last executing test programs: 814.852004ms ago: executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0xb}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0x1c, 0x0, &(0x7f0000000480)="b9ff03076844268cb89e14f088a847", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50) 738.467406ms ago: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="5000000010003b0c00"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000300012800b00010065727370616e00002000028006000f0000000000040012000600f5ffffff0000060011"], 0x50}}, 0x0) 595.790068ms ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x63}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 585.1702ms ago: executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5415, 0x0) 563.918453ms ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 552.732355ms ago: executing program 3: openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r5, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_group_source_req(r5, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_group_source_req(r5, 0x29, 0x2c, &(0x7f00000004c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, 0x108) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x6}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xd00}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x6}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x7, 0x1, 0xb, 0x4, 0x2}, {0x7, 0x0, 0x0, 0x6}, {0x4, 0x0, 0x7}, {0x18, 0x6, 0x2, 0x0, r6}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 552.426035ms ago: executing program 1: openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r2, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) 538.515367ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0xb}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000540)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b4080000000000e2e5fdd9a468944328cba80073114100000000008510000002000200b7000000000000009500c20000"], &(0x7f0000000080)='GPL\x00', 0x0, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70) 512.163271ms ago: executing program 4: sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) mkdir(&(0x7f0000000140)='./file0\x00', 0x34) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') creat(&(0x7f00000003c0)='./bus\x00', 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x14103e, 0x0) r2 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) dup2(r2, 0xffffffffffffffff) sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0, 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x143042, 0x0) mlockall(0x0) ftruncate(r3, 0x2008002) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) r4 = gettid() ftruncate(0xffffffffffffffff, 0x0) prlimit64(r4, 0x4, 0x0, &(0x7f00000001c0)) open(0x0, 0x0, 0x0) process_vm_writev(r4, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x2b, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0) 408.798877ms ago: executing program 1: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000000, &(0x7f00000001c0), 0x2, 0x52a, &(0x7f0000000540)="$eJzs3c1vI2cZAPBnnDjZ7AYSoIeC1A/RomwFtZOGthGHtkiIWyVQuS9R4kRRnDiKnbKJKpQVZ4SEEFTceuKCxB+AhHrjipAqwYUTAgSqYAuHHoBBY082OB1vbDa2Ufz7SW/mnS8/z+t4xvPxJhPAxHo6Il6LiKmIeC4iFvLppbzEaadky31w/62NrCSRpm/8NYkkn5YtluQlcytf7UZnUKh5fLK7Xq/XDvPxamvvoNo8Pnl+Z299u7Zd219dXXlp7eW1F9eWC9aeHridWbte+cqffvi9n3z1lV984Vu/v/OX29/O8p3P55+146p13pNy9l48kGV/OIxgYzCVt6c87kQAAOhLdoz/yYj4bPv4fyGmBji2ToaaGQAAAHBV0lfn459JRAoAAABcW6V2H9ikVMn7AsxHqVSpdPrwPhY3S/VGs/X5rcbR/manr+xilEtbO/Xa8kynT+1ilJNsfKVdPx9/4cF40tUH+AcLc+35lY1GfXN8lz0AAABgoty6cP7/j4XO+f9D3BtZcgAAAMDVWRx3AgAAAMDQffT8/52x5AEAAAAMj/v/AAAAcK197fXXs5KePf96883jo93Gm7+MWnO3sne0UdloHB5UthuN7Xo6G7F32evVG42DL8b+0d1qq9ZsVZvHJ3f2Gkf7rTs7XY/ABgAAAEboE0+9+9skIk6/NNcumZnsx1SPFTp9BUqjyxAYloE25D8OLw9g9Hp9zX/U9FDzAEbPVg2Tq9wZJOPOAxify3YAPTvv/OrqcwEAAIZj6dPF9/+nz68NANeUjjwwufq//w9cN+7/w+QqOwKAiTbXxzIX7v+fdxfo+/5/mnaGM/4RCAAAjMl8uySlSn4vcD5KH6YdsRjlZGunXluOiI9HxG8WyrPZ+Ep7zcQfDQAAAAAAAAAAAAAAAAAAAAAAAABAn9I0iRQAAAC41iJKf07yB3otLTw7f/H6wEzy4UJ72H46wBs/urveah2uZNP/lk+PaL2dT39hkCsPnjwOAAAAw9I+T/9uPlwZdzYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXDcf3H9r46yMMu77X46IxaL403GjPbwR5Yi4+fckps9WeioiiYipK4h/ei8iHi+Kn2RpxWKeRVf8iChFxFw7i6HHfyJN08L4tx45Oky2d7P9z2tF218pnm4Pi7f/6bw8qt77v9KD/d9UQfxsz/OxPmN85r2fVYvnzHbmTxfvf87iJz3iP1P0kgVvyje/cXLSK7f0nYilwu+fpCtWtbV3UG0enzy/s7e+Xduu7a+urry09vLai2vL1a2dei3/WRjj+0/8/N+94r9/L+Jmj/iL3e1fv9j+Z7NKudcrn/vXe3fvf6pTLV94iXb8288U//4f747f9dZmn4nP5d8D2fyls/ppp/7fnvzpr598WPs3e7T/st//7cub3vbc17/zhz4XBQBGoHl8srter9cOB6/MDbbW22ma/s+xBqxkR0c9Zv3ux52GjyKN/iqP9Ur1/7ny6iALp7OP/GFT6a6Uen/Cr6gy1t0SAAAwBOcH/ePOBAAAAAAAAAAAAAAAAAAAACbXKP5j2cWYp+NpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAQ/0nAAD//+Eg1f4=") mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0/file0\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = open(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) syz_usb_connect(0x0, 0x45, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100001c2097088680030b28f4010203010902"], 0x0) getdents(r0, &(0x7f0000000180)=""/98, 0xba) 72.69533ms ago: executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_pressure(r3, &(0x7f0000000240)='io.pressure\x00', 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r5, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f00000015c0)="a6", 0x1, 0x0, 0x0, 0x0) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000640)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x6, [@volatile={0x0, 0x0, 0x0, 0x9, 0x2}, @fwd={0x4}, @restrict={0x0, 0x0, 0x0, 0xb, 0x1}]}, {0x0, [0x0, 0x0, 0x0, 0x5f]}}, &(0x7f0000000540)=""/246, 0x42, 0xf6, 0x1}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000b00)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, r6, 0x3, 0x1}, 0x48) write$cgroup_pressure(r4, &(0x7f0000000000)={'some', 0x20, 0x0, 0x20, 0x10000}, 0x2f) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) dup3(r5, r7, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) 0s ago: executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x6}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r3}, 0x10) write$cgroup_pid(r1, &(0x7f0000000980), 0x12) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.68' (ED25519) to the list of known hosts. 2024/06/16 05:05:31 fuzzer started 2024/06/16 05:05:32 dialing manager at 10.128.0.163:30000 [ 22.723459][ T23] audit: type=1400 audit(1718514332.080:66): avc: denied { node_bind } for pid=345 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 22.743889][ T23] audit: type=1400 audit(1718514332.080:67): avc: denied { name_bind } for pid=345 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 22.797493][ T23] audit: type=1400 audit(1718514332.150:68): avc: denied { mounton } for pid=353 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.799527][ T353] cgroup1: Unknown subsys name 'net' [ 22.828921][ T353] cgroup1: Unknown subsys name 'net_prio' [ 22.837907][ T23] audit: type=1400 audit(1718514332.150:69): avc: denied { mount } for pid=353 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.845706][ T353] cgroup1: Unknown subsys name 'devices' [ 22.874470][ T23] audit: type=1400 audit(1718514332.190:70): avc: denied { mounton } for pid=356 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.899200][ T23] audit: type=1400 audit(1718514332.190:71): avc: denied { mount } for pid=356 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.908044][ T360] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.922406][ T23] audit: type=1400 audit(1718514332.230:72): avc: denied { unmount } for pid=353 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.951277][ T23] audit: type=1400 audit(1718514332.230:73): avc: denied { setattr } for pid=359 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9261 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.974318][ T23] audit: type=1400 audit(1718514332.290:74): avc: denied { relabelto } for pid=360 comm="mkswap" name="swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.999529][ T355] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.008052][ T23] audit: type=1400 audit(1718514332.290:75): avc: denied { write } for pid=360 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.043446][ T353] cgroup1: Unknown subsys name 'hugetlb' [ 23.049403][ T353] cgroup1: Unknown subsys name 'rlimit' 2024/06/16 05:05:32 starting 5 executor processes [ 23.685433][ T370] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.692298][ T370] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.699714][ T370] device bridge_slave_0 entered promiscuous mode [ 23.709255][ T370] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.716130][ T370] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.723556][ T370] device bridge_slave_1 entered promiscuous mode [ 23.797312][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.804496][ T372] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.811971][ T372] device bridge_slave_0 entered promiscuous mode [ 23.832244][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.839081][ T372] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.846624][ T372] device bridge_slave_1 entered promiscuous mode [ 23.899689][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.906649][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.914072][ T374] device bridge_slave_0 entered promiscuous mode [ 23.924512][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.931364][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.938771][ T374] device bridge_slave_1 entered promiscuous mode [ 23.945915][ T373] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.952775][ T373] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.960126][ T373] device bridge_slave_0 entered promiscuous mode [ 23.972989][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.979821][ T373] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.987327][ T373] device bridge_slave_1 entered promiscuous mode [ 24.053859][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.060817][ T375] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.068009][ T375] device bridge_slave_0 entered promiscuous mode [ 24.075086][ T375] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.082124][ T375] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.089513][ T375] device bridge_slave_1 entered promiscuous mode [ 24.236385][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.243247][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.250506][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.257325][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.269371][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.276236][ T374] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.283356][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.290090][ T374] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.310123][ T370] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.316983][ T370] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.324107][ T370] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.330893][ T370] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.376947][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.383807][ T373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.390930][ T373] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.397855][ T373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.434428][ T375] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.441291][ T375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.448417][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.455183][ T375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.481022][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.488006][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.495719][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.503592][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.510835][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.517831][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.525269][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.532282][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.539401][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.546572][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.554227][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.561757][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.593369][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.601655][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.609452][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.618206][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.625057][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.632906][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.640249][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.648281][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.655140][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.675084][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.683514][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.691800][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.698618][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.706253][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.714445][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.722538][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.729354][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.751031][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.759272][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.767942][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.774887][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.782033][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.790121][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.798184][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.805016][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.812357][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.820529][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.828467][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.835480][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.842810][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.850740][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.858470][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.866427][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.874167][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.881589][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.904376][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.912852][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.921326][ T394] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.928142][ T394] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.936196][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.944409][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.952276][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.960138][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.967976][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.975854][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.988903][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.997456][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.005972][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.012817][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.020335][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.028755][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.037789][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.044638][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.062039][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.070001][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.090907][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.099104][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.106938][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.133746][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.143122][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.151590][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.159433][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.167734][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.175671][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.195062][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.203892][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.220600][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.243613][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.252767][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.261535][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.269660][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.278250][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.286528][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.294395][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.302294][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.309949][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.342925][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.351595][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.359258][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.367884][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.376337][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.384792][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.393940][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.402630][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.411277][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.440978][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.449012][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.457376][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.466878][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.475627][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.483938][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.492139][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.500458][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.508390][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.533967][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.543463][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.571141][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.572033][ T398] [ 25.579477][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.581316][ T398] ********************************************************** [ 25.581319][ T398] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 25.581322][ T398] ** ** [ 25.581326][ T398] ** trace_printk() being used. Allocating extra memory. ** [ 25.581329][ T398] ** ** [ 25.581332][ T398] ** This means that this is a DEBUG kernel and it is ** [ 25.581335][ T398] ** unsafe for production use. ** [ 25.581338][ T398] ** ** [ 25.581342][ T398] ** If you see this message and you are not debugging ** [ 25.581345][ T398] ** the kernel, report this immediately to your vendor! ** [ 25.581348][ T398] ** ** [ 25.581351][ T398] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 25.581354][ T398] ********************************************************** [ 25.684801][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.693066][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.701117][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.709230][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.717533][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.725787][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.734136][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.868969][ T408] EXT4-fs (loop0): Ignoring removed orlov option [ 25.888634][ T408] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 25.964145][ T408] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 26.139416][ T428] EXT4-fs error (device loop1): ext4_ext_check_inode:540: inode #15: comm syz-executor.1: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 26.242379][ T408] EXT4-fs error (device loop0): get_max_inline_xattr_value_size:68: inode #12: comm syz-executor.0: corrupt xattr in inline inode [ 26.259564][ T428] EXT4-fs error (device loop1): ext4_orphan_get:1240: comm syz-executor.1: couldn't read orphan inode 15 (err -117) [ 26.281099][ T428] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 26.311071][ T408] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2221: inode #12: comm syz-executor.0: corrupted in-inode xattr [ 26.322705][ T428] ext4 filesystem being mounted at /root/syzkaller-testdir1123191696/syzkaller.ewJokT/1/file0 supports timestamps until 2038 (0x7fffffff) [ 26.356406][ T373] ================================================================== [ 26.364325][ T373] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xc1f/0xc30 [ 26.372109][ T373] Read of size 4 at addr ffff8881d42ba000 by task syz-executor.0/373 [ 26.380001][ T373] [ 26.382186][ T373] CPU: 0 PID: 373 Comm: syz-executor.0 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 26.392068][ T373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 26.401963][ T373] Call Trace: [ 26.405109][ T373] dump_stack+0x1d8/0x241 [ 26.409265][ T373] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 26.414901][ T373] ? printk+0xd1/0x111 [ 26.418806][ T373] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 26.424281][ T373] print_address_description+0x8c/0x600 [ 26.429660][ T373] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 26.435125][ T373] __kasan_report+0xf3/0x120 [ 26.439556][ T373] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 26.445039][ T373] kasan_report+0x30/0x60 [ 26.449190][ T373] ext4_xattr_delete_inode+0xc1f/0xc30 [ 26.454489][ T373] ? check_preemption_disabled+0x9f/0x320 [ 26.457268][ T428] overlayfs: upper fs needs to support d_type. [ 26.460040][ T373] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 26.460059][ T373] ? __ext4_journal_start_sb+0x295/0x460 [ 26.475304][ T408] syz-executor.0 (408) used greatest stack depth: 21688 bytes left [ 26.477395][ T373] ext4_evict_inode+0x1378/0x1ac0 [ 26.477419][ T373] ? ext4_truncate_restart_trans+0xe0/0xe0 [ 26.495619][ T373] ? wb_io_lists_depopulated+0x85/0x170 [ 26.500996][ T373] ? ext4_truncate_restart_trans+0xe0/0xe0 [ 26.506633][ T373] evict+0x29b/0x6a0 [ 26.510370][ T373] vfs_rmdir+0x24b/0x3c0 [ 26.514448][ T373] do_rmdir+0x2c1/0x580 [ 26.518464][ T373] ? d_delete_notify+0xc0/0xc0 [ 26.523138][ T373] ? _raw_spin_unlock_irq+0x4a/0x60 [ 26.528256][ T373] do_syscall_64+0xca/0x1c0 [ 26.532587][ T373] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 26.538331][ T373] RIP: 0033:0x7f506235a687 [ 26.543010][ T373] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 26.562442][ T373] RSP: 002b:00007ffee1e11078 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 26.570686][ T373] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f506235a687 [ 26.578492][ T373] RDX: 0000000000000200 RSI: 00007ffee1e12220 RDI: 00000000ffffff9c [ 26.586305][ T373] RBP: 00007f50623b7636 R08: 0000000000000000 R09: 0000000000000000 [ 26.594212][ T373] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffee1e12220 [ 26.602017][ T373] R13: 00007f50623b7636 R14: 00000000000064ab R15: 0000000000000008 [ 26.609826][ T373] [ 26.611991][ T373] Allocated by task 1: [ 26.615914][ T373] __kasan_kmalloc+0x171/0x210 [ 26.620511][ T373] kmem_cache_alloc+0xd9/0x250 [ 26.625103][ T373] prepare_creds+0x2c/0x580 [ 26.629442][ T373] do_faccessat+0xa7/0x6f0 [ 26.633696][ T373] do_syscall_64+0xca/0x1c0 [ 26.638038][ T373] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 26.643762][ T373] [ 26.645936][ T373] Freed by task 1: [ 26.649503][ T373] __kasan_slab_free+0x1b5/0x270 [ 26.654277][ T373] kmem_cache_free+0x10b/0x2c0 [ 26.658873][ T373] do_faccessat+0x52f/0x6f0 [ 26.663208][ T373] do_syscall_64+0xca/0x1c0 [ 26.667559][ T373] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 26.673267][ T373] [ 26.675444][ T373] The buggy address belongs to the object at ffff8881d42ba000 [ 26.675444][ T373] which belongs to the cache cred_jar of size 168 [ 26.689199][ T373] The buggy address is located 0 bytes inside of [ 26.689199][ T373] 168-byte region [ffff8881d42ba000, ffff8881d42ba0a8) [ 26.702129][ T373] The buggy address belongs to the page: [ 26.707617][ T373] page:ffffea000750ae80 refcount:1 mapcount:0 mapping:ffff8881f5cf9400 index:0x0 [ 26.716540][ T373] flags: 0x8000000000000200(slab) [ 26.721409][ T373] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f5cf9400 [ 26.729820][ T373] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 26.738235][ T373] page dumped because: kasan: bad access detected [ 26.740523][ T124] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 26.744496][ T373] page_owner tracks the page as allocated [ 26.744507][ T373] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY) [ 26.744531][ T373] prep_new_page+0x18f/0x370 [ 26.773485][ T373] get_page_from_freelist+0x2d13/0x2d90 [ 26.778863][ T373] __alloc_pages_nodemask+0x393/0x840 [ 26.784080][ T373] alloc_slab_page+0x39/0x3c0 [ 26.788578][ T373] new_slab+0x97/0x440 [ 26.792504][ T373] ___slab_alloc+0x2fe/0x490 [ 26.796912][ T373] __slab_alloc+0x62/0xa0 [ 26.801082][ T373] kmem_cache_alloc+0x109/0x250 [ 26.805761][ T373] prepare_creds+0x2c/0x580 [ 26.810120][ T373] selinux_setprocattr+0x2e5/0xc20 [ 26.815048][ T373] proc_pid_attr_write+0x2a6/0x2f0 [ 26.819994][ T373] __vfs_write+0x103/0x750 [ 26.824248][ T373] vfs_write+0x206/0x4e0 [ 26.828327][ T373] ksys_write+0x199/0x2c0 [ 26.832493][ T373] do_syscall_64+0xca/0x1c0 [ 26.836833][ T373] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 26.842564][ T373] page last free stack trace: [ 26.847097][ T373] __free_pages_ok+0x847/0x950 [ 26.851685][ T373] free_pages+0xf6/0x1b0 [ 26.855754][ T373] stack_depot_save+0x42b/0x480 [ 26.860442][ T373] __kasan_kmalloc+0x1d9/0x210 [ 26.865041][ T373] kmem_cache_alloc+0xd9/0x250 [ 26.869639][ T373] __kernfs_new_node+0xdb/0x6e0 [ 26.874327][ T373] kernfs_new_node+0x130/0x230 [ 26.878931][ T373] __kernfs_create_file+0x45/0x260 [ 26.883874][ T373] sysfs_add_file_mode_ns+0x292/0x340 [ 26.889085][ T373] internal_create_group+0x573/0xf00 [ 26.894203][ T373] loop_configure+0xbfa/0x1270 [ 26.898801][ T373] lo_ioctl+0x7d6/0x22e0 [ 26.902878][ T373] blkdev_ioctl+0x8f6/0x2cf0 [ 26.907321][ T373] block_ioctl+0xaa/0xe0 [ 26.911386][ T373] do_vfs_ioctl+0x742/0x1720 [ 26.915814][ T373] __x64_sys_ioctl+0xd4/0x110 [ 26.920326][ T373] [ 26.922491][ T373] Memory state around the buggy address: [ 26.927965][ T373] ffff8881d42b9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.935865][ T373] ffff8881d42b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.940299][ T363] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 26.943768][ T373] >ffff8881d42ba000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.958946][ T373] ^ [ 26.962863][ T373] ffff8881d42ba080: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 26.970754][ T373] ffff8881d42ba100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.978758][ T373] ================================================================== [ 26.986653][ T373] Disabling lock debugging due to kernel taint [ 27.009672][ T124] usb 2-1: Using ep0 maxpacket: 8 2024/06/16 05:05:36 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF