ce340b15141308615e12e1292962edffde4836cb6879757c9e074e7953e7cb3084faa349a23f6b7d8715342413e67ebd8affec59267af0ee57a15411273a286bc17e4a8e1617d97b0d3f111c8c8b083a2d54881b7b77d92c13f011aec2ebb29b6b83baa92ded36efb512220022f64f492437f3b8c19edbff31fe602391f0febb860e2e23e2b50c4e2fce9101cf23eaf9672725bb4e50fe5b3bf2e17b4c63d6aed29337d4dad515ed01c2333000ba36403738491d80a6789e00a121452069fb8476d2ebd6e9358395f9b30"}}, 0x0, 0x128, 0x0, 0x100000}, 0x20) socketpair(0x0, 0x0, 0x0, 0x0) gettid() perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000000)={0x1, 0x9, [@link_local, @broadcast, @remote, @broadcast, @broadcast, @empty, @remote, @dev={[], 0x17}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}]}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) 22:43:59 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:59 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:43:59 executing program 5: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x40000000002, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000507ed0080648c6394f20531d200050011404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1}, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x91) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f0000001940)=""/172, 0xac}], 0x1, &(0x7f0000001a40)=""/146, 0x92}, 0x0) 22:43:59 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:59 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:59 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$kcm(r0, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001680)=""/184, 0xb8}, 0x40000061) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000018c0)={0x0, 0x0}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000001900)={0x12, 0x5, 0x4, 0x1, 0x20, 0xffffffffffffff9c, 0x4, [], 0x0, r1, 0x2, 0xfffffffffffffc01}, 0x3c) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x7db, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000080)=ANY=[@ANYBLOB="00000900000000000700000000000000caa9690ac140b9e929e3f8654e79905b8a93f31c03e56b5a5f8a686a"]) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002740)}, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000000)) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x48, 0x100004000, {"f37e73429e0e58d6ce1ac2c2bdfaa00b53aed3c377814d5e3ab6c8a66df882629f589872f189a67bb58a912b2e32"}}, {0x0, "773775a7a850c8f05938ebf37fb6af8fe0f8b63ce340b15141308615e12e1292962edffde4836cb6879757c9e074e7953e7cb3084faa349a23f6b7d8715342413e67ebd8affec59267af0ee57a15411273a286bc17e4a8e1617d97b0d3f111c8c8b083a2d54881b7b77d92c13f011aec2ebb29b6b83baa92ded36efb512220022f64f492437f3b8c19edbff31fe602391f0febb860e2e23e2b50c4e2fce9101cf23eaf9672725bb4e50fe5b3bf2e17b4c63d6aed29337d4dad515ed01c2333000ba36403738491d80a6789e00a121452069fb8476d2ebd6e9358395f9b30"}}, 0x0, 0x128, 0x0, 0x100000}, 0x20) socketpair(0x0, 0x0, 0x0, 0x0) gettid() perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000000)={0x1, 0x9, [@link_local, @broadcast, @remote, @broadcast, @broadcast, @empty, @remote, @dev={[], 0x17}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}]}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) 22:43:59 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:43:59 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) 22:43:59 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, 0x0, 0x0) 22:43:59 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) accept(0xffffffffffffffff, 0x0, &(0x7f0000000200)) syz_extract_tcp_res$synack(&(0x7f0000000340), 0x1, 0x0) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000380)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x9) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100000c7, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/igmp6\x00') setsockopt$netlink_NETLINK_CAP_ACK(0xffffffffffffffff, 0x10e, 0xa, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) 22:43:59 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:43:59 executing program 0: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$kcm(r0, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001680)=""/184, 0xb8}, 0x40000061) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000018c0)={0x0, 0x0}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000001900)={0x12, 0x5, 0x4, 0x1, 0x20, 0xffffffffffffff9c, 0x4, [], 0x0, r1, 0x2, 0xfffffffffffffc01}, 0x3c) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x7db, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000080)=ANY=[@ANYBLOB="00000900000000000700000000000000caa9690ac140b9e929e3f8654e79905b8a93f31c03e56b5a5f8a686a"]) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002740)}, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000000)) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x48, 0x100004000, {"f37e73429e0e58d6ce1ac2c2bdfaa00b53aed3c377814d5e3ab6c8a66df882629f589872f189a67bb58a912b2e32"}}, {0x0, "773775a7a850c8f05938ebf37fb6af8fe0f8b63ce340b15141308615e12e1292962edffde4836cb6879757c9e074e7953e7cb3084faa349a23f6b7d8715342413e67ebd8affec59267af0ee57a15411273a286bc17e4a8e1617d97b0d3f111c8c8b083a2d54881b7b77d92c13f011aec2ebb29b6b83baa92ded36efb512220022f64f492437f3b8c19edbff31fe602391f0febb860e2e23e2b50c4e2fce9101cf23eaf9672725bb4e50fe5b3bf2e17b4c63d6aed29337d4dad515ed01c2333000ba36403738491d80a6789e00a121452069fb8476d2ebd6e9358395f9b30"}}, 0x0, 0x128, 0x0, 0x100000}, 0x20) socketpair(0x0, 0x0, 0x0, 0x0) gettid() perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000000)={0x1, 0x9, [@link_local, @broadcast, @remote, @broadcast, @broadcast, @empty, @remote, @dev={[], 0x17}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}]}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) 22:43:59 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, 0x0, 0x0) 22:43:59 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:59 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, 0x0, 0x0) 22:43:59 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:43:59 executing program 5: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x40000000002, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="2e0000001e000507ed0080648c6394f20531d200050011404b48000001000080000000000300f88000f01700d0bd", 0x2e}], 0x1}, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x91) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f0000001940)=""/172, 0xac}], 0x1, &(0x7f0000001a40)=""/146, 0x92}, 0x0) 22:43:59 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:00 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0x0, 0x1ff, 0x3}}, 0xa) 22:44:00 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:44:00 executing program 5: socket$packet(0x11, 0xa, 0x300) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000180)=0x1ff, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @loopback}, 0x10) recvmsg(r0, &(0x7f00000005c0)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000740)=[{&(0x7f0000003ac0)=""/4096, 0xd400}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 22:44:00 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) accept(0xffffffffffffffff, 0x0, &(0x7f0000000200)) syz_extract_tcp_res$synack(&(0x7f0000000340), 0x1, 0x0) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000380)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x9) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100000c7, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/igmp6\x00') setsockopt$netlink_NETLINK_CAP_ACK(0xffffffffffffffff, 0x10e, 0xa, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) 22:44:00 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) fstat(0xffffffffffffffff, 0x0) 22:44:00 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:00 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, 0x0, 0x0) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:44:00 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0x0, 0x1ff, 0x3}}, 0xa) 22:44:00 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, 0x0, 0x0) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:44:00 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0x0, 0x1ff, 0x3}}, 0xa) 22:44:00 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) [ 126.230136] protocol 88fb is buggy, dev hsr_slave_0 [ 126.235261] protocol 88fb is buggy, dev hsr_slave_1 22:44:00 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x0, 0x3}}, 0xa) 22:44:00 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:00 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, 0x0, 0x0) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) [ 126.710165] protocol 88fb is buggy, dev hsr_slave_0 [ 126.715306] protocol 88fb is buggy, dev hsr_slave_1 22:44:01 executing program 5: 22:44:01 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:01 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x0, 0x3}}, 0xa) 22:44:01 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0x0, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:44:01 executing program 2: 22:44:01 executing program 0: 22:44:01 executing program 2: 22:44:01 executing program 0: 22:44:01 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x0, 0x3}}, 0xa) 22:44:01 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0x0, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:44:01 executing program 5: 22:44:01 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_buf(r1, 0x29, 0x1a, 0x0, 0x104) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x42803) 22:44:01 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:01 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x50000}]}) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x24, &(0x7f00000040c0)={@multicast1, @broadcast}, &(0x7f0000004100)=0x8) 22:44:01 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff}}, 0xa) 22:44:01 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:01 executing program 5: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]}) fsetxattr$security_selinux(0xffffffffffffff9c, &(0x7f0000000380)='security.selinux\x00', &(0x7f00000003c0)='system_u:object_r:ipmi_device_t:s0\x00', 0x23, 0x3) 22:44:01 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0x0, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:44:01 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff}}, 0xa) 22:44:01 executing program 2: syz_execute_func(&(0x7f00000006c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) r2 = dup2(r0, r1) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execveat(r2, &(0x7f0000000100)='./file1/file0\x00', 0x0, 0x0, 0x0) ioctl$VT_RESIZE(r1, 0x5609, 0x0) 22:44:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:01 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000002d40), 0x2bc}}, {{0x0, 0x0, &(0x7f0000000040), 0x361, &(0x7f0000000140)}}], 0x40007aa, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") 22:44:01 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x0, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:44:01 executing program 0: perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_execute_func(&(0x7f0000000100)="f3e100def9575c8ac2c2c9734e424a2664f0ff064a460f3038082e67660e50e94d00c9c9c4625dbae5feabc4aba39ddf4507e50c420fae9972b571112d02") 22:44:01 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff}}, 0xa) 22:44:01 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x0, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:44:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:01 executing program 5: syz_emit_ethernet(0xba, &(0x7f0000000200)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x223}, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x4, 0x4, 0x0, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4004, 0x0, @local={0xac, 0x223}, @dev, {[@timestamp={0x8, 0x40, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {[@broadcast]}, {[@multicast1]}, {[@dev]}]}]}}}}}}}, 0x0) 22:44:01 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x122000000003, 0x11) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000003840)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000000340)=[{&(0x7f00000037c0)="d90d0000", 0x4}], 0x1}, 0x0) 22:44:01 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x6, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB='-rdma +'], 0x7) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') write$cgroup_subtree(r1, &(0x7f0000000080)={[{0x0, '\x03\x8a\xa1t\x03n\xd7\xe0\x8f\x93\xdd\x86\xdd'}]}, 0xfdef) 22:44:01 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x0, 0x3}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) [ 127.790386] device nr0 entered promiscuous mode [ 127.893899] device nr0 entered promiscuous mode 22:44:04 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000002100)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x117, 0x4}], 0x10}}], 0x1, 0x0) 22:44:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:04 executing program 4: r0 = socket$kcm(0x10, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000140)="fb0000002c00015bbfa9d345e7eb8d99c1ffffff0e00000043050c0060f49e2a697c00000000e2d70800000006000008b6000000801d5291636b48880665c2388d902e5ed76b8c674500000000affa33021eb82169b94b59829626cd8bb72935c922974adced71c22b987fa68c7bb731c5f64e93ea793c262f67b56acbb4bac0c47df9d0ca9bd5ad8a04c4437e99c2677d9d24fd47893808c33b047f720f4e89978112320828c7c1fbab650cdcafa532d3524ea85b198cb49066bf549933875e91431da2f42c88d613be8f1376094129bfd512d5160d7f1b0f47d951f5f7a371a861b9390ddbad53e9b678168ac8d157a656737a7ac0226d366cce", 0xfb}], 0x1}, 0x0) 22:44:04 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:44:04 executing program 5: r0 = socket$kcm(0xa, 0x122000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000003840)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000000340)=[{&(0x7f00000037c0)="d90d0000768606681d012f629c75adfa4208d5febf524a024aface6a6ac7d846ed2fa163e15ffb5033e9ad60", 0x2c}], 0x1}, 0x0) 22:44:04 executing program 0: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000300)='/dev/full\x00', 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x22002}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, &(0x7f0000000240)=0x3a3) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000380)={0x3, r0}) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef4146d8c8e169b93306f68f6214210965a2d8baa9f31a92c149e6cb208d567224eac76d78eb4"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x1}, 0x1, 0x0, 0x0, 0x80}, 0x4c004) msgget$private(0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 22:44:04 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) openat$selinux_avc_cache_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) [ 130.319740] netlink: 215 bytes leftover after parsing attributes in process `syz-executor.4'. 22:44:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:04 executing program 5: r0 = socket$kcm(0xa, 0x122000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000003840)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000000340)=[{&(0x7f00000037c0)="d90d0000768606681d012f629c75adfa4208d5febf524a024aface6a6ac7d846ed2fa163e15ffb5033e9ad60", 0x2c}], 0x1}, 0x0) 22:44:04 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:44:04 executing program 2: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) getpid() stat(0x0, 0x0) 22:44:04 executing program 5: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) stat(0x0, 0x0) 22:44:04 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff}}, 0xa) write$P9_ROPEN(r1, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:44:04 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) openat$selinux_avc_cache_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) [ 130.492581] SELinux: failed to load policy 22:44:04 executing program 2: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgget$private(0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) [ 130.536974] SELinux: failed to load policy 22:44:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:04 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000280)="0adc1f123c123f3188b070") madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0xc) [ 130.593366] SELinux: failed to load policy [ 130.687202] SELinux: failed to load policy [ 130.806721] audit: type=1400 audit(1555022644.914:40): avc: denied { read } for pid=7703 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 130.907758] overlayfs: failed to resolve './file1': -2 22:44:05 executing program 0: 22:44:05 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:44:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:05 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) openat$selinux_avc_cache_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:05 executing program 5: [ 130.962831] overlayfs: './file0' not a directory 22:44:05 executing program 5: 22:44:05 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:44:05 executing program 0: [ 131.066743] SELinux: failed to load policy 22:44:05 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) openat$selinux_avc_cache_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) [ 131.196660] SELinux: failed to load policy 22:44:05 executing program 2: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgget$private(0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) 22:44:05 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x12}, 0x5) 22:44:05 executing program 5: 22:44:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:05 executing program 0: 22:44:05 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:05 executing program 5: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgget$private(0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) 22:44:05 executing program 0: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgget$private(0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) 22:44:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:05 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, 0x0, 0x0) [ 131.359242] SELinux: failed to load policy 22:44:05 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$selinux_load(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:05 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, 0x0, 0x0) [ 131.629834] overlayfs: failed to resolve './file1': -2 22:44:05 executing program 2: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgget$private(0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) 22:44:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:05 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) bind$bt_rfcomm(r1, &(0x7f0000000280)={0x1f, {0xffffffffffffffff, 0x1ff, 0x3}}, 0xa) write$P9_ROPEN(r1, 0x0, 0x0) 22:44:05 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$selinux_load(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:05 executing program 3: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgget$private(0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) 22:44:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:06 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$selinux_load(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:06 executing program 5: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgget$private(0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) 22:44:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:06 executing program 0: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)="24000000100007031dfffd944ef20c0020200a0009000b00021d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) 22:44:06 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) [ 132.027134] audit: type=1400 audit(1555022646.124:41): avc: denied { create } for pid=7919 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 132.070585] SELinux: failed to load policy 22:44:06 executing program 2: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgget$private(0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) 22:44:06 executing program 0: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}}) 22:44:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:06 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) [ 132.288952] SELinux: failed to load policy 22:44:06 executing program 3: r0 = epoll_create1(0x80006) r1 = socket(0x15, 0xfffffffffffffffd, 0x2d) modify_ldt$read(0x0, &(0x7f0000000880)=""/111, 0x6f) sendmsg$nl_netfilter(r1, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000700)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="200000000f070007000003000000000097f93b39010e2c9dfb8f8c429b32ee136ae76d2f006e7f401159bf9c2fb0e64626b334ae26220ae4d4b3f22a6a61da781869345f04764dbd89eab1d3ce882b78efad2160b9ecec8109421ed75d8745bb9f5152fd9799ecb02401eaa9a88b41050038e4aa0e797b10506d790996c69c165c563dac9a325584998190c9e3370fa49df3c2253e2d3f0a98ea95325be5b349637652bd8ba7350048eac0223d6f2cb572b9032ea3299aafbd954c59ae71d7d85831f1659993deb36457e0b578d760f355c7e29e347c38c450272ae07c5f5a94fc4fbfa58daa5d4a01944afe1ea9d54fd5bfd3b4b5db2688d956dd3e56dad4e26f0faa7d1534d0ef78fdd321acc468613d33bcc694", @ANYRES32=r1], 0x119}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) fsync(r1) setsockopt$inet_udp_int(r1, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f00000005c0)={0x2}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) getsockopt$IP_VS_SO_GET_SERVICE(r3, 0x0, 0x483, &(0x7f0000000400), &(0x7f0000000540)=0x68) connect$packet(r1, &(0x7f00000000c0)={0x11, 0x1b, r4, 0x1, 0x81, 0x6, @remote}, 0x14) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f00000001c0)={0x0, @initdev, @dev}, &(0x7f0000000200)=0xc) readv(r0, &(0x7f0000000240), 0x3) flock(r0, 0x1) fsetxattr$trusted_overlay_upper(r1, &(0x7f0000000800)='trusted.overlay.upper\x00', &(0x7f00000002c0)=ANY=[@ANYRESOCT=0x0], 0x1, 0x2) r5 = fcntl$getown(r0, 0x9) ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000380)={0x3, 0x7fff, 0x3, 0x8034258, 0x3, 0x1, 0xee, 0x8, 0x6, 0x1}) shmctl$IPC_RMID(0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000500)=0x3) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0xfffffffffffffffc, &(0x7f0000000000)={0x0, 0x6, 0x4}) capget(&(0x7f0000000600)={0x20080522}, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000340)={0x3, &(0x7f0000000300)=[{0x9, 0xbbf8, 0x4, 0x2}, {0x2, 0x800, 0x4, 0x6}, {0x7, 0x1, 0x81, 0x2}]}, 0x8) getsockopt$sock_int(r1, 0x1, 0x2d, &(0x7f00000006c0), &(0x7f0000000780)=0x4) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0x5, &(0x7f0000000580)=0x1, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f00000003c0)={0x109, 0xffffffffffffffff, 0x8, 0x803, 0x3}, 0xfffffffffffffe26) getsockopt$inet6_tcp_int(r2, 0x6, 0xb, &(0x7f0000000480), &(0x7f00000004c0)=0x4) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x200000000000001, @tid=r5}) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, 0x0) 22:44:06 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, 0x0, 0x0) 22:44:06 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'tgr128\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@gettfilter={0x34, 0x2e, 0x0, 0x0, 0x0, {0x0, 0x0, {}, {0x4000000000000000}}, [{0x8}, {0x8}]}, 0x7ffff000}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 22:44:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:06 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:06 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) setxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f0000000280)='security.capability\x00', &(0x7f00000002c0)=@v3, 0x18, 0x0) getxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000040)=@known='security.capability\x00', 0x0, 0x0) 22:44:06 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, 0x0, 0x0) 22:44:06 executing program 4: socket$inet(0x2, 0x0, 0x0) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) [ 132.553799] SELinux: failed to load policy 22:44:06 executing program 2: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgget$private(0x0, 0x0) 22:44:06 executing program 3: 22:44:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:06 executing program 4: socket$inet(0x2, 0x0, 0x0) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:06 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, 0x0, 0x0) 22:44:06 executing program 3: 22:44:07 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'tgr128\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@gettfilter={0x34, 0x2e, 0x0, 0x0, 0x0, {0x0, 0x0, {}, {0x4000000000000000}}, [{0x8}, {0x8}]}, 0x7ffff000}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 22:44:07 executing program 3: 22:44:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa000000000040000300"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:07 executing program 4: socket$inet(0x2, 0x0, 0x0) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, 0x0, 0x0) 22:44:07 executing program 2: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 22:44:07 executing program 3: 22:44:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa000000000040000300"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:07 executing program 3: 22:44:07 executing program 4: sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:07 executing program 4: sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:07 executing program 5: socket$kcm(0x10, 0x2, 0x4) r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x9, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000080)=0x196, 0x4) execveat(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)=[&(0x7f00000000c0)='\x00', &(0x7f0000000100)='vmnet1:\x00', &(0x7f0000000200)='bond0\x00\x00\x00\n\x00!!\x00\x01\x00'], &(0x7f00000004c0)=[&(0x7f00000002c0)='loposix_acl_access$\x00', &(0x7f0000000300)='\x00', &(0x7f0000000380)='bond_slave_1\x00', &(0x7f00000003c0)='posix_acl_access\x00', &(0x7f0000000400)='bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff', &(0x7f0000000440)='\x00', &(0x7f0000000480)='bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff'], 0x1c00) getresuid(0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f0000000340)='./file0\x00', 0x5, 0x0, 0x0, 0x1002, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='overlay\x00', 0x10, &(0x7f0000000580)={[], [{@defcontext={'defcontext', 0x3d, 'staff_u'}}]}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$DRM_IOCTL_AGP_RELEASE(r0, 0x6431) ioctl$sock_ifreq(r1, 0x8991, &(0x7f0000000140)={'bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) 22:44:07 executing program 3: 22:44:07 executing program 4: sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa000000000040000300"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:07 executing program 2: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 22:44:07 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:07 executing program 3: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000000000)="24000000190025f0001b000400edfc0e1c0b0020e80000001009ffeb0400010010041100", 0x24) 22:44:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:08 executing program 3: [ 133.916527] overlayfs: missing 'lowerdir' [ 133.945827] audit: type=1400 audit(1555022648.044:42): avc: denied { ioctl } for pid=8086 comm="syz-executor.5" path="socket:[30926]" dev="sockfs" ino=30926 ioctlcmd=0x8991 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 22:44:08 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) [ 134.001104] bond0: Releasing backup interface bond_slave_1 [ 134.099829] overlayfs: missing 'lowerdir' 22:44:08 executing program 3: 22:44:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:08 executing program 5: socket$kcm(0x10, 0x2, 0x4) r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x9, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000080)=0x196, 0x4) execveat(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)=[&(0x7f00000000c0)='\x00', &(0x7f0000000100)='vmnet1:\x00', &(0x7f0000000200)='bond0\x00\x00\x00\n\x00!!\x00\x01\x00'], &(0x7f00000004c0)=[&(0x7f00000002c0)='loposix_acl_access$\x00', &(0x7f0000000300)='\x00', &(0x7f0000000380)='bond_slave_1\x00', &(0x7f00000003c0)='posix_acl_access\x00', &(0x7f0000000400)='bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff', &(0x7f0000000440)='\x00', &(0x7f0000000480)='bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff'], 0x1c00) getresuid(0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f0000000340)='./file0\x00', 0x5, 0x0, 0x0, 0x1002, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='overlay\x00', 0x10, &(0x7f0000000580)={[], [{@defcontext={'defcontext', 0x3d, 'staff_u'}}]}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$DRM_IOCTL_AGP_RELEASE(r0, 0x6431) ioctl$sock_ifreq(r1, 0x8991, &(0x7f0000000140)={'bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) 22:44:08 executing program 3: [ 134.170998] overlayfs: failed to resolve './file1': -2 [ 134.293730] overlayfs: missing 'lowerdir' 22:44:08 executing program 2: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 22:44:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:08 executing program 3: 22:44:08 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:08 executing program 5: socket$kcm(0x10, 0x2, 0x4) r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x9, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000080)=0x196, 0x4) execveat(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)=[&(0x7f00000000c0)='\x00', &(0x7f0000000100)='vmnet1:\x00', &(0x7f0000000200)='bond0\x00\x00\x00\n\x00!!\x00\x01\x00'], &(0x7f00000004c0)=[&(0x7f00000002c0)='loposix_acl_access$\x00', &(0x7f0000000300)='\x00', &(0x7f0000000380)='bond_slave_1\x00', &(0x7f00000003c0)='posix_acl_access\x00', &(0x7f0000000400)='bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff', &(0x7f0000000440)='\x00', &(0x7f0000000480)='bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff'], 0x1c00) getresuid(0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f0000000340)='./file0\x00', 0x5, 0x0, 0x0, 0x1002, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='overlay\x00', 0x10, &(0x7f0000000580)={[], [{@defcontext={'defcontext', 0x3d, 'staff_u'}}]}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$DRM_IOCTL_AGP_RELEASE(r0, 0x6431) ioctl$sock_ifreq(r1, 0x8991, &(0x7f0000000140)={'bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) 22:44:08 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x10, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) 22:44:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:08 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) [ 134.478583] overlayfs: missing 'lowerdir' 22:44:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff040400000000"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:08 executing program 5: socket$kcm(0x10, 0x2, 0x4) r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x9, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000080)=0x196, 0x4) execveat(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)=[&(0x7f00000000c0)='\x00', &(0x7f0000000100)='vmnet1:\x00', &(0x7f0000000200)='bond0\x00\x00\x00\n\x00!!\x00\x01\x00'], &(0x7f00000004c0)=[&(0x7f00000002c0)='loposix_acl_access$\x00', &(0x7f0000000300)='\x00', &(0x7f0000000380)='bond_slave_1\x00', &(0x7f00000003c0)='posix_acl_access\x00', &(0x7f0000000400)='bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff', &(0x7f0000000440)='\x00', &(0x7f0000000480)='bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff'], 0x1c00) getresuid(0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f0000000340)='./file0\x00', 0x5, 0x0, 0x0, 0x1002, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='overlay\x00', 0x10, &(0x7f0000000580)={[], [{@defcontext={'defcontext', 0x3d, 'staff_u'}}]}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$DRM_IOCTL_AGP_RELEASE(r0, 0x6431) ioctl$sock_ifreq(r1, 0x8991, &(0x7f0000000140)={'bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) [ 134.677958] overlayfs: missing 'lowerdir' 22:44:09 executing program 2: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) 22:44:09 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000400)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x2, 0x10000) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f00000000c0)={0x8, 0xbff, &(0x7f0000000600)="c9932b39e6887f4c7f6e27e49cb9f7ab753199050024bd3a993e440be9a3c77761c523e7fc9801dc33855f77a9531913a43fd7e95a1fcc44e3d9f0b47695ced2d7637806c25b9501c3ad9823e11b229eea68cf58bbca260d71d4a2feb61b06b1e7f68d9e02d2b94218bbe1460d13243643ceeb718272efc60a98ce51faf3d251e585c5fe56ba190822c4c40ee04cc81bacf8eb3e91c75973b182a4e72f035f29018e663238ca63cfa1ac72a5e2216ae0a926857ce6210f15778a2fbc1cc2344c3564fb50969924f6a0f02dbc8bd61ba1d0be233b79470c432aeca0e0f0df2e9861e10e0c77349eefbee2a56501be7a75bbcfd7cf2c03de0f0ae04257d7b07db40403461f3c9a71b87336e3fe206f81659646bd39095de0e3b3db8ee8c50214d43537fb703c733193c58ac8ba3ccebd0025374f250928726400d5923e0401c06aedfdaa455011ba85a355c5fd328facc75ec96ca4f200469963a8208cb505358cce4e13bd7aa0e1df844487a2e6c331a039e79265368425616b5df9bbc6141600428085827155c33de2ef5b1d533b2c7faadf2ec917b09d316cd6a808250ea798565d38ec023a8a3619e3463c0c0743397ef67b29452a63a50deb5e942a5c404561e4e46e6efe20e50f1787b308632e3d383f3f52cda263087b397b1c2ca791ab869754bff130c81a1671098e6cb071104c794de2b563ffa9a8a8db373208a43517413e11a71f224570e35bda1d65703d0632c2dd66b9a2b91e2d520c10eb42fb72bd80c1125a71493c1a2bd4382571df5384a69e30ebbaf1eb4ec66a201fc1a2242c381b2559136d6841b9236f7826e93b66bdc3c44d385fcf154c80a3216c765a8903522d714dc5078a8dbc46acb1abbe675313e238db7a1ec9507046ae3b93665cce8efe386059e7cbd5a20fdf27bb40196adfa13d99a617d3a4d1b3210e04e223e6f124adb161df04fa892447ad920125b6f3b62947fb0bbbe2fc5712b82b2f0b947dfcfe6c7c61ee326ba74f9384134c5567e15dc52a7ede6882a6dbb413c2fe3d960de7ab85cc3f485b68f5c23ea371d5e5864ba4799cbb593991ccda729eb2ac85ad1932a0551b4ebd599ce94d5b9cbe2433b6359acf9fa0789c52b2a6a1028258778ab042a94ceadde32b8d13b996f8f9091e9d9c35dcfb1cb466bdd2c061901dd3ceda78d391b4c7289b957c71fbfc641e04681d4eaa9891d4ec2d2bed8285f95d3505ab95b3136def248703bc18c20db00d5400a0967352be5b81e7e3bad88f8714cba105e6838c3f03ae60cab581d7b7709c602e7909d9a3cf4a15b8ea5fbaf05bc33dfcdcd0d6615fe86cce4ec8d8f16b461409ff91af8f59d47be014e330949709cc40925ec8bf89b3f212c270ca01215fd8da5aaaf880bd50d50498cec6bda49ba81ad9fcbbbdd35a5ff3f1c75446ab18175c75486d6a108d199bdb5ed81f1182bd5de2f76540d505586819dcf1b011bf408bb4af791a99e24a31400a2c23539c45b15753a8dbca8feae5e05550fbda922b7b2569168574d613aa0e55e92ad138b40d3f6a67cc2576094c0e444680d2778321afc9e6d0ccd0acbeaf0da384414ad901a985b6f64529345eb05febb300ee24d9e7bf23583120f9c03ddad4672257911bcc6bab78303ad56b8959097b4205b6f0cb51a4ac00a5d28d03d0a730cade04a2e89d7952cab9857b75ae230729bb9253485c74f8ced543f6d1a1f54a3f304e9f96bcd85c410593e33328c6686f1227969003a476fb1c194ee0516e03617b47a3affcb9d8a87890ef6e787004564ab27bbfabafdccbd83c83d9e2ec01f80df81b56fe6cb517a28e3e51ce1401670c8e7940df4f77f9003564fd97d8ef1c8d202fbe1f56c8ad1ef69787a7eb89e97e1a241ad9fa8390de52e922776237a6605e6bc380d10b48b27a8580f3dc35cf4bd56f6679fb33a69815bcf893f260b372cd9f6f6c2283b91a2c487cd4405ab9db1979a1212108a9ebcb36e108d77664429871c3c5a24fe645da90b837e3f305be8d6d16e81f113503fb36fca72cd856bad947a492793f427d17ce8968efac99e72caf3a7972657ff5a607006f0c590dd4504566b54c987fd1925bb8de51039e3fd1e512e97b33dd28e94dbcc3afda3311170e1a1d42a8255be7ced0b708df9fc2a9c0ad899f8922bd317b4e2968cbc794468f4c960c0fc538a68a4bb2d457480d17f7ad058ec68a9383a2228262ac0a344d21d7099fd92aeb12f8d5c898fa4ff5677ad9b6a0141983228e664d658f259199f420d596cedef0d143b077bd0e50bdbdd3b431ebe299614e56e35913edb78ca9b866cbbad039ff012f99e944031ff3fe814fe887bc66044c6c53a8f894f6ff8d70cd4afdec9794d1ac8b3104b20890bebddada4a1626f9f0e8e6a262b42cb9cbcdd77eb445883f4f097b4327fe50dadc89118b62450fee3bc6dc2ced31f672e9d535f070b78fb3545767ec230c4832ae38048a0e7eb97992d0358d46735a2f5b9d50bd61ab6eb29473a6c53ff1e0ea01e35fbeca434ef7e9eb9f78e8d2bda464925e26db6a42a738a62a723091865ae78fecc08edbe4092e782b40fc138896acaeb38662d0cc1d77b6cae8ead2be32cadd247c809af6443af34943cbfa7596991676938e488ca9739107d652bbdad70d589fd0b262a61a73ab259d78b61b48d913d221e70384289fa024f75b7bfa4605e998b643b4d06f63fec671d961903f22bca1a5b035da5c9cd3143f32e1121123a74ac7ce8dcaea7df323ee69aa1367fc823eace692c8a07f70dcc2d7310001283247d3b25bdd9dfc489d6ea3db711d794bf5330f1c603b37b79b1c87a60c10ec8bf756f919a35be9355f3e62874ee0a372fda7daf4c393094a0719804b32e89d728670cf97af6ae9911ad39e95acba32a675d8fd0cc065c673548e2481b9e9549f0cd18c5b5fe9ae391636cb3e66d7a04e4438580eac7765e7577d439b525a7bbe972fba3ff8b56b337a7ac31ee3d640e4fb6724a5f6dd120baa51236bbd1f57469f161cb106bd25c2ba70a21950216759eeacdf789b4da5be5df9f4c0c33340871961e7719607cac12287a465af4767ddf3378f6ea0e36738c65f6c2856f8bafc7341bacab9fdeb032179cf5773ab05437ce195ac7d9c2d2e6be1fcb968d03bb0b3298e7ff316f762c9efb08fbda9ba8ffe01a4ec5adecc9531e172c3ce709fc8337def7521aca88a6093b17da69a81b9d5f54390ad7407756664f16a170d9d7e4c48bd00eeb37cefed69ceac04fdb575f03ab657d6fe7365d442d2ee6f88434331d81e0dfbfc2ca2a041bf1bf3a3bf89907c881c0eb4401525394214701510a5d853b612873e479a749df09ecbaef7cc7cf9da28f28d2812f9b96ca408e4ba9fa2c5aa739de0c9b1839223e00f22b1b66d7b805e583f644f35eb02297438b053197d87c481cac5d1ff590c7d5770e1f40d7b31b48f0dbe95aa0c5a639879258c5973d285b2dad6b07c915ae1bfef0e308f028a46742c8ef2d97335a92f8004a5132f433cc7f14752cbe397180241e30dd19a2c13a793b61b5a246aabd5c393524641b5755bbedc92060a420302f12d406ee4b2cad1bd7fbdca9275c38ec941cb81a4820e7a2a682a63cf0f04d2138fdc2a33db86a16d2358b2c59aceae2d30fd48a39693f4d24611d3781d440be8d4397641f47f4932b4c8bf27e8cc2ce02eb7e089962b77f8e9a05487c191f414870d4cb34879a691894fb4f5e9238668207d3d4b908992db1f43e6974e185e3a8b2f78a0d26bd963531d40a814ddca64c2be87fad6e04807787b86002968011486f58c728b343be6b11d4e43f55fd7d32f7823c8bb2a69fa4138106d2b3d3ad85e20f37e18c963c5e581019ffc17011636ae47abb3910499ee49627c8d86cb97d9f251f2a7df896cafa44cc0a45b4b42c9fd6fb90cc31a7255d9a3fe8a19f23da0868ad5b05658c2f7a3f2733399fbbceda18228ae6bc7bcc0a13699eae86f940dbeac165000aaa859d30b5f8977d50dc44305b9b3cf9d98d0ed476355587869bc2efeec8ff172c16878f3453becb5aab108b666b6152bf2bd145c70a48e66ad9903ac231a439f7f6d500446f2d89e9292d45609b3362d228176b982a2ed203cdd11b8f3a367880641f385b885bea1a27ebc0897aecd670506f35effc3088089ed523a0f17e594891d9eb4c815997e11ba5f4842841273838126bb3fe1c00dcf9fab71fdf0adb8920d3af27c123322f47801e69ef1b6a92c77691425800c3ab3cca429c80a0cd069e9233464a501be7beaf36fd9b629a94f3daefe583dfccb2c36d779a06d9bd1d90800e6fd62229318c9f9f95c5b62302f7374344c54f28809ed7da30c6f239755ae9a146c431a68733921edf05218f1f2fb24b6a2788bb9b91a95de32cc5a6254b42b12b20f2a1c0bbb0270b461eab04e546e8336483edde2eb1fec693087d3abaf87a7d1343357a8781aa82f32956e07a9d01f134ac4ec2e6ebd07319055a4517a343c5450511b513926b54f869839cf18156ca2fc91a675dcf5fefc16f8ff1bcec61b46ccefe8ae40cedcd03b8fdd7e297125765909ae051f061290bc2aa4fcd3351ba46268282e4dddf702878389d7d5f3d24195706ead23f1a1b809ca19fd49b71128024a70fc71549e00a9531348e46f245dcda71644717666fa0df20f5a6c8bf1f3b814cffaa5599f34cbd7961212186d113b9cfbf138bc771225be2816b0751431645609bfb83529579d73bd869f1017a2f20eb142668b1395cfdc84a19747e55bfec3ce82b68a4eebf6e7cdb82d58299dcc0168bc9145d8200abaada7f246e2b6cf43fbca846d489bd4f744944ce62092b9a4c764662531f930dc3dc8dbb530a98b1fd2b0727476ba002dee743fc29891acc8bad77f38124440f959a2470b5aa88eb13c587d935bb41241eabd302a37c0d4329c82b2ecf2f614db0e4bce2eb7184ef89b40da7510c6c7e94d25738cb7bd9283a5064005d09a69108acbcb5bac57ff3613ec6a2c88508571d020f1a8b7d43082d45e4fab63b6e53edc30e6993839f74bb8d0a4bab9ea0d8176908028cad3b4c6e46ea617578fe28369a44d049580455d9073f31e5b69c8cfeb9f7fc49a943e9e09d563e2fe34636edda6aad375bda3b08a9c35d564cabe792bc24f95a02257c9f004592f2abb86c7c0d6b813558cc05f1a31b58ba234833be9201c279336a9584de948287ab7be6c4df22e615263ac211700855415841121ce38ec9257a83544d8ec4650a743156381a2a05174a7bcc8d476daefed742ff048ad11cb41a3e66c9427776afc8b3ce5ed9a44d7fb6bf32cda159c5a1b248b83e3b71bee4202dd3b270afee1a7a01c6b3bc75ab0e0080fadd4df2cf5545732a3dfa2e037fea8e9a6acefe168289e48858c9ee60cee83c41831152c2b7c9f45c3bc06a20c0f9143a651d7d7b74a7615b17e49c69ccc2d3cddf5314b9e19df136c5a3f9820452af1b30bb46594d66433e2cc355791ec9cdfaf9b7a2902e2a78777b7c216cf314264baf5fb139cd072bdced4984e4189583726c4965ef864f5931ddad3ee26259028bb5152ee2d9dc8f3ab5299963058f78db217061f717f182b7bf3ec03460345725e647d8b99eae56096c3657fd2ed566c03c78f77943c9d2ae31caffbcaef40a9248566bbb30ff72edc983af4f38111e7e2371994bf06d08380793980656ab410bb90413bce534c00c94bbe6c4c97ce22afec997e759ca7cd0ae07a89f2418dd1c98554173f3a95508c4527ae3bdf8c5a25fe29823d1d3ae03342bcc8", 0x0, 0x1000}) ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) socket$inet6(0xa, 0x803, 0x3) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x78, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x0, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd6c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a179"}, 0xd8) bind$inet(r2, &(0x7f0000000180)={0x2, 0x4e23, @dev}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e23}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000100), 0x4) dup3(r2, 0xffffffffffffffff, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_INPUT2(0xffffffffffffffff, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) 22:44:09 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x10, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) 22:44:09 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff040400000000"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:09 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff040400000000"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:09 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x10, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) 22:44:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 135.258243] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 135.295761] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 135.400464] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 22:44:09 executing program 2: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) 22:44:09 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:09 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x10, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) 22:44:09 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000400)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x2, 0x10000) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f00000000c0)={0x8, 0xbff, &(0x7f0000000600)="c9932b39e6887f4c7f6e27e49cb9f7ab753199050024bd3a993e440be9a3c77761c523e7fc9801dc33855f77a9531913a43fd7e95a1fcc44e3d9f0b47695ced2d7637806c25b9501c3ad9823e11b229eea68cf58bbca260d71d4a2feb61b06b1e7f68d9e02d2b94218bbe1460d13243643ceeb718272efc60a98ce51faf3d251e585c5fe56ba190822c4c40ee04cc81bacf8eb3e91c75973b182a4e72f035f29018e663238ca63cfa1ac72a5e2216ae0a926857ce6210f15778a2fbc1cc2344c3564fb50969924f6a0f02dbc8bd61ba1d0be233b79470c432aeca0e0f0df2e9861e10e0c77349eefbee2a56501be7a75bbcfd7cf2c03de0f0ae04257d7b07db40403461f3c9a71b87336e3fe206f81659646bd39095de0e3b3db8ee8c50214d43537fb703c733193c58ac8ba3ccebd0025374f250928726400d5923e0401c06aedfdaa455011ba85a355c5fd328facc75ec96ca4f200469963a8208cb505358cce4e13bd7aa0e1df844487a2e6c331a039e79265368425616b5df9bbc6141600428085827155c33de2ef5b1d533b2c7faadf2ec917b09d316cd6a808250ea798565d38ec023a8a3619e3463c0c0743397ef67b29452a63a50deb5e942a5c404561e4e46e6efe20e50f1787b308632e3d383f3f52cda263087b397b1c2ca791ab869754bff130c81a1671098e6cb071104c794de2b563ffa9a8a8db373208a43517413e11a71f224570e35bda1d65703d0632c2dd66b9a2b91e2d520c10eb42fb72bd80c1125a71493c1a2bd4382571df5384a69e30ebbaf1eb4ec66a201fc1a2242c381b2559136d6841b9236f7826e93b66bdc3c44d385fcf154c80a3216c765a8903522d714dc5078a8dbc46acb1abbe675313e238db7a1ec9507046ae3b93665cce8efe386059e7cbd5a20fdf27bb40196adfa13d99a617d3a4d1b3210e04e223e6f124adb161df04fa892447ad920125b6f3b62947fb0bbbe2fc5712b82b2f0b947dfcfe6c7c61ee326ba74f9384134c5567e15dc52a7ede6882a6dbb413c2fe3d960de7ab85cc3f485b68f5c23ea371d5e5864ba4799cbb593991ccda729eb2ac85ad1932a0551b4ebd599ce94d5b9cbe2433b6359acf9fa0789c52b2a6a1028258778ab042a94ceadde32b8d13b996f8f9091e9d9c35dcfb1cb466bdd2c061901dd3ceda78d391b4c7289b957c71fbfc641e04681d4eaa9891d4ec2d2bed8285f95d3505ab95b3136def248703bc18c20db00d5400a0967352be5b81e7e3bad88f8714cba105e6838c3f03ae60cab581d7b7709c602e7909d9a3cf4a15b8ea5fbaf05bc33dfcdcd0d6615fe86cce4ec8d8f16b461409ff91af8f59d47be014e330949709cc40925ec8bf89b3f212c270ca01215fd8da5aaaf880bd50d50498cec6bda49ba81ad9fcbbbdd35a5ff3f1c75446ab18175c75486d6a108d199bdb5ed81f1182bd5de2f76540d505586819dcf1b011bf408bb4af791a99e24a31400a2c23539c45b15753a8dbca8feae5e05550fbda922b7b2569168574d613aa0e55e92ad138b40d3f6a67cc2576094c0e444680d2778321afc9e6d0ccd0acbeaf0da384414ad901a985b6f64529345eb05febb300ee24d9e7bf23583120f9c03ddad4672257911bcc6bab78303ad56b8959097b4205b6f0cb51a4ac00a5d28d03d0a730cade04a2e89d7952cab9857b75ae230729bb9253485c74f8ced543f6d1a1f54a3f304e9f96bcd85c410593e33328c6686f1227969003a476fb1c194ee0516e03617b47a3affcb9d8a87890ef6e787004564ab27bbfabafdccbd83c83d9e2ec01f80df81b56fe6cb517a28e3e51ce1401670c8e7940df4f77f9003564fd97d8ef1c8d202fbe1f56c8ad1ef69787a7eb89e97e1a241ad9fa8390de52e922776237a6605e6bc380d10b48b27a8580f3dc35cf4bd56f6679fb33a69815bcf893f260b372cd9f6f6c2283b91a2c487cd4405ab9db1979a1212108a9ebcb36e108d77664429871c3c5a24fe645da90b837e3f305be8d6d16e81f113503fb36fca72cd856bad947a492793f427d17ce8968efac99e72caf3a7972657ff5a607006f0c590dd4504566b54c987fd1925bb8de51039e3fd1e512e97b33dd28e94dbcc3afda3311170e1a1d42a8255be7ced0b708df9fc2a9c0ad899f8922bd317b4e2968cbc794468f4c960c0fc538a68a4bb2d457480d17f7ad058ec68a9383a2228262ac0a344d21d7099fd92aeb12f8d5c898fa4ff5677ad9b6a0141983228e664d658f259199f420d596cedef0d143b077bd0e50bdbdd3b431ebe299614e56e35913edb78ca9b866cbbad039ff012f99e944031ff3fe814fe887bc66044c6c53a8f894f6ff8d70cd4afdec9794d1ac8b3104b20890bebddada4a1626f9f0e8e6a262b42cb9cbcdd77eb445883f4f097b4327fe50dadc89118b62450fee3bc6dc2ced31f672e9d535f070b78fb3545767ec230c4832ae38048a0e7eb97992d0358d46735a2f5b9d50bd61ab6eb29473a6c53ff1e0ea01e35fbeca434ef7e9eb9f78e8d2bda464925e26db6a42a738a62a723091865ae78fecc08edbe4092e782b40fc138896acaeb38662d0cc1d77b6cae8ead2be32cadd247c809af6443af34943cbfa7596991676938e488ca9739107d652bbdad70d589fd0b262a61a73ab259d78b61b48d913d221e70384289fa024f75b7bfa4605e998b643b4d06f63fec671d961903f22bca1a5b035da5c9cd3143f32e1121123a74ac7ce8dcaea7df323ee69aa1367fc823eace692c8a07f70dcc2d7310001283247d3b25bdd9dfc489d6ea3db711d794bf5330f1c603b37b79b1c87a60c10ec8bf756f919a35be9355f3e62874ee0a372fda7daf4c393094a0719804b32e89d728670cf97af6ae9911ad39e95acba32a675d8fd0cc065c673548e2481b9e9549f0cd18c5b5fe9ae391636cb3e66d7a04e4438580eac7765e7577d439b525a7bbe972fba3ff8b56b337a7ac31ee3d640e4fb6724a5f6dd120baa51236bbd1f57469f161cb106bd25c2ba70a21950216759eeacdf789b4da5be5df9f4c0c33340871961e7719607cac12287a465af4767ddf3378f6ea0e36738c65f6c2856f8bafc7341bacab9fdeb032179cf5773ab05437ce195ac7d9c2d2e6be1fcb968d03bb0b3298e7ff316f762c9efb08fbda9ba8ffe01a4ec5adecc9531e172c3ce709fc8337def7521aca88a6093b17da69a81b9d5f54390ad7407756664f16a170d9d7e4c48bd00eeb37cefed69ceac04fdb575f03ab657d6fe7365d442d2ee6f88434331d81e0dfbfc2ca2a041bf1bf3a3bf89907c881c0eb4401525394214701510a5d853b612873e479a749df09ecbaef7cc7cf9da28f28d2812f9b96ca408e4ba9fa2c5aa739de0c9b1839223e00f22b1b66d7b805e583f644f35eb02297438b053197d87c481cac5d1ff590c7d5770e1f40d7b31b48f0dbe95aa0c5a639879258c5973d285b2dad6b07c915ae1bfef0e308f028a46742c8ef2d97335a92f8004a5132f433cc7f14752cbe397180241e30dd19a2c13a793b61b5a246aabd5c393524641b5755bbedc92060a420302f12d406ee4b2cad1bd7fbdca9275c38ec941cb81a4820e7a2a682a63cf0f04d2138fdc2a33db86a16d2358b2c59aceae2d30fd48a39693f4d24611d3781d440be8d4397641f47f4932b4c8bf27e8cc2ce02eb7e089962b77f8e9a05487c191f414870d4cb34879a691894fb4f5e9238668207d3d4b908992db1f43e6974e185e3a8b2f78a0d26bd963531d40a814ddca64c2be87fad6e04807787b86002968011486f58c728b343be6b11d4e43f55fd7d32f7823c8bb2a69fa4138106d2b3d3ad85e20f37e18c963c5e581019ffc17011636ae47abb3910499ee49627c8d86cb97d9f251f2a7df896cafa44cc0a45b4b42c9fd6fb90cc31a7255d9a3fe8a19f23da0868ad5b05658c2f7a3f2733399fbbceda18228ae6bc7bcc0a13699eae86f940dbeac165000aaa859d30b5f8977d50dc44305b9b3cf9d98d0ed476355587869bc2efeec8ff172c16878f3453becb5aab108b666b6152bf2bd145c70a48e66ad9903ac231a439f7f6d500446f2d89e9292d45609b3362d228176b982a2ed203cdd11b8f3a367880641f385b885bea1a27ebc0897aecd670506f35effc3088089ed523a0f17e594891d9eb4c815997e11ba5f4842841273838126bb3fe1c00dcf9fab71fdf0adb8920d3af27c123322f47801e69ef1b6a92c77691425800c3ab3cca429c80a0cd069e9233464a501be7beaf36fd9b629a94f3daefe583dfccb2c36d779a06d9bd1d90800e6fd62229318c9f9f95c5b62302f7374344c54f28809ed7da30c6f239755ae9a146c431a68733921edf05218f1f2fb24b6a2788bb9b91a95de32cc5a6254b42b12b20f2a1c0bbb0270b461eab04e546e8336483edde2eb1fec693087d3abaf87a7d1343357a8781aa82f32956e07a9d01f134ac4ec2e6ebd07319055a4517a343c5450511b513926b54f869839cf18156ca2fc91a675dcf5fefc16f8ff1bcec61b46ccefe8ae40cedcd03b8fdd7e297125765909ae051f061290bc2aa4fcd3351ba46268282e4dddf702878389d7d5f3d24195706ead23f1a1b809ca19fd49b71128024a70fc71549e00a9531348e46f245dcda71644717666fa0df20f5a6c8bf1f3b814cffaa5599f34cbd7961212186d113b9cfbf138bc771225be2816b0751431645609bfb83529579d73bd869f1017a2f20eb142668b1395cfdc84a19747e55bfec3ce82b68a4eebf6e7cdb82d58299dcc0168bc9145d8200abaada7f246e2b6cf43fbca846d489bd4f744944ce62092b9a4c764662531f930dc3dc8dbb530a98b1fd2b0727476ba002dee743fc29891acc8bad77f38124440f959a2470b5aa88eb13c587d935bb41241eabd302a37c0d4329c82b2ecf2f614db0e4bce2eb7184ef89b40da7510c6c7e94d25738cb7bd9283a5064005d09a69108acbcb5bac57ff3613ec6a2c88508571d020f1a8b7d43082d45e4fab63b6e53edc30e6993839f74bb8d0a4bab9ea0d8176908028cad3b4c6e46ea617578fe28369a44d049580455d9073f31e5b69c8cfeb9f7fc49a943e9e09d563e2fe34636edda6aad375bda3b08a9c35d564cabe792bc24f95a02257c9f004592f2abb86c7c0d6b813558cc05f1a31b58ba234833be9201c279336a9584de948287ab7be6c4df22e615263ac211700855415841121ce38ec9257a83544d8ec4650a743156381a2a05174a7bcc8d476daefed742ff048ad11cb41a3e66c9427776afc8b3ce5ed9a44d7fb6bf32cda159c5a1b248b83e3b71bee4202dd3b270afee1a7a01c6b3bc75ab0e0080fadd4df2cf5545732a3dfa2e037fea8e9a6acefe168289e48858c9ee60cee83c41831152c2b7c9f45c3bc06a20c0f9143a651d7d7b74a7615b17e49c69ccc2d3cddf5314b9e19df136c5a3f9820452af1b30bb46594d66433e2cc355791ec9cdfaf9b7a2902e2a78777b7c216cf314264baf5fb139cd072bdced4984e4189583726c4965ef864f5931ddad3ee26259028bb5152ee2d9dc8f3ab5299963058f78db217061f717f182b7bf3ec03460345725e647d8b99eae56096c3657fd2ed566c03c78f77943c9d2ae31caffbcaef40a9248566bbb30ff72edc983af4f38111e7e2371994bf06d08380793980656ab410bb90413bce534c00c94bbe6c4c97ce22afec997e759ca7cd0ae07a89f2418dd1c98554173f3a95508c4527ae3bdf8c5a25fe29823d1d3ae03342bcc8", 0x0, 0x1000}) ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) socket$inet6(0xa, 0x803, 0x3) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x78, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x0, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd6c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a179"}, 0xd8) bind$inet(r2, &(0x7f0000000180)={0x2, 0x4e23, @dev}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e23}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000100), 0x4) dup3(r2, 0xffffffffffffffff, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_INPUT2(0xffffffffffffffff, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) 22:44:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:09 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:09 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000400)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x2, 0x10000) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f00000000c0)={0x8, 0xbff, &(0x7f0000000600)="c9932b39e6887f4c7f6e27e49cb9f7ab753199050024bd3a993e440be9a3c77761c523e7fc9801dc33855f77a9531913a43fd7e95a1fcc44e3d9f0b47695ced2d7637806c25b9501c3ad9823e11b229eea68cf58bbca260d71d4a2feb61b06b1e7f68d9e02d2b94218bbe1460d13243643ceeb718272efc60a98ce51faf3d251e585c5fe56ba190822c4c40ee04cc81bacf8eb3e91c75973b182a4e72f035f29018e663238ca63cfa1ac72a5e2216ae0a926857ce6210f15778a2fbc1cc2344c3564fb50969924f6a0f02dbc8bd61ba1d0be233b79470c432aeca0e0f0df2e9861e10e0c77349eefbee2a56501be7a75bbcfd7cf2c03de0f0ae04257d7b07db40403461f3c9a71b87336e3fe206f81659646bd39095de0e3b3db8ee8c50214d43537fb703c733193c58ac8ba3ccebd0025374f250928726400d5923e0401c06aedfdaa455011ba85a355c5fd328facc75ec96ca4f200469963a8208cb505358cce4e13bd7aa0e1df844487a2e6c331a039e79265368425616b5df9bbc6141600428085827155c33de2ef5b1d533b2c7faadf2ec917b09d316cd6a808250ea798565d38ec023a8a3619e3463c0c0743397ef67b29452a63a50deb5e942a5c404561e4e46e6efe20e50f1787b308632e3d383f3f52cda263087b397b1c2ca791ab869754bff130c81a1671098e6cb071104c794de2b563ffa9a8a8db373208a43517413e11a71f224570e35bda1d65703d0632c2dd66b9a2b91e2d520c10eb42fb72bd80c1125a71493c1a2bd4382571df5384a69e30ebbaf1eb4ec66a201fc1a2242c381b2559136d6841b9236f7826e93b66bdc3c44d385fcf154c80a3216c765a8903522d714dc5078a8dbc46acb1abbe675313e238db7a1ec9507046ae3b93665cce8efe386059e7cbd5a20fdf27bb40196adfa13d99a617d3a4d1b3210e04e223e6f124adb161df04fa892447ad920125b6f3b62947fb0bbbe2fc5712b82b2f0b947dfcfe6c7c61ee326ba74f9384134c5567e15dc52a7ede6882a6dbb413c2fe3d960de7ab85cc3f485b68f5c23ea371d5e5864ba4799cbb593991ccda729eb2ac85ad1932a0551b4ebd599ce94d5b9cbe2433b6359acf9fa0789c52b2a6a1028258778ab042a94ceadde32b8d13b996f8f9091e9d9c35dcfb1cb466bdd2c061901dd3ceda78d391b4c7289b957c71fbfc641e04681d4eaa9891d4ec2d2bed8285f95d3505ab95b3136def248703bc18c20db00d5400a0967352be5b81e7e3bad88f8714cba105e6838c3f03ae60cab581d7b7709c602e7909d9a3cf4a15b8ea5fbaf05bc33dfcdcd0d6615fe86cce4ec8d8f16b461409ff91af8f59d47be014e330949709cc40925ec8bf89b3f212c270ca01215fd8da5aaaf880bd50d50498cec6bda49ba81ad9fcbbbdd35a5ff3f1c75446ab18175c75486d6a108d199bdb5ed81f1182bd5de2f76540d505586819dcf1b011bf408bb4af791a99e24a31400a2c23539c45b15753a8dbca8feae5e05550fbda922b7b2569168574d613aa0e55e92ad138b40d3f6a67cc2576094c0e444680d2778321afc9e6d0ccd0acbeaf0da384414ad901a985b6f64529345eb05febb300ee24d9e7bf23583120f9c03ddad4672257911bcc6bab78303ad56b8959097b4205b6f0cb51a4ac00a5d28d03d0a730cade04a2e89d7952cab9857b75ae230729bb9253485c74f8ced543f6d1a1f54a3f304e9f96bcd85c410593e33328c6686f1227969003a476fb1c194ee0516e03617b47a3affcb9d8a87890ef6e787004564ab27bbfabafdccbd83c83d9e2ec01f80df81b56fe6cb517a28e3e51ce1401670c8e7940df4f77f9003564fd97d8ef1c8d202fbe1f56c8ad1ef69787a7eb89e97e1a241ad9fa8390de52e922776237a6605e6bc380d10b48b27a8580f3dc35cf4bd56f6679fb33a69815bcf893f260b372cd9f6f6c2283b91a2c487cd4405ab9db1979a1212108a9ebcb36e108d77664429871c3c5a24fe645da90b837e3f305be8d6d16e81f113503fb36fca72cd856bad947a492793f427d17ce8968efac99e72caf3a7972657ff5a607006f0c590dd4504566b54c987fd1925bb8de51039e3fd1e512e97b33dd28e94dbcc3afda3311170e1a1d42a8255be7ced0b708df9fc2a9c0ad899f8922bd317b4e2968cbc794468f4c960c0fc538a68a4bb2d457480d17f7ad058ec68a9383a2228262ac0a344d21d7099fd92aeb12f8d5c898fa4ff5677ad9b6a0141983228e664d658f259199f420d596cedef0d143b077bd0e50bdbdd3b431ebe299614e56e35913edb78ca9b866cbbad039ff012f99e944031ff3fe814fe887bc66044c6c53a8f894f6ff8d70cd4afdec9794d1ac8b3104b20890bebddada4a1626f9f0e8e6a262b42cb9cbcdd77eb445883f4f097b4327fe50dadc89118b62450fee3bc6dc2ced31f672e9d535f070b78fb3545767ec230c4832ae38048a0e7eb97992d0358d46735a2f5b9d50bd61ab6eb29473a6c53ff1e0ea01e35fbeca434ef7e9eb9f78e8d2bda464925e26db6a42a738a62a723091865ae78fecc08edbe4092e782b40fc138896acaeb38662d0cc1d77b6cae8ead2be32cadd247c809af6443af34943cbfa7596991676938e488ca9739107d652bbdad70d589fd0b262a61a73ab259d78b61b48d913d221e70384289fa024f75b7bfa4605e998b643b4d06f63fec671d961903f22bca1a5b035da5c9cd3143f32e1121123a74ac7ce8dcaea7df323ee69aa1367fc823eace692c8a07f70dcc2d7310001283247d3b25bdd9dfc489d6ea3db711d794bf5330f1c603b37b79b1c87a60c10ec8bf756f919a35be9355f3e62874ee0a372fda7daf4c393094a0719804b32e89d728670cf97af6ae9911ad39e95acba32a675d8fd0cc065c673548e2481b9e9549f0cd18c5b5fe9ae391636cb3e66d7a04e4438580eac7765e7577d439b525a7bbe972fba3ff8b56b337a7ac31ee3d640e4fb6724a5f6dd120baa51236bbd1f57469f161cb106bd25c2ba70a21950216759eeacdf789b4da5be5df9f4c0c33340871961e7719607cac12287a465af4767ddf3378f6ea0e36738c65f6c2856f8bafc7341bacab9fdeb032179cf5773ab05437ce195ac7d9c2d2e6be1fcb968d03bb0b3298e7ff316f762c9efb08fbda9ba8ffe01a4ec5adecc9531e172c3ce709fc8337def7521aca88a6093b17da69a81b9d5f54390ad7407756664f16a170d9d7e4c48bd00eeb37cefed69ceac04fdb575f03ab657d6fe7365d442d2ee6f88434331d81e0dfbfc2ca2a041bf1bf3a3bf89907c881c0eb4401525394214701510a5d853b612873e479a749df09ecbaef7cc7cf9da28f28d2812f9b96ca408e4ba9fa2c5aa739de0c9b1839223e00f22b1b66d7b805e583f644f35eb02297438b053197d87c481cac5d1ff590c7d5770e1f40d7b31b48f0dbe95aa0c5a639879258c5973d285b2dad6b07c915ae1bfef0e308f028a46742c8ef2d97335a92f8004a5132f433cc7f14752cbe397180241e30dd19a2c13a793b61b5a246aabd5c393524641b5755bbedc92060a420302f12d406ee4b2cad1bd7fbdca9275c38ec941cb81a4820e7a2a682a63cf0f04d2138fdc2a33db86a16d2358b2c59aceae2d30fd48a39693f4d24611d3781d440be8d4397641f47f4932b4c8bf27e8cc2ce02eb7e089962b77f8e9a05487c191f414870d4cb34879a691894fb4f5e9238668207d3d4b908992db1f43e6974e185e3a8b2f78a0d26bd963531d40a814ddca64c2be87fad6e04807787b86002968011486f58c728b343be6b11d4e43f55fd7d32f7823c8bb2a69fa4138106d2b3d3ad85e20f37e18c963c5e581019ffc17011636ae47abb3910499ee49627c8d86cb97d9f251f2a7df896cafa44cc0a45b4b42c9fd6fb90cc31a7255d9a3fe8a19f23da0868ad5b05658c2f7a3f2733399fbbceda18228ae6bc7bcc0a13699eae86f940dbeac165000aaa859d30b5f8977d50dc44305b9b3cf9d98d0ed476355587869bc2efeec8ff172c16878f3453becb5aab108b666b6152bf2bd145c70a48e66ad9903ac231a439f7f6d500446f2d89e9292d45609b3362d228176b982a2ed203cdd11b8f3a367880641f385b885bea1a27ebc0897aecd670506f35effc3088089ed523a0f17e594891d9eb4c815997e11ba5f4842841273838126bb3fe1c00dcf9fab71fdf0adb8920d3af27c123322f47801e69ef1b6a92c77691425800c3ab3cca429c80a0cd069e9233464a501be7beaf36fd9b629a94f3daefe583dfccb2c36d779a06d9bd1d90800e6fd62229318c9f9f95c5b62302f7374344c54f28809ed7da30c6f239755ae9a146c431a68733921edf05218f1f2fb24b6a2788bb9b91a95de32cc5a6254b42b12b20f2a1c0bbb0270b461eab04e546e8336483edde2eb1fec693087d3abaf87a7d1343357a8781aa82f32956e07a9d01f134ac4ec2e6ebd07319055a4517a343c5450511b513926b54f869839cf18156ca2fc91a675dcf5fefc16f8ff1bcec61b46ccefe8ae40cedcd03b8fdd7e297125765909ae051f061290bc2aa4fcd3351ba46268282e4dddf702878389d7d5f3d24195706ead23f1a1b809ca19fd49b71128024a70fc71549e00a9531348e46f245dcda71644717666fa0df20f5a6c8bf1f3b814cffaa5599f34cbd7961212186d113b9cfbf138bc771225be2816b0751431645609bfb83529579d73bd869f1017a2f20eb142668b1395cfdc84a19747e55bfec3ce82b68a4eebf6e7cdb82d58299dcc0168bc9145d8200abaada7f246e2b6cf43fbca846d489bd4f744944ce62092b9a4c764662531f930dc3dc8dbb530a98b1fd2b0727476ba002dee743fc29891acc8bad77f38124440f959a2470b5aa88eb13c587d935bb41241eabd302a37c0d4329c82b2ecf2f614db0e4bce2eb7184ef89b40da7510c6c7e94d25738cb7bd9283a5064005d09a69108acbcb5bac57ff3613ec6a2c88508571d020f1a8b7d43082d45e4fab63b6e53edc30e6993839f74bb8d0a4bab9ea0d8176908028cad3b4c6e46ea617578fe28369a44d049580455d9073f31e5b69c8cfeb9f7fc49a943e9e09d563e2fe34636edda6aad375bda3b08a9c35d564cabe792bc24f95a02257c9f004592f2abb86c7c0d6b813558cc05f1a31b58ba234833be9201c279336a9584de948287ab7be6c4df22e615263ac211700855415841121ce38ec9257a83544d8ec4650a743156381a2a05174a7bcc8d476daefed742ff048ad11cb41a3e66c9427776afc8b3ce5ed9a44d7fb6bf32cda159c5a1b248b83e3b71bee4202dd3b270afee1a7a01c6b3bc75ab0e0080fadd4df2cf5545732a3dfa2e037fea8e9a6acefe168289e48858c9ee60cee83c41831152c2b7c9f45c3bc06a20c0f9143a651d7d7b74a7615b17e49c69ccc2d3cddf5314b9e19df136c5a3f9820452af1b30bb46594d66433e2cc355791ec9cdfaf9b7a2902e2a78777b7c216cf314264baf5fb139cd072bdced4984e4189583726c4965ef864f5931ddad3ee26259028bb5152ee2d9dc8f3ab5299963058f78db217061f717f182b7bf3ec03460345725e647d8b99eae56096c3657fd2ed566c03c78f77943c9d2ae31caffbcaef40a9248566bbb30ff72edc983af4f38111e7e2371994bf06d08380793980656ab410bb90413bce534c00c94bbe6c4c97ce22afec997e759ca7cd0ae07a89f2418dd1c98554173f3a95508c4527ae3bdf8c5a25fe29823d1d3ae03342bcc8", 0x0, 0x1000}) ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) socket$inet6(0xa, 0x803, 0x3) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x78, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x0, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd6c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a179"}, 0xd8) bind$inet(r2, &(0x7f0000000180)={0x2, 0x4e23, @dev}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e23}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000100), 0x4) dup3(r2, 0xffffffffffffffff, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_INPUT2(0xffffffffffffffff, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) [ 135.662281] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 22:44:09 executing program 0: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) [ 135.775098] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 135.926148] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 135.936982] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 136.001943] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 22:44:10 executing program 2: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) 22:44:10 executing program 0: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:10 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a000000"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:10 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000400)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x2, 0x10000) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f00000000c0)={0x8, 0xbff, &(0x7f0000000600)="c9932b39e6887f4c7f6e27e49cb9f7ab753199050024bd3a993e440be9a3c77761c523e7fc9801dc33855f77a9531913a43fd7e95a1fcc44e3d9f0b47695ced2d7637806c25b9501c3ad9823e11b229eea68cf58bbca260d71d4a2feb61b06b1e7f68d9e02d2b94218bbe1460d13243643ceeb718272efc60a98ce51faf3d251e585c5fe56ba190822c4c40ee04cc81bacf8eb3e91c75973b182a4e72f035f29018e663238ca63cfa1ac72a5e2216ae0a926857ce6210f15778a2fbc1cc2344c3564fb50969924f6a0f02dbc8bd61ba1d0be233b79470c432aeca0e0f0df2e9861e10e0c77349eefbee2a56501be7a75bbcfd7cf2c03de0f0ae04257d7b07db40403461f3c9a71b87336e3fe206f81659646bd39095de0e3b3db8ee8c50214d43537fb703c733193c58ac8ba3ccebd0025374f250928726400d5923e0401c06aedfdaa455011ba85a355c5fd328facc75ec96ca4f200469963a8208cb505358cce4e13bd7aa0e1df844487a2e6c331a039e79265368425616b5df9bbc6141600428085827155c33de2ef5b1d533b2c7faadf2ec917b09d316cd6a808250ea798565d38ec023a8a3619e3463c0c0743397ef67b29452a63a50deb5e942a5c404561e4e46e6efe20e50f1787b308632e3d383f3f52cda263087b397b1c2ca791ab869754bff130c81a1671098e6cb071104c794de2b563ffa9a8a8db373208a43517413e11a71f224570e35bda1d65703d0632c2dd66b9a2b91e2d520c10eb42fb72bd80c1125a71493c1a2bd4382571df5384a69e30ebbaf1eb4ec66a201fc1a2242c381b2559136d6841b9236f7826e93b66bdc3c44d385fcf154c80a3216c765a8903522d714dc5078a8dbc46acb1abbe675313e238db7a1ec9507046ae3b93665cce8efe386059e7cbd5a20fdf27bb40196adfa13d99a617d3a4d1b3210e04e223e6f124adb161df04fa892447ad920125b6f3b62947fb0bbbe2fc5712b82b2f0b947dfcfe6c7c61ee326ba74f9384134c5567e15dc52a7ede6882a6dbb413c2fe3d960de7ab85cc3f485b68f5c23ea371d5e5864ba4799cbb593991ccda729eb2ac85ad1932a0551b4ebd599ce94d5b9cbe2433b6359acf9fa0789c52b2a6a1028258778ab042a94ceadde32b8d13b996f8f9091e9d9c35dcfb1cb466bdd2c061901dd3ceda78d391b4c7289b957c71fbfc641e04681d4eaa9891d4ec2d2bed8285f95d3505ab95b3136def248703bc18c20db00d5400a0967352be5b81e7e3bad88f8714cba105e6838c3f03ae60cab581d7b7709c602e7909d9a3cf4a15b8ea5fbaf05bc33dfcdcd0d6615fe86cce4ec8d8f16b461409ff91af8f59d47be014e330949709cc40925ec8bf89b3f212c270ca01215fd8da5aaaf880bd50d50498cec6bda49ba81ad9fcbbbdd35a5ff3f1c75446ab18175c75486d6a108d199bdb5ed81f1182bd5de2f76540d505586819dcf1b011bf408bb4af791a99e24a31400a2c23539c45b15753a8dbca8feae5e05550fbda922b7b2569168574d613aa0e55e92ad138b40d3f6a67cc2576094c0e444680d2778321afc9e6d0ccd0acbeaf0da384414ad901a985b6f64529345eb05febb300ee24d9e7bf23583120f9c03ddad4672257911bcc6bab78303ad56b8959097b4205b6f0cb51a4ac00a5d28d03d0a730cade04a2e89d7952cab9857b75ae230729bb9253485c74f8ced543f6d1a1f54a3f304e9f96bcd85c410593e33328c6686f1227969003a476fb1c194ee0516e03617b47a3affcb9d8a87890ef6e787004564ab27bbfabafdccbd83c83d9e2ec01f80df81b56fe6cb517a28e3e51ce1401670c8e7940df4f77f9003564fd97d8ef1c8d202fbe1f56c8ad1ef69787a7eb89e97e1a241ad9fa8390de52e922776237a6605e6bc380d10b48b27a8580f3dc35cf4bd56f6679fb33a69815bcf893f260b372cd9f6f6c2283b91a2c487cd4405ab9db1979a1212108a9ebcb36e108d77664429871c3c5a24fe645da90b837e3f305be8d6d16e81f113503fb36fca72cd856bad947a492793f427d17ce8968efac99e72caf3a7972657ff5a607006f0c590dd4504566b54c987fd1925bb8de51039e3fd1e512e97b33dd28e94dbcc3afda3311170e1a1d42a8255be7ced0b708df9fc2a9c0ad899f8922bd317b4e2968cbc794468f4c960c0fc538a68a4bb2d457480d17f7ad058ec68a9383a2228262ac0a344d21d7099fd92aeb12f8d5c898fa4ff5677ad9b6a0141983228e664d658f259199f420d596cedef0d143b077bd0e50bdbdd3b431ebe299614e56e35913edb78ca9b866cbbad039ff012f99e944031ff3fe814fe887bc66044c6c53a8f894f6ff8d70cd4afdec9794d1ac8b3104b20890bebddada4a1626f9f0e8e6a262b42cb9cbcdd77eb445883f4f097b4327fe50dadc89118b62450fee3bc6dc2ced31f672e9d535f070b78fb3545767ec230c4832ae38048a0e7eb97992d0358d46735a2f5b9d50bd61ab6eb29473a6c53ff1e0ea01e35fbeca434ef7e9eb9f78e8d2bda464925e26db6a42a738a62a723091865ae78fecc08edbe4092e782b40fc138896acaeb38662d0cc1d77b6cae8ead2be32cadd247c809af6443af34943cbfa7596991676938e488ca9739107d652bbdad70d589fd0b262a61a73ab259d78b61b48d913d221e70384289fa024f75b7bfa4605e998b643b4d06f63fec671d961903f22bca1a5b035da5c9cd3143f32e1121123a74ac7ce8dcaea7df323ee69aa1367fc823eace692c8a07f70dcc2d7310001283247d3b25bdd9dfc489d6ea3db711d794bf5330f1c603b37b79b1c87a60c10ec8bf756f919a35be9355f3e62874ee0a372fda7daf4c393094a0719804b32e89d728670cf97af6ae9911ad39e95acba32a675d8fd0cc065c673548e2481b9e9549f0cd18c5b5fe9ae391636cb3e66d7a04e4438580eac7765e7577d439b525a7bbe972fba3ff8b56b337a7ac31ee3d640e4fb6724a5f6dd120baa51236bbd1f57469f161cb106bd25c2ba70a21950216759eeacdf789b4da5be5df9f4c0c33340871961e7719607cac12287a465af4767ddf3378f6ea0e36738c65f6c2856f8bafc7341bacab9fdeb032179cf5773ab05437ce195ac7d9c2d2e6be1fcb968d03bb0b3298e7ff316f762c9efb08fbda9ba8ffe01a4ec5adecc9531e172c3ce709fc8337def7521aca88a6093b17da69a81b9d5f54390ad7407756664f16a170d9d7e4c48bd00eeb37cefed69ceac04fdb575f03ab657d6fe7365d442d2ee6f88434331d81e0dfbfc2ca2a041bf1bf3a3bf89907c881c0eb4401525394214701510a5d853b612873e479a749df09ecbaef7cc7cf9da28f28d2812f9b96ca408e4ba9fa2c5aa739de0c9b1839223e00f22b1b66d7b805e583f644f35eb02297438b053197d87c481cac5d1ff590c7d5770e1f40d7b31b48f0dbe95aa0c5a639879258c5973d285b2dad6b07c915ae1bfef0e308f028a46742c8ef2d97335a92f8004a5132f433cc7f14752cbe397180241e30dd19a2c13a793b61b5a246aabd5c393524641b5755bbedc92060a420302f12d406ee4b2cad1bd7fbdca9275c38ec941cb81a4820e7a2a682a63cf0f04d2138fdc2a33db86a16d2358b2c59aceae2d30fd48a39693f4d24611d3781d440be8d4397641f47f4932b4c8bf27e8cc2ce02eb7e089962b77f8e9a05487c191f414870d4cb34879a691894fb4f5e9238668207d3d4b908992db1f43e6974e185e3a8b2f78a0d26bd963531d40a814ddca64c2be87fad6e04807787b86002968011486f58c728b343be6b11d4e43f55fd7d32f7823c8bb2a69fa4138106d2b3d3ad85e20f37e18c963c5e581019ffc17011636ae47abb3910499ee49627c8d86cb97d9f251f2a7df896cafa44cc0a45b4b42c9fd6fb90cc31a7255d9a3fe8a19f23da0868ad5b05658c2f7a3f2733399fbbceda18228ae6bc7bcc0a13699eae86f940dbeac165000aaa859d30b5f8977d50dc44305b9b3cf9d98d0ed476355587869bc2efeec8ff172c16878f3453becb5aab108b666b6152bf2bd145c70a48e66ad9903ac231a439f7f6d500446f2d89e9292d45609b3362d228176b982a2ed203cdd11b8f3a367880641f385b885bea1a27ebc0897aecd670506f35effc3088089ed523a0f17e594891d9eb4c815997e11ba5f4842841273838126bb3fe1c00dcf9fab71fdf0adb8920d3af27c123322f47801e69ef1b6a92c77691425800c3ab3cca429c80a0cd069e9233464a501be7beaf36fd9b629a94f3daefe583dfccb2c36d779a06d9bd1d90800e6fd62229318c9f9f95c5b62302f7374344c54f28809ed7da30c6f239755ae9a146c431a68733921edf05218f1f2fb24b6a2788bb9b91a95de32cc5a6254b42b12b20f2a1c0bbb0270b461eab04e546e8336483edde2eb1fec693087d3abaf87a7d1343357a8781aa82f32956e07a9d01f134ac4ec2e6ebd07319055a4517a343c5450511b513926b54f869839cf18156ca2fc91a675dcf5fefc16f8ff1bcec61b46ccefe8ae40cedcd03b8fdd7e297125765909ae051f061290bc2aa4fcd3351ba46268282e4dddf702878389d7d5f3d24195706ead23f1a1b809ca19fd49b71128024a70fc71549e00a9531348e46f245dcda71644717666fa0df20f5a6c8bf1f3b814cffaa5599f34cbd7961212186d113b9cfbf138bc771225be2816b0751431645609bfb83529579d73bd869f1017a2f20eb142668b1395cfdc84a19747e55bfec3ce82b68a4eebf6e7cdb82d58299dcc0168bc9145d8200abaada7f246e2b6cf43fbca846d489bd4f744944ce62092b9a4c764662531f930dc3dc8dbb530a98b1fd2b0727476ba002dee743fc29891acc8bad77f38124440f959a2470b5aa88eb13c587d935bb41241eabd302a37c0d4329c82b2ecf2f614db0e4bce2eb7184ef89b40da7510c6c7e94d25738cb7bd9283a5064005d09a69108acbcb5bac57ff3613ec6a2c88508571d020f1a8b7d43082d45e4fab63b6e53edc30e6993839f74bb8d0a4bab9ea0d8176908028cad3b4c6e46ea617578fe28369a44d049580455d9073f31e5b69c8cfeb9f7fc49a943e9e09d563e2fe34636edda6aad375bda3b08a9c35d564cabe792bc24f95a02257c9f004592f2abb86c7c0d6b813558cc05f1a31b58ba234833be9201c279336a9584de948287ab7be6c4df22e615263ac211700855415841121ce38ec9257a83544d8ec4650a743156381a2a05174a7bcc8d476daefed742ff048ad11cb41a3e66c9427776afc8b3ce5ed9a44d7fb6bf32cda159c5a1b248b83e3b71bee4202dd3b270afee1a7a01c6b3bc75ab0e0080fadd4df2cf5545732a3dfa2e037fea8e9a6acefe168289e48858c9ee60cee83c41831152c2b7c9f45c3bc06a20c0f9143a651d7d7b74a7615b17e49c69ccc2d3cddf5314b9e19df136c5a3f9820452af1b30bb46594d66433e2cc355791ec9cdfaf9b7a2902e2a78777b7c216cf314264baf5fb139cd072bdced4984e4189583726c4965ef864f5931ddad3ee26259028bb5152ee2d9dc8f3ab5299963058f78db217061f717f182b7bf3ec03460345725e647d8b99eae56096c3657fd2ed566c03c78f77943c9d2ae31caffbcaef40a9248566bbb30ff72edc983af4f38111e7e2371994bf06d08380793980656ab410bb90413bce534c00c94bbe6c4c97ce22afec997e759ca7cd0ae07a89f2418dd1c98554173f3a95508c4527ae3bdf8c5a25fe29823d1d3ae03342bcc8", 0x0, 0x1000}) ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) socket$inet6(0xa, 0x803, 0x3) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x78, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x0, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd6c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a179"}, 0xd8) bind$inet(r2, &(0x7f0000000180)={0x2, 0x4e23, @dev}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e23}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000100), 0x4) dup3(r2, 0xffffffffffffffff, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_INPUT2(0xffffffffffffffff, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x100) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) 22:44:10 executing program 3: r0 = socket$rxrpc(0x21, 0x2, 0xa) sendmsg(r0, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[{0x10, 0x110, 0xa}], 0x10}, 0x0) 22:44:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a000000"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:10 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000000)={0x2}) 22:44:10 executing program 0: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:10 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:10 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a000000"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) [ 136.256817] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 136.274475] usb usb4: usbfs: interface 0 claimed by hub while 'syz-executor.3' sets config #2 [ 136.332694] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 22:44:10 executing program 2: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) 22:44:10 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) 22:44:10 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000000)={0x2}) 22:44:10 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:10 executing program 5: r0 = socket$rxrpc(0x21, 0x2, 0xa) sendmsg(r0, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[{0x10, 0x110, 0xd}], 0x10}, 0x0) 22:44:10 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:10 executing program 5: r0 = memfd_create(&(0x7f0000000180)='b\n\xf4*\xd2\xde\xd9\x88\x93\x00\x8c\xe9\x88\xf0\x9aIU\x98I\x81`\x8a\xe1\xfa\x05\xdd\xc3\x10,\x1aK\xe8w\xeb\\\x1dO\x7f^\xec\xc75q_\xe5\xf2*\xa2\x8e\x93\xfe\x84f\xf2)\xc9<\xf2ynn\x1f\xdd\xbe\xda\x1d[\x01P1P;a\xc6\x94\x14\xa80(u\x9f.\x9c\x9f\x98I8\xca\x9b}\xa1V\xe3\x9f\xad\xe2Om\xf1\xb5q5I\x12m=\x85D\vy\'\xfcx5\xce\x03f\xd4\x1a\xf0B\xa3\xa9p#!E\x89\x8b\xfd\x0e\rk\xa5\x83u\xc7J\xa5+8\xa2G/\xfb\xaa.\xfeQJ\t9\xb1\xa7.\b\xaa\x9c\xb3\xa1\x1cC\xc3_5h\x80y-\xf3\x9b?-\x8e^O\xba\r%^\xbd\x01\xe7\xa9s\xda\x13\xe6*\x1b|\xe6\x97\x13\xd1@\x87\f\xc4\x05Ci\xb19\xa7\xa5\xa2\xe0\xf7\xdc\x1d6\x04gn\'\x87\xc7\r\x84\xb0\x83\x8d%W+nTO\xb3\xeb\xac\xd1\xbf\xef', 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x5011, r0, 0x0) mq_getsetattr(0xffffffffffffffff, &(0x7f0000000040), 0x0) [ 136.603370] usb usb4: usbfs: interface 0 claimed by hub while 'syz-executor.3' sets config #2 22:44:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:10 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000000)={0x2}) 22:44:10 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da2987a"], 0x31) [ 136.678750] audit: type=1400 audit(1555022650.784:43): avc: denied { map } for pid=8388 comm="syz-executor.5" path=2F6D656D66643A620AF42AD2DED98893202864656C6574656429 dev="tmpfs" ino=31945 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 22:44:10 executing program 5: r0 = socket$inet6(0x18, 0x3, 0x0) recvfrom(r0, &(0x7f0000000080)=""/4096, 0x1000, 0x0, 0x0, 0x0) [ 136.753947] usb usb4: usbfs: interface 0 claimed by hub while 'syz-executor.3' sets config #2 22:44:11 executing program 2: r0 = userfaultfd(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:11 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, 0x0, 0x0) 22:44:11 executing program 5: symlink(&(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='./file0/file0\x00') 22:44:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d03"]) 22:44:11 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000000)={0x2}) 22:44:11 executing program 5: mkdir(&(0x7f00000031c0)='./file0\x00', 0x0) chmod(&(0x7f0000000000)='./file0\x00', 0x1) 22:44:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 137.039312] usb usb4: usbfs: interface 0 claimed by hub while 'syz-executor.3' sets config #2 [ 137.079210] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) 22:44:11 executing program 3: ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x80045505, &(0x7f0000000000)={0x2}) [ 137.115201] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 137.138708] CPU: 1 PID: 8441 Comm: syz-executor.4 Not tainted 4.14.111 #1 [ 137.145671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 137.155017] Call Trace: [ 137.160130] dump_stack+0x138/0x19c [ 137.163751] warn_alloc.cold+0x96/0x1af [ 137.167711] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 137.172539] ? lock_downgrade+0x6e0/0x6e0 [ 137.176683] ? avc_has_perm+0x2df/0x4b0 [ 137.180653] __vmalloc_node_range+0x3be/0x6a0 [ 137.185138] ? trace_hardirqs_on+0x10/0x10 [ 137.189362] vmalloc+0x46/0x50 [ 137.192538] ? sel_write_load+0x1a0/0x1050 [ 137.196761] sel_write_load+0x1a0/0x1050 [ 137.200805] ? save_trace+0x290/0x290 [ 137.204710] ? sel_read_bool+0x240/0x240 [ 137.208756] ? trace_hardirqs_on+0x10/0x10 [ 137.212972] ? save_trace+0x290/0x290 [ 137.216760] __vfs_write+0x107/0x6c0 [ 137.220454] ? __lock_is_held+0xb6/0x140 [ 137.224497] ? sel_read_bool+0x240/0x240 [ 137.228542] ? kernel_read+0x120/0x120 [ 137.232410] ? __lock_is_held+0xb6/0x140 [ 137.236453] ? check_preemption_disabled+0x3c/0x250 [ 137.241455] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 137.246889] ? rcu_read_lock_sched_held+0x110/0x130 [ 137.251893] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 137.256629] ? __sb_start_write+0x153/0x2f0 [ 137.260952] vfs_write+0x198/0x500 [ 137.264485] SyS_write+0xb8/0x180 [ 137.267925] ? SyS_read+0x180/0x180 [ 137.271533] ? do_syscall_64+0x53/0x630 [ 137.275499] ? SyS_read+0x180/0x180 [ 137.279133] do_syscall_64+0x1eb/0x630 [ 137.283002] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 137.288093] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 137.293354] RIP: 0033:0x458c29 [ 137.296525] RSP: 002b:00007f47c1f7ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 137.304214] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 22:44:11 executing program 5: mkdir(&(0x7f0000000100)='./file1\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) sendto$inet(r0, 0x0, 0x0, 0x40c, 0x0, 0x0) [ 137.311465] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 137.318717] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 137.325967] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47c1f7f6d4 [ 137.333232] R13: 00000000004c85a0 R14: 00000000004de9c8 R15: 00000000ffffffff 22:44:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:11 executing program 3: ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x80045505, &(0x7f0000000000)={0x2}) [ 137.396224] Mem-Info: [ 137.426685] active_anon:66101 inactive_anon:195 isolated_anon:0 [ 137.426685] active_file:8628 inactive_file:10479 isolated_file:0 [ 137.426685] unevictable:0 dirty:765 writeback:0 unstable:0 [ 137.426685] slab_reclaimable:11989 slab_unreclaimable:108706 [ 137.426685] mapped:58701 shmem:243 pagetables:1300 bounce:0 [ 137.426685] free:1330477 free_pcp:225 free_cma:0 [ 137.491867] Node 0 active_anon:260152kB inactive_anon:780kB active_file:34372kB inactive_file:41916kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:234804kB dirty:3056kB writeback:0kB shmem:972kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 182272kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 137.552683] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 137.578626] Node 0 DMA free:15908kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 137.605485] lowmem_reserve[]: 0 2580 2580 2580 [ 137.610624] Node 0 DMA32 free:1524652kB min:36468kB low:45584kB high:54700kB active_anon:260352kB inactive_anon:760kB active_file:34372kB inactive_file:41944kB unevictable:0kB writepending:3084kB present:3129332kB managed:2644924kB mlocked:0kB kernel_stack:7552kB pagetables:4708kB bounce:0kB free_pcp:1128kB local_pcp:728kB free_cma:0kB [ 137.640620] lowmem_reserve[]: 0 0 0 0 [ 137.644445] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 137.669857] lowmem_reserve[]: 0 0 0 0 [ 137.669913] Node 1 Normal free:3785596kB min:53420kB low:66772kB high:80124kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870208kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 22:44:11 executing program 2: userfaultfd(0x0) r0 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) 22:44:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, 0x0) [ 137.669936] lowmem_reserve[]: 0 0 0 0 [ 137.669953] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 137.724279] Node 0 DMA32: 7468*4kB (UME) 689*8kB (UME) 476*16kB (UME) 198*32kB (UME) 65*64kB (UME) 11*128kB (UME) 3*256kB (UM) 2*512kB (UM) 2*1024kB (ME) 0*2048kB 358*4096kB (M) = 1525112kB [ 137.745727] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 137.758259] Node 1 Normal: 49*4kB (UE) 349*8kB (UME) 263*16kB (UME) 59*32kB (UME) 16*64kB (UM) 14*128kB (U) 7*256kB (UME) 1*512kB (E) 3*1024kB (UME) 4*2048kB (ME) 918*4096kB (M) = 3785596kB [ 137.779457] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 137.795301] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 137.807287] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 137.816349] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 137.825601] 19355 total pagecache pages [ 137.829587] 0 pages in swap cache [ 137.838109] Swap cache stats: add 0, delete 0, find 0/0 [ 137.843682] Free swap = 0kB [ 137.846705] Total swap = 0kB [ 137.849725] 1965979 pages RAM 22:44:11 executing program 5: mkdir(&(0x7f0000000200)='./file0\x00', 0x0) open(&(0x7f0000000080)='./file0\x00', 0x80080, 0x88) 22:44:11 executing program 3: ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x80045505, &(0x7f0000000000)={0x2}) 22:44:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:11 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, 0x0, 0x0) 22:44:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, 0x0) 22:44:12 executing program 5: open(&(0x7f0000000000)='./file0\x00', 0x5ffffd, 0x18) 22:44:12 executing program 3: r0 = syz_open_dev$usb(0x0, 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000000)={0x2}) [ 137.857327] 0 pages HighMem/MovableOnly [ 137.861365] 333219 pages reserved [ 137.861369] 0 pages cma reserved 22:44:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:12 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, 0x0) 22:44:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 138.008851] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) [ 138.020266] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 138.025792] CPU: 0 PID: 8506 Comm: syz-executor.4 Not tainted 4.14.111 #1 [ 138.027558] overlayfs: failed to resolve './file1': -2 [ 138.032717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 138.032722] Call Trace: [ 138.032744] dump_stack+0x138/0x19c [ 138.032760] warn_alloc.cold+0x96/0x1af [ 138.032776] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 138.032788] ? lock_downgrade+0x6e0/0x6e0 [ 138.032806] ? avc_has_perm+0x2df/0x4b0 [ 138.032821] __vmalloc_node_range+0x3be/0x6a0 [ 138.032834] ? trace_hardirqs_on+0x10/0x10 [ 138.032847] vmalloc+0x46/0x50 [ 138.032859] ? sel_write_load+0x1a0/0x1050 [ 138.032868] sel_write_load+0x1a0/0x1050 [ 138.032879] ? save_trace+0x290/0x290 [ 138.032893] ? sel_read_bool+0x240/0x240 [ 138.032903] ? trace_hardirqs_on+0x10/0x10 [ 138.032915] ? save_trace+0x290/0x290 [ 138.032931] __vfs_write+0x107/0x6c0 [ 138.032948] ? __lock_is_held+0xb6/0x140 [ 138.032961] ? sel_read_bool+0x240/0x240 [ 138.032978] ? kernel_read+0x120/0x120 [ 138.047626] ? __lock_is_held+0xb6/0x140 [ 138.047637] ? check_preemption_disabled+0x3c/0x250 [ 138.047651] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 138.057818] ? rcu_read_lock_sched_held+0x110/0x130 [ 138.057827] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 138.057839] ? __sb_start_write+0x153/0x2f0 [ 138.094728] vfs_write+0x198/0x500 [ 138.094740] SyS_write+0xb8/0x180 [ 138.094750] ? SyS_read+0x180/0x180 [ 138.103151] ? do_syscall_64+0x53/0x630 [ 138.103160] ? SyS_read+0x180/0x180 [ 138.103170] do_syscall_64+0x1eb/0x630 [ 138.103178] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 138.103193] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 138.103201] RIP: 0033:0x458c29 [ 138.103206] RSP: 002b:00007f47c1f7ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 138.103216] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 138.103221] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 138.103225] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 138.103230] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47c1f7f6d4 [ 138.103235] R13: 00000000004c85a0 R14: 00000000004de9c8 R15: 00000000ffffffff 22:44:12 executing program 2: userfaultfd(0x0) r0 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) 22:44:12 executing program 5: mkdir(&(0x7f0000000200)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x440000, 0x88511073acda3096) 22:44:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:12 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, 0x0, 0x0) 22:44:12 executing program 3: r0 = syz_open_dev$usb(0x0, 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000000)={0x2}) 22:44:12 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[]) 22:44:12 executing program 5: mknod(&(0x7f0000000180)='./file0\x00', 0x8000, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x5, 0x210, r0, 0x0) 22:44:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 138.393796] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) 22:44:12 executing program 3: r0 = syz_open_dev$usb(0x0, 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000000)={0x2}) 22:44:12 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[]) [ 138.440763] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 138.491053] CPU: 0 PID: 8538 Comm: syz-executor.4 Not tainted 4.14.111 #1 [ 138.498023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 138.507381] Call Trace: [ 138.509972] dump_stack+0x138/0x19c [ 138.513602] warn_alloc.cold+0x96/0x1af [ 138.517581] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 138.522426] ? lock_downgrade+0x6e0/0x6e0 [ 138.526567] ? avc_has_perm+0x2df/0x4b0 [ 138.530539] __vmalloc_node_range+0x3be/0x6a0 [ 138.535036] ? trace_hardirqs_on+0x10/0x10 [ 138.539257] vmalloc+0x46/0x50 [ 138.542446] ? sel_write_load+0x1a0/0x1050 [ 138.546662] sel_write_load+0x1a0/0x1050 [ 138.550706] ? save_trace+0x290/0x290 [ 138.554491] ? sel_read_bool+0x240/0x240 [ 138.558544] ? trace_hardirqs_on+0x10/0x10 [ 138.562761] ? save_trace+0x290/0x290 [ 138.566556] __vfs_write+0x107/0x6c0 [ 138.570253] ? __lock_is_held+0xb6/0x140 [ 138.574294] ? sel_read_bool+0x240/0x240 [ 138.578344] ? kernel_read+0x120/0x120 [ 138.582225] ? __lock_is_held+0xb6/0x140 [ 138.586268] ? check_preemption_disabled+0x3c/0x250 [ 138.591278] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 138.596797] ? rcu_read_lock_sched_held+0x110/0x130 [ 138.601794] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 138.606547] ? __sb_start_write+0x153/0x2f0 [ 138.610851] vfs_write+0x198/0x500 [ 138.614376] SyS_write+0xb8/0x180 [ 138.617816] ? SyS_read+0x180/0x180 [ 138.621435] ? do_syscall_64+0x53/0x630 [ 138.625749] ? SyS_read+0x180/0x180 [ 138.629357] do_syscall_64+0x1eb/0x630 [ 138.633223] ? trace_hardirqs_off_thunk+0x1a/0x1c 22:44:12 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000000)={0x2}) [ 138.638050] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 138.643223] RIP: 0033:0x458c29 [ 138.646481] RSP: 002b:00007f47c1f7ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 138.654183] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 138.661433] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 138.668685] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 138.675944] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47c1f7f6d4 [ 138.683205] R13: 00000000004c85a0 R14: 00000000004de9c8 R15: 00000000ffffffff 22:44:12 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) setsockopt$sock_linger(r0, 0xffff, 0x80, &(0x7f0000000040), 0x8) [ 138.767926] warn_alloc_show_mem: 1 callbacks suppressed [ 138.767930] Mem-Info: [ 138.781313] active_anon:66660 inactive_anon:192 isolated_anon:0 [ 138.781313] active_file:8630 inactive_file:10491 isolated_file:0 [ 138.781313] unevictable:0 dirty:779 writeback:0 unstable:0 [ 138.781313] slab_reclaimable:11964 slab_unreclaimable:108617 [ 138.781313] mapped:58726 shmem:242 pagetables:1220 bounce:0 [ 138.781313] free:1329889 free_pcp:355 free_cma:0 [ 138.823472] Node 0 active_anon:266740kB inactive_anon:768kB active_file:34380kB inactive_file:41964kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235004kB dirty:3112kB writeback:0kB shmem:968kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 176128kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 138.852943] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 138.879556] Node 0 DMA free:15908kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 138.906060] lowmem_reserve[]: 0 2580 2580 2580 [ 138.911366] Node 0 DMA32 free:1517560kB min:36468kB low:45584kB high:54700kB active_anon:266740kB inactive_anon:768kB active_file:34380kB inactive_file:41964kB unevictable:0kB writepending:3112kB present:3129332kB managed:2644924kB mlocked:0kB kernel_stack:7680kB pagetables:5028kB bounce:0kB free_pcp:1292kB local_pcp:668kB free_cma:0kB [ 138.941521] lowmem_reserve[]: 0 0 0 0 [ 138.945847] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 138.978314] lowmem_reserve[]: 0 0 0 0 [ 138.982731] Node 1 Normal free:3785596kB min:53420kB low:66772kB high:80124kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870208kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 139.017511] lowmem_reserve[]: 0 0 0 0 [ 139.021722] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 139.035912] Node 0 DMA32: 7450*4kB (UME) 700*8kB (UME) 478*16kB (UME) 206*32kB (UME) 66*64kB (UME) 7*128kB (ME) 3*256kB (UM) 1*512kB (M) 3*1024kB (UME) 1*2048kB (U) 356*4096kB (M) = 1519336kB [ 139.058942] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 139.080539] Node 1 Normal: 49*4kB (UE) 349*8kB (UME) 263*16kB (UME) 59*32kB (UME) 16*64kB (UM) 14*128kB (U) 7*256kB (UME) 1*512kB (E) 3*1024kB (UME) 4*2048kB (ME) 918*4096kB (M) = 3785596kB [ 139.097914] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 139.107363] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 139.116494] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 22:44:13 executing program 2: userfaultfd(0x0) r0 = openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000340)={0x6, 0x2, 0x20}) 22:44:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:13 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000000)={0x2}) [ 139.132790] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 139.141447] 19375 total pagecache pages [ 139.147599] 0 pages in swap cache [ 139.153922] Swap cache stats: add 0, delete 0, find 0/0 [ 139.167886] Free swap = 0kB [ 139.174238] Total swap = 0kB [ 139.177343] 1965979 pages RAM 22:44:13 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[], 0x0) 22:44:13 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup2(r0, r0) bind$unix(r1, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0xa) 22:44:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[]) 22:44:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:13 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000000)={0x2}) [ 139.180720] 0 pages HighMem/MovableOnly [ 139.180727] 333219 pages reserved [ 139.188137] 0 pages cma reserved 22:44:13 executing program 5: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000440)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept$inet(r1, 0x0, 0x0) sendto(r2, &(0x7f0000000040), 0x0, 0x2, 0x0, 0x0) 22:44:13 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000000)={0x2}) [ 139.270519] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) 22:44:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB]) [ 139.320172] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 139.355435] CPU: 1 PID: 8595 Comm: syz-executor.4 Not tainted 4.14.111 #1 [ 139.362412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 139.371857] Call Trace: [ 139.374471] dump_stack+0x138/0x19c [ 139.378199] warn_alloc.cold+0x96/0x1af [ 139.378216] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 139.387064] ? lock_downgrade+0x6e0/0x6e0 [ 139.387081] ? avc_has_perm+0x2df/0x4b0 [ 139.387098] __vmalloc_node_range+0x3be/0x6a0 [ 139.387110] ? trace_hardirqs_on+0x10/0x10 [ 139.387128] vmalloc+0x46/0x50 [ 139.407649] ? sel_write_load+0x1a0/0x1050 [ 139.411895] sel_write_load+0x1a0/0x1050 [ 139.415971] ? save_trace+0x290/0x290 22:44:13 executing program 5: r0 = socket$inet(0x2, 0x60000003, 0x0) readv(r0, &(0x7f0000000180)=[{&(0x7f0000000140)=""/26, 0x1a}], 0x1) [ 139.419781] ? sel_read_bool+0x240/0x240 [ 139.423851] ? trace_hardirqs_on+0x10/0x10 [ 139.428090] ? save_trace+0x290/0x290 [ 139.432028] __vfs_write+0x107/0x6c0 [ 139.435737] ? __lock_is_held+0xb6/0x140 [ 139.439780] ? sel_read_bool+0x240/0x240 [ 139.443825] ? kernel_read+0x120/0x120 [ 139.447689] ? __lock_is_held+0xb6/0x140 [ 139.451787] ? check_preemption_disabled+0x3c/0x250 [ 139.456789] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 139.462224] ? rcu_read_lock_sched_held+0x110/0x130 [ 139.467220] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 139.470841] overlayfs: failed to resolve './file1': -2 [ 139.471963] ? __sb_start_write+0x153/0x2f0 [ 139.471976] vfs_write+0x198/0x500 [ 139.471989] SyS_write+0xb8/0x180 [ 139.488704] ? SyS_read+0x180/0x180 [ 139.492323] ? do_syscall_64+0x53/0x630 [ 139.496281] ? SyS_read+0x180/0x180 [ 139.499910] do_syscall_64+0x1eb/0x630 [ 139.503885] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 139.508731] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 139.513902] RIP: 0033:0x458c29 [ 139.517071] RSP: 002b:00007f47c1f7ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 139.524765] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 139.532015] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000003 [ 139.539265] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 139.546514] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47c1f7f6d4 [ 139.553771] R13: 00000000004c85a0 R14: 00000000004de9c8 R15: 00000000ffffffff 22:44:13 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB]) 22:44:13 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000000)={0x2}) 22:44:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:13 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[], 0x0) 22:44:13 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:13 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000000)={0x2}) 22:44:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB]) 22:44:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 139.738732] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) [ 139.768263] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 139.813873] CPU: 0 PID: 8630 Comm: syz-executor.4 Not tainted 4.14.111 #1 [ 139.820841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 139.830208] Call Trace: [ 139.832814] dump_stack+0x138/0x19c [ 139.836466] warn_alloc.cold+0x96/0x1af [ 139.840468] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 139.845317] ? lock_downgrade+0x6e0/0x6e0 [ 139.845339] ? avc_has_perm+0x2df/0x4b0 [ 139.845356] __vmalloc_node_range+0x3be/0x6a0 [ 139.845378] ? trace_hardirqs_on+0x10/0x10 22:44:14 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 139.857969] vmalloc+0x46/0x50 [ 139.857984] ? sel_write_load+0x1a0/0x1050 [ 139.857994] sel_write_load+0x1a0/0x1050 [ 139.858006] ? save_trace+0x290/0x290 [ 139.858021] ? sel_read_bool+0x240/0x240 [ 139.858036] ? trace_hardirqs_on+0x10/0x10 [ 139.885770] ? save_trace+0x290/0x290 [ 139.889590] __vfs_write+0x107/0x6c0 [ 139.893308] ? __lock_is_held+0xb6/0x140 [ 139.897374] ? sel_read_bool+0x240/0x240 [ 139.901448] ? kernel_read+0x120/0x120 [ 139.905388] ? __lock_is_held+0xb6/0x140 [ 139.909456] ? check_preemption_disabled+0x3c/0x250 [ 139.914554] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 139.920232] ? rcu_read_lock_sched_held+0x110/0x130 [ 139.925257] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 139.930016] ? __sb_start_write+0x153/0x2f0 [ 139.934336] vfs_write+0x198/0x500 [ 139.937966] SyS_write+0xb8/0x180 [ 139.941495] ? SyS_read+0x180/0x180 [ 139.945110] ? do_syscall_64+0x53/0x630 [ 139.949067] ? SyS_read+0x180/0x180 [ 139.952677] do_syscall_64+0x1eb/0x630 [ 139.956545] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 139.961372] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 139.966543] RIP: 0033:0x458c29 [ 139.969713] RSP: 002b:00007f47c1f9fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 139.977410] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 139.984663] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000003 [ 139.992043] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 139.999291] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47c1fa06d4 [ 140.006541] R13: 00000000004c85a0 R14: 00000000004de9c8 R15: 00000000ffffffff 22:44:14 executing program 3: syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x80045505, &(0x7f0000000000)={0x2}) [ 140.029737] overlayfs: failed to resolve './file1': -2 [ 140.035575] warn_alloc_show_mem: 1 callbacks suppressed [ 140.035578] Mem-Info: [ 140.041152] active_anon:68275 inactive_anon:195 isolated_anon:0 [ 140.041152] active_file:8633 inactive_file:10512 isolated_file:0 [ 140.041152] unevictable:0 dirty:803 writeback:0 unstable:0 [ 140.041152] slab_reclaimable:11977 slab_unreclaimable:109435 [ 140.041152] mapped:58743 shmem:242 pagetables:1342 bounce:0 [ 140.041152] free:1327349 free_pcp:320 free_cma:0 22:44:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000000"]) [ 140.078357] Node 0 active_anon:273160kB inactive_anon:776kB active_file:34392kB inactive_file:42064kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:235032kB dirty:3224kB writeback:0kB shmem:968kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 188416kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 140.146457] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 140.177063] Node 0 DMA free:15908kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 140.204686] lowmem_reserve[]: 0 2580 2580 2580 [ 140.209430] Node 0 DMA32 free:1510992kB min:36468kB low:45584kB high:54700kB active_anon:271128kB inactive_anon:768kB active_file:34392kB inactive_file:42064kB unevictable:0kB writepending:3232kB present:3129332kB managed:2644924kB mlocked:0kB kernel_stack:7776kB pagetables:5308kB bounce:0kB free_pcp:1100kB local_pcp:660kB free_cma:0kB [ 140.241937] lowmem_reserve[]: 0 0 0 0 [ 140.252299] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 140.278683] lowmem_reserve[]: 0 0 0 0 [ 140.282667] Node 1 Normal free:3785596kB min:53420kB low:66772kB high:80124kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870208kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 140.347506] lowmem_reserve[]: 0 0 0 0 [ 140.358401] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 140.379417] Node 0 DMA32: 7158*4kB (UM) 677*8kB (UME) 465*16kB (ME) 189*32kB (UM) 59*64kB (UME) 8*128kB (UME) 3*256kB (UM) 1*512kB (M) 3*1024kB (UME) 3*2048kB (M) 353*4096kB (M) = 1508720kB [ 140.397423] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 140.410586] Node 1 Normal: 49*4kB (UE) 349*8kB (UME) 263*16kB (UME) 59*32kB (UME) 16*64kB (UM) 14*128kB (U) 7*256kB (UME) 1*512kB (E) 3*1024kB (UME) 4*2048kB (ME) 918*4096kB (M) = 3785596kB [ 140.427885] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 140.436955] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 140.445717] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 140.454947] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 140.469785] 19393 total pagecache pages [ 140.473984] 0 pages in swap cache [ 140.477436] Swap cache stats: add 0, delete 0, find 0/0 [ 140.483238] Free swap = 0kB [ 140.486261] Total swap = 0kB [ 140.489282] 1965979 pages RAM 22:44:14 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:14 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:14 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:14 executing program 3: syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x80045505, &(0x7f0000000000)={0x2}) 22:44:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000000"]) 22:44:14 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[], 0x0) [ 140.498483] 0 pages HighMem/MovableOnly [ 140.504054] 333219 pages reserved [ 140.508660] 0 pages cma reserved 22:44:14 executing program 3: syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x80045505, &(0x7f0000000000)={0x2}) 22:44:14 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000000"]) [ 140.604850] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) 22:44:14 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) [ 140.663166] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 140.687413] CPU: 0 PID: 8690 Comm: syz-executor.4 Not tainted 4.14.111 #1 [ 140.694369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 140.703720] Call Trace: [ 140.706307] dump_stack+0x138/0x19c [ 140.709928] warn_alloc.cold+0x96/0x1af [ 140.713888] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 140.718719] ? lock_downgrade+0x6e0/0x6e0 [ 140.722854] ? avc_has_perm+0x2df/0x4b0 [ 140.726814] __vmalloc_node_range+0x3be/0x6a0 [ 140.731293] ? trace_hardirqs_on+0x10/0x10 [ 140.735575] vmalloc+0x46/0x50 [ 140.738749] ? sel_write_load+0x1a0/0x1050 [ 140.742965] sel_write_load+0x1a0/0x1050 [ 140.747008] ? save_trace+0x290/0x290 [ 140.750793] ? sel_read_bool+0x240/0x240 [ 140.754844] ? trace_hardirqs_on+0x10/0x10 [ 140.759149] ? save_trace+0x290/0x290 [ 140.762934] __vfs_write+0x107/0x6c0 [ 140.766629] ? __lock_is_held+0xb6/0x140 [ 140.770764] ? sel_read_bool+0x240/0x240 [ 140.774804] ? kernel_read+0x120/0x120 [ 140.778671] ? __lock_is_held+0xb6/0x140 [ 140.782716] ? check_preemption_disabled+0x3c/0x250 [ 140.787720] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 140.793154] ? rcu_read_lock_sched_held+0x110/0x130 [ 140.798161] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 140.802897] ? __sb_start_write+0x153/0x2f0 [ 140.807200] vfs_write+0x198/0x500 [ 140.810725] SyS_write+0xb8/0x180 [ 140.814159] ? SyS_read+0x180/0x180 [ 140.817778] ? do_syscall_64+0x53/0x630 [ 140.821749] ? SyS_read+0x180/0x180 [ 140.825365] do_syscall_64+0x1eb/0x630 [ 140.829234] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 140.834236] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 140.840274] RIP: 0033:0x458c29 [ 140.843452] RSP: 002b:00007f47c1f7ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 140.851141] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 22:44:15 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 140.858390] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000003 [ 140.865648] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 140.872900] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47c1f7f6d4 [ 140.880164] R13: 00000000004c85a0 R14: 00000000004de9c8 R15: 00000000ffffffff 22:44:15 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, 0x0) [ 141.052734] Mem-Info: [ 141.055204] active_anon:67759 inactive_anon:187 isolated_anon:0 [ 141.055204] active_file:8634 inactive_file:10542 isolated_file:0 [ 141.055204] unevictable:0 dirty:811 writeback:0 unstable:0 [ 141.055204] slab_reclaimable:11977 slab_unreclaimable:109999 [ 141.055204] mapped:58756 shmem:241 pagetables:1313 bounce:0 [ 141.055204] free:1327260 free_pcp:235 free_cma:0 [ 141.094261] Node 0 active_anon:270968kB inactive_anon:752kB active_file:34396kB inactive_file:42168kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:234932kB dirty:3240kB writeback:0kB shmem:964kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 182272kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 141.122909] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 141.150229] Node 0 DMA free:15908kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 141.178631] lowmem_reserve[]: 0 2580 2580 2580 [ 141.178660] Node 0 DMA32 free:1509380kB min:36468kB low:45584kB high:54700kB active_anon:271024kB inactive_anon:772kB active_file:34396kB inactive_file:42168kB unevictable:0kB writepending:3332kB present:3129332kB managed:2644924kB mlocked:0kB kernel_stack:7648kB pagetables:5208kB bounce:0kB free_pcp:1356kB local_pcp:712kB free_cma:0kB [ 141.178686] lowmem_reserve[]: 0 0 0 0 [ 141.178704] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 141.178725] lowmem_reserve[]: 0 0 0 0 22:44:15 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000000000000"]) 22:44:15 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:15 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:15 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, 0x0) [ 141.178743] Node 1 Normal free:3785596kB min:53420kB low:66772kB high:80124kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870208kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 141.178762] lowmem_reserve[]: 0 0 0 0 [ 141.178781] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 141.178860] Node 0 DMA32: 7189*4kB [ 141.309836] (UME) 818*8kB (UME) 481*16kB (UME) 196*32kB (UME) 65*64kB (UME) 7*128kB (ME) 2*256kB (M) 1*512kB (M) 2*1024kB (ME) 1*2048kB (M) 354*4096kB (M) = 1509428kB [ 141.325580] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 141.378101] Node 1 Normal: 49*4kB (UE) 349*8kB (UME) 263*16kB (UME) 59*32kB (UME) 16*64kB (UM) 14*128kB (U) 7*256kB (UME) 1*512kB (E) 3*1024kB (UME) 4*2048kB (ME) 918*4096kB (M) = 3785596kB [ 141.397487] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 141.413364] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 22:44:15 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x0) 22:44:15 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:15 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, 0x0) 22:44:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000000000000"]) 22:44:15 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 141.424954] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 141.434227] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 141.434234] 19417 total pagecache pages [ 141.434246] 0 pages in swap cache [ 141.434252] Swap cache stats: add 0, delete 0, find 0/0 [ 141.434256] Free swap = 0kB [ 141.434260] Total swap = 0kB [ 141.434265] 1965979 pages RAM [ 141.434279] 0 pages HighMem/MovableOnly [ 141.434283] 333219 pages reserved [ 141.434286] 0 pages cma reserved 22:44:15 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) [ 141.479662] overlayfs: failed to resolve './file1': -2 22:44:15 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000006, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000000)) [ 141.597899] usb usb4: usbfs: interface 0 claimed by hub while 'syz-executor.3' sets config #0 [ 141.653882] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) [ 141.667811] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 141.682191] CPU: 1 PID: 8768 Comm: syz-executor.4 Not tainted 4.14.111 #1 [ 141.689258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 141.698627] Call Trace: [ 141.701336] dump_stack+0x138/0x19c [ 141.704957] warn_alloc.cold+0x96/0x1af [ 141.708930] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 141.713772] ? lock_downgrade+0x6e0/0x6e0 [ 141.717910] ? avc_has_perm+0x2df/0x4b0 [ 141.721872] __vmalloc_node_range+0x3be/0x6a0 [ 141.726350] ? trace_hardirqs_on+0x10/0x10 [ 141.730568] vmalloc+0x46/0x50 [ 141.733743] ? sel_write_load+0x1a0/0x1050 [ 141.738030] sel_write_load+0x1a0/0x1050 [ 141.742087] ? save_trace+0x290/0x290 [ 141.745886] ? sel_read_bool+0x240/0x240 [ 141.750023] ? trace_hardirqs_on+0x10/0x10 [ 141.754284] ? save_trace+0x290/0x290 [ 141.758079] __vfs_write+0x107/0x6c0 [ 141.761779] ? __lock_is_held+0xb6/0x140 [ 141.765824] ? sel_read_bool+0x240/0x240 [ 141.769864] ? kernel_read+0x120/0x120 [ 141.773732] ? __lock_is_held+0xb6/0x140 [ 141.777775] ? check_preemption_disabled+0x3c/0x250 [ 141.782774] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 141.788218] ? rcu_read_lock_sched_held+0x110/0x130 [ 141.793219] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 141.797965] ? __sb_start_write+0x153/0x2f0 [ 141.802285] vfs_write+0x198/0x500 [ 141.805808] SyS_write+0xb8/0x180 [ 141.809265] ? SyS_read+0x180/0x180 [ 141.812880] ? do_syscall_64+0x53/0x630 [ 141.816843] ? SyS_read+0x180/0x180 [ 141.820450] do_syscall_64+0x1eb/0x630 [ 141.824317] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 141.829156] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 141.834340] RIP: 0033:0x458c29 [ 141.837516] RSP: 002b:00007f47c1f7ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 141.845208] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 22:44:16 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:16 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:16 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000000000000"]) [ 141.852468] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000003 [ 141.859725] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 141.866978] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47c1f7f6d4 [ 141.874246] R13: 00000000004c85a0 R14: 00000000004de9c8 R15: 00000000ffffffff 22:44:16 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x9c}, {0x16}]}) 22:44:16 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x0) 22:44:16 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:16 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d"]) [ 142.025444] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) [ 142.066738] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 142.082166] CPU: 1 PID: 8786 Comm: syz-executor.4 Not tainted 4.14.111 #1 [ 142.089143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 142.089149] Call Trace: [ 142.089169] dump_stack+0x138/0x19c [ 142.089188] warn_alloc.cold+0x96/0x1af [ 142.089206] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 142.104777] ? lock_downgrade+0x6e0/0x6e0 [ 142.113576] ? avc_has_perm+0x2df/0x4b0 [ 142.113595] __vmalloc_node_range+0x3be/0x6a0 [ 142.113608] ? trace_hardirqs_on+0x10/0x10 [ 142.113620] vmalloc+0x46/0x50 [ 142.113630] ? sel_write_load+0x1a0/0x1050 [ 142.113639] sel_write_load+0x1a0/0x1050 [ 142.113651] ? save_trace+0x290/0x290 [ 142.121765] ? sel_read_bool+0x240/0x240 [ 142.121781] ? trace_hardirqs_on+0x10/0x10 [ 142.121792] ? save_trace+0x290/0x290 [ 142.121806] __vfs_write+0x107/0x6c0 22:44:16 executing program 5: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:16 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 142.121815] ? __lock_is_held+0xb6/0x140 [ 142.121824] ? sel_read_bool+0x240/0x240 [ 142.135381] ? kernel_read+0x120/0x120 [ 142.135395] ? __lock_is_held+0xb6/0x140 [ 142.135408] ? check_preemption_disabled+0x3c/0x250 [ 142.135423] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 142.143683] ? rcu_read_lock_sched_held+0x110/0x130 [ 142.143693] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 142.143702] ? __sb_start_write+0x153/0x2f0 [ 142.143714] vfs_write+0x198/0x500 [ 142.143728] SyS_write+0xb8/0x180 [ 142.143740] ? SyS_read+0x180/0x180 [ 142.143750] ? do_syscall_64+0x53/0x630 [ 142.143760] ? SyS_read+0x180/0x180 [ 142.171888] do_syscall_64+0x1eb/0x630 [ 142.171899] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 142.171915] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 142.171923] RIP: 0033:0x458c29 [ 142.171928] RSP: 002b:00007f47c1f9fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 142.179854] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 142.179861] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000003 22:44:16 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 142.179866] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 142.179872] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47c1fa06d4 [ 142.179878] R13: 00000000004c85a0 R14: 00000000004de9c8 R15: 00000000ffffffff [ 142.307660] warn_alloc_show_mem: 1 callbacks suppressed [ 142.307665] Mem-Info: 22:44:16 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:16 executing program 5: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:16 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x28, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d"]) [ 142.318713] overlayfs: failed to resolve './file1': -2 [ 142.327431] active_anon:68872 inactive_anon:195 isolated_anon:0 [ 142.327431] active_file:8637 inactive_file:10563 isolated_file:0 [ 142.327431] unevictable:0 dirty:858 writeback:0 unstable:0 [ 142.327431] slab_reclaimable:11996 slab_unreclaimable:109709 [ 142.327431] mapped:58746 shmem:242 pagetables:1384 bounce:0 [ 142.327431] free:1326342 free_pcp:280 free_cma:0 22:44:16 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 142.438774] Node 0 active_anon:279648kB inactive_anon:780kB active_file:34408kB inactive_file:42252kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:234984kB dirty:3428kB writeback:0kB shmem:968kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 188416kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 142.469210] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 142.499387] Node 0 DMA free:15908kB min:216kB low:268kB high:320kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 142.569307] lowmem_reserve[]: 0 2580 2580 2580 [ 142.619881] Node 0 DMA32 free:1505396kB min:36468kB low:45584kB high:54700kB active_anon:275544kB inactive_anon:780kB active_file:34408kB inactive_file:42252kB unevictable:0kB writepending:3428kB present:3129332kB managed:2644924kB mlocked:0kB kernel_stack:7744kB pagetables:5576kB bounce:0kB free_pcp:1132kB local_pcp:548kB free_cma:0kB [ 142.657969] lowmem_reserve[]: 0 0 0 0 [ 142.662342] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 142.704101] lowmem_reserve[]: 0 0 0 0 [ 142.707969] Node 1 Normal free:3785596kB min:53420kB low:66772kB high:80124kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870208kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 142.744910] lowmem_reserve[]: 0 0 0 0 [ 142.748872] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 142.767644] Node 0 DMA32: 7052*4kB (UME) 715*8kB (UME) 496*16kB (UME) 218*32kB (UME) 69*64kB (UME) 11*128kB (UME) 2*256kB (M) 1*512kB (M) 2*1024kB (ME) 2*2048kB (M) 353*4096kB (M) = 1507720kB [ 142.786250] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 142.797097] Node 1 Normal: 49*4kB (UE) 349*8kB (UME) 263*16kB (UME) 59*32kB (UME) 16*64kB (UM) 14*128kB (U) 7*256kB (UME) 1*512kB (E) 3*1024kB (UME) 4*2048kB (ME) 918*4096kB (M) = 3785596kB [ 142.814274] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 142.814282] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 142.814289] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 142.814295] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 142.814299] 19457 total pagecache pages [ 142.814315] 0 pages in swap cache [ 142.831894] Swap cache stats: add 0, delete 0, find 0/0 [ 142.831899] Free swap = 0kB [ 142.831903] Total swap = 0kB 22:44:17 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x0) 22:44:17 executing program 5: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000000040050000a90000000000fa0000000000400003000001000000000000002560b700fff0ffff04040000000000000a00000006"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000008d"]) 22:44:17 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x34}]}) 22:44:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:17 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) [ 142.831909] 1965979 pages RAM [ 142.831913] 0 pages HighMem/MovableOnly [ 142.831920] 333219 pages reserved [ 142.878907] 0 pages cma reserved 22:44:17 executing program 5: r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 142.961868] syz-executor.4: vmalloc: allocation failure: 0 bytes, mode:0x14000c0(GFP_KERNEL), nodemask=(null) [ 143.008089] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 143.019766] CPU: 0 PID: 8862 Comm: syz-executor.4 Not tainted 4.14.111 #1 [ 143.026714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 143.026721] Call Trace: [ 143.038670] dump_stack+0x138/0x19c [ 143.042313] warn_alloc.cold+0x96/0x1af [ 143.046291] ? zone_watermark_ok_safe+0x2b0/0x2b0 [ 143.051159] ? lock_downgrade+0x6e0/0x6e0 [ 143.051177] ? avc_has_perm+0x2df/0x4b0 [ 143.051190] __vmalloc_node_range+0x3be/0x6a0 [ 143.051201] ? trace_hardirqs_on+0x10/0x10 [ 143.051212] vmalloc+0x46/0x50 [ 143.051222] ? sel_write_load+0x1a0/0x1050 [ 143.051231] sel_write_load+0x1a0/0x1050 [ 143.051243] ? save_trace+0x290/0x290 [ 143.059342] ? sel_read_bool+0x240/0x240 [ 143.059356] ? trace_hardirqs_on+0x10/0x10 [ 143.059366] ? save_trace+0x290/0x290 [ 143.068068] __vfs_write+0x107/0x6c0 [ 143.068079] ? __lock_is_held+0xb6/0x140 [ 143.068091] ? sel_read_bool+0x240/0x240 22:44:17 executing program 5: r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:17 executing program 5: r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) [ 143.107283] ? kernel_read+0x120/0x120 [ 143.107296] ? __lock_is_held+0xb6/0x140 [ 143.107310] ? check_preemption_disabled+0x3c/0x250 [ 143.115233] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 143.115247] ? rcu_read_lock_sched_held+0x110/0x130 [ 143.115257] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 143.115271] ? __sb_start_write+0x153/0x2f0 [ 143.139774] vfs_write+0x198/0x500 [ 143.143318] SyS_write+0xb8/0x180 [ 143.146778] ? SyS_read+0x180/0x180 [ 143.150405] ? do_syscall_64+0x53/0x630 [ 143.154382] ? SyS_read+0x180/0x180 [ 143.160310] do_syscall_64+0x1eb/0x630 [ 143.164299] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 143.169182] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 143.174353] RIP: 0033:0x458c29 [ 143.177588] RSP: 002b:00007f47c1f7ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 143.185288] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 143.192547] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000003 [ 143.196837] overlayfs: failed to resolve './file1': -2 22:44:17 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:17 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e7578150000000000000008"], 0x19) 22:44:17 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x16, 0x3, &(0x7f000045c000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x4c}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={r0, 0xc0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000002c0)=r1, 0x4) [ 143.199812] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 143.199818] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47c1f7f6d4 [ 143.199824] R13: 00000000004c85a0 R14: 00000000004de9c8 R15: 00000000ffffffff 22:44:17 executing program 3: 22:44:17 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:17 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) [ 143.348674] sel_write_load: 12 callbacks suppressed [ 143.348832] SELinux: failed to load policy 22:44:17 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:17 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e7578150000000000000008"], 0x19) 22:44:17 executing program 3: 22:44:17 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:17 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 22:44:17 executing program 3: 22:44:17 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:17 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, 0x0) 22:44:17 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e7578150000000000000008"], 0x19) [ 143.582486] SELinux: failed to load policy 22:44:17 executing program 3: [ 143.718960] SELinux: failed to load policy 22:44:17 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:17 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, 0x0) 22:44:17 executing program 3: 22:44:17 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:17 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c000000"], 0x25) 22:44:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, 0x0) 22:44:17 executing program 3: 22:44:18 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c000000"], 0x25) 22:44:18 executing program 3: [ 143.875377] SELinux: failed to load policy 22:44:18 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:18 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:18 executing program 3: 22:44:18 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:18 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c000000"], 0x25) [ 143.972334] SELinux: failed to load policy 22:44:18 executing program 0: [ 144.097517] SELinux: failed to load policy 22:44:18 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:18 executing program 3: 22:44:18 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:18 executing program 0: 22:44:18 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:18 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c9"], 0x2b) 22:44:18 executing program 0: 22:44:18 executing program 3: mkdir(&(0x7f0000000400)='./file1\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)) sendto$inet6(r0, &(0x7f0000000200)="b5", 0x1, 0x40c, 0x0, 0x0) 22:44:18 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00'}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:18 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) [ 144.333515] SELinux: failed to load policy 22:44:18 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c9"], 0x2b) 22:44:18 executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000440)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept$inet(r1, 0x0, 0x0) sendto(r2, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0) [ 144.456728] SELinux: failed to load policy 22:44:18 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:18 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00'}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:18 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:18 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000366000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000932000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) sendto$unix(r0, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x17d) 22:44:18 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c9"], 0x2b) 22:44:18 executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000366000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000932000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xa, 0x0, 0x0) 22:44:18 executing program 1: r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:18 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00'}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:18 executing program 3: r0 = socket$inet(0x2, 0x4000000000000002, 0x0) connect$inet(r0, &(0x7f0000000040), 0x10) r1 = dup2(r0, r0) sendto$inet(r1, &(0x7f0000000080), 0x0, 0x8, 0x0, 0x0) 22:44:18 executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000440)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = accept$inet(r1, 0x0, 0x0) sendto(r2, 0x0, 0x0, 0x8, 0x0, 0x0) [ 144.728128] SELinux: failed to load policy 22:44:18 executing program 1: r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:18 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:19 executing program 3: r0 = socket$inet(0x2, 0x4000000000000002, 0x0) connect$inet(r0, &(0x7f0000000040), 0x10) r1 = dup2(r0, r0) sendto$inet(r1, &(0x7f0000000080), 0x0, 0x8, 0x0, 0x0) 22:44:19 executing program 0: r0 = socket$inet6(0x18, 0x3, 0x0) connect$inet6(r0, &(0x7f00000000c0), 0x1c) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 22:44:19 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62d"], 0x2e) 22:44:19 executing program 1: r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:19 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:19 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:19 executing program 3: mkdir(&(0x7f0000001240)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) r2 = dup2(r0, r1) mkdirat(r1, &(0x7f0000000000)='./file0\x00', 0x0) fchownat(r2, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) 22:44:19 executing program 1: openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:19 executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000366000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) connect$unix(r0, &(0x7f0000932000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0xee) 22:44:19 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62d"], 0x2e) [ 145.059561] SELinux: failed to load policy 22:44:19 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {0x16}]}) 22:44:19 executing program 1: openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:19 executing program 0: r0 = socket$inet(0x2, 0x4000000000000002, 0x0) connect$inet(r0, &(0x7f0000000040), 0x10) r1 = dup2(r0, r0) sendto$inet(r1, &(0x7f0000000000)="32e96a75", 0x4, 0x8, 0x0, 0x0) 22:44:19 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62d"], 0x2e) 22:44:19 executing program 3: r0 = socket$inet(0x2, 0x4000000000000002, 0x0) connect$inet(r0, &(0x7f0000000040), 0x10) sendto$inet(r0, 0x0, 0x0, 0x400, 0x0, 0xffffffffffffff8d) 22:44:19 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, 0x0) 22:44:19 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:19 executing program 1: openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:19 executing program 0: mknod$loop(&(0x7f0000000300)='./file1\x00', 0x2000, 0x1) open$dir(&(0x7f0000000140)='./file1\x00', 0x0, 0x0) 22:44:19 executing program 3: ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_destroy(0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000400)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, &(0x7f0000000040)={0x0, 0x103, 0x0, {0x0, 0x0, 0x1}}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) 22:44:19 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, 0x0) 22:44:19 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da298"], 0x30) 22:44:19 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(0xffffffffffffffff) 22:44:19 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:19 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da298"], 0x30) 22:44:19 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, 0x0) 22:44:19 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:19 executing program 4: socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) clone(0x802122001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815000000000000000800000007000000402c0000000000002315c908e62da298"], 0x30) [ 145.695029] overlayfs: failed to resolve './file1': -2 22:44:19 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:19 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(0xffffffffffffffff) 22:44:19 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x0, 0x0}) 22:44:19 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(0xffffffffffffffff) 22:44:19 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:19 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getegid() ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(r0) 22:44:20 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:20 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x0, 0x0}) 22:44:20 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(0xffffffffffffffff) 22:44:20 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:20 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getegid() ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(r0) 22:44:20 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x0, 0x0}) 22:44:20 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:20 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(0xffffffffffffffff) 22:44:20 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:20 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getegid() ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(r0) 22:44:20 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(r0) 22:44:20 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}]}) [ 146.208663] overlayfs: failed to resolve './file1': -2 22:44:20 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:20 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}]}) 22:44:20 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(r0) 22:44:20 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:20 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(0xffffffffffffffff) 22:44:20 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(r0) [ 146.537797] overlayfs: failed to resolve './file1': -2 22:44:20 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:20 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}]}) 22:44:20 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(r0) 22:44:20 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:20 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 22:44:20 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) 22:44:20 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {}]}) 22:44:20 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:20 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(r0) 22:44:21 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(r0) 22:44:21 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) 22:44:21 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:21 executing program 2: r0 = userfaultfd(0x0) openat$full(0xffffffffffffff9c, 0x0, 0x14000, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x200000000) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x22002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000002c0), 0x4) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f0000000600)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf38ae6866b8c250d68fde6dcf0823e239818ffffffffc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af00806ef414"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0xa00, 0x80) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) 22:44:21 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {}]}) 22:44:21 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000240)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="b6832e007e2cec1631ff9f360df58602399cfd2f88f44e216c93a413ff0e8f162f2d5b000078091463193e30a535cdeb52115d11556da7b7", 0x38}], 0x1}, 0x0) 22:44:21 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) 22:44:21 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) 22:44:21 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(r0) 22:44:21 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(r0) 22:44:21 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = socket$kcm(0x11, 0x8400000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, 0x0, 0x0) 22:44:21 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(0xffffffffffffffff) 22:44:21 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x34, 0x0, 0x0, 0x1}, {}]}) 22:44:21 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) 22:44:21 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) r0 = socket(0x1e, 0x1, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280)}}, 0x152610) close(0xffffffffffffffff) [ 147.526630] ================================================================== [ 147.534178] BUG: KASAN: use-after-free in refcount_inc_not_zero+0xd3/0xe0 [ 147.541107] Read of size 4 at addr ffff8880a88dd080 by task kworker/u4:4/2269 [ 147.548372] [ 147.550017] CPU: 0 PID: 2269 Comm: kworker/u4:4 Not tainted 4.14.111 #1 [ 147.556769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 147.566151] Workqueue: tipc_rcv tipc_recv_work [ 147.566165] Call Trace: [ 147.566177] dump_stack+0x138/0x19c [ 147.566188] ? refcount_inc_not_zero+0xd3/0xe0 [ 147.566197] print_address_description.cold+0x7c/0x1dc [ 147.566206] ? refcount_inc_not_zero+0xd3/0xe0 [ 147.573347] kasan_report.cold+0xaf/0x2b5 [ 147.595498] __asan_report_load4_noabort+0x14/0x20 [ 147.600433] refcount_inc_not_zero+0xd3/0xe0 [ 147.604846] refcount_inc+0x16/0x40 [ 147.608467] tipc_subscrb_rcv_cb+0x61d/0xa80 [ 147.608484] tipc_receive_from_sock+0x28a/0x4e0 [ 147.617535] ? trace_hardirqs_on+0x10/0x10 [ 147.617551] ? tipc_send_work+0x5a0/0x5a0 [ 147.625911] ? process_one_work+0x787/0x1610 [ 147.630332] ? __lock_is_held+0xb6/0x140 [ 147.634395] ? check_preemption_disabled+0x3c/0x250 [ 147.639428] tipc_recv_work+0x8b/0xf0 [ 147.643231] process_one_work+0x868/0x1610 [ 147.647476] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 147.652177] worker_thread+0x5d9/0x1050 [ 147.656168] kthread+0x31c/0x430 [ 147.659536] ? process_one_work+0x1610/0x1610 [ 147.664024] ? kthread_create_on_node+0xd0/0xd0 [ 147.668680] ret_from_fork+0x3a/0x50 [ 147.672390] [ 147.673996] Allocated by task 2817: [ 147.677612] save_stack_trace+0x16/0x20 [ 147.681566] save_stack+0x45/0xd0 [ 147.685004] kasan_kmalloc+0xce/0xf0 [ 147.688719] kmem_cache_alloc_trace+0x152/0x790 [ 147.693370] tipc_subscrb_connect_cb+0x46/0x160 [ 147.698032] tipc_accept_from_sock+0x280/0x470 [ 147.702598] tipc_recv_work+0x8b/0xf0 [ 147.706382] process_one_work+0x868/0x1610 [ 147.710595] worker_thread+0x5d9/0x1050 [ 147.714562] kthread+0x31c/0x430 [ 147.717915] ret_from_fork+0x3a/0x50 [ 147.721603] [ 147.723222] Freed by task 2817: [ 147.726573] save_stack_trace+0x16/0x20 [ 147.730527] save_stack+0x45/0xd0 [ 147.733956] kasan_slab_free+0x75/0xc0 [ 147.737826] kfree+0xcc/0x270 [ 147.740927] tipc_subscrb_put+0x27/0x30 [ 147.744878] tipc_subscrb_release_cb+0x20/0x30 [ 147.749439] tipc_close_conn+0x179/0x210 [ 147.753480] tipc_send_work+0x470/0x5a0 [ 147.757431] process_one_work+0x868/0x1610 [ 147.761662] worker_thread+0x5d9/0x1050 [ 147.765701] kthread+0x31c/0x430 [ 147.769049] ret_from_fork+0x3a/0x50 [ 147.772738] [ 147.774347] The buggy address belongs to the object at ffff8880a88dd080 [ 147.774347] which belongs to the cache kmalloc-96 of size 96 [ 147.786810] The buggy address is located 0 bytes inside of [ 147.786810] 96-byte region [ffff8880a88dd080, ffff8880a88dd0e0) [ 147.798405] The buggy address belongs to the page: [ 147.803312] page:ffffea0002a23740 count:1 mapcount:0 mapping:ffff8880a88dd000 index:0x0 [ 147.811435] flags: 0x1fffc0000000100(slab) [ 147.815647] raw: 01fffc0000000100 ffff8880a88dd000 0000000000000000 0000000100000020 [ 147.823519] raw: ffffea0002986560 ffffea000283cf20 ffff8880aa8004c0 0000000000000000 [ 147.831394] page dumped because: kasan: bad access detected [ 147.837094] [ 147.838889] Memory state around the buggy address: [ 147.843811] ffff8880a88dcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 147.851153] ffff8880a88dd000: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 147.858490] >ffff8880a88dd080: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 147.865913] ^ [ 147.869264] ffff8880a88dd100: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 147.876606] ffff8880a88dd180: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 147.883942] ================================================================== [ 147.891277] Disabling lock debugging due to kernel taint [ 147.896761] Kernel panic - not syncing: panic_on_warn set ... [ 147.896761] [ 147.904132] CPU: 0 PID: 2269 Comm: kworker/u4:4 Tainted: G B 4.14.111 #1 [ 147.912085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 147.921440] Workqueue: tipc_rcv tipc_recv_work [ 147.926005] Call Trace: [ 147.928575] dump_stack+0x138/0x19c [ 147.932183] ? refcount_inc_not_zero+0xd3/0xe0 [ 147.936745] panic+0x1f2/0x438 [ 147.939917] ? add_taint.cold+0x16/0x16 [ 147.943870] kasan_end_report+0x47/0x4f [ 147.947822] kasan_report.cold+0x136/0x2b5 [ 147.952037] __asan_report_load4_noabort+0x14/0x20 [ 147.956960] refcount_inc_not_zero+0xd3/0xe0 [ 147.961356] refcount_inc+0x16/0x40 [ 147.964960] tipc_subscrb_rcv_cb+0x61d/0xa80 [ 147.969347] tipc_receive_from_sock+0x28a/0x4e0 [ 147.974009] ? trace_hardirqs_on+0x10/0x10 [ 147.978229] ? tipc_send_work+0x5a0/0x5a0 [ 147.982360] ? process_one_work+0x787/0x1610 [ 147.986754] ? __lock_is_held+0xb6/0x140 [ 147.990795] ? check_preemption_disabled+0x3c/0x250 [ 147.995792] tipc_recv_work+0x8b/0xf0 [ 147.999575] process_one_work+0x868/0x1610 [ 148.003791] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 148.008441] worker_thread+0x5d9/0x1050 [ 148.012403] kthread+0x31c/0x430 [ 148.015751] ? process_one_work+0x1610/0x1610 [ 148.020242] ? kthread_create_on_node+0xd0/0xd0 [ 148.024917] ret_from_fork+0x3a/0x50 [ 148.029905] Kernel Offset: disabled [ 148.033531] Rebooting in 86400 seconds..