last executing test programs: 1.475647022s ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000380)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x2, {0x2, 0x8}}, 0x0, 0x0, &(0x7f00000002c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x0, 0x0, 0x0, "c116b277", "56ac5913"}}, 0x0}, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.368638518s ago: executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000040)="2600000022004701050007108980e8ff06006d20002b1f00c0e90101c7bb0000b00000000000", 0x26) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000d9bffc), 0x4) sendto(r0, &(0x7f00000005c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000100)=""/98, 0x62}, {&(0x7f00000004c0)=""/203, 0xcb}, {&(0x7f0000001a40)=""/4093, 0xffd}, {&(0x7f0000000240)=""/185, 0xb9}, {&(0x7f0000001080)=""/189, 0xbd}, {&(0x7f0000000000)=""/26, 0x1a}, {&(0x7f0000000740)=""/45, 0x2d}], 0x7}}], 0x1, 0x0, 0x0) 1.312955417s ago: executing program 3: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x38}}, 0x0) r0 = socket$inet6(0xa, 0x3, 0xff) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x207}, 0x1c) r1 = dup2(r0, r0) sendmmsg$unix(r1, &(0x7f0000004d00)=[{{&(0x7f0000000000)=@abs, 0x6e, 0x0}}], 0x1, 0x0) 1.305204828s ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f00000003c0)={[{@errors_remount}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7}}, {@noquota}, {@resuid}, {@bh}, {@nobh}, {@data_err_abort}, {@delalloc}, {@resgid}]}, 0x10, 0x4d0, &(0x7f0000000ec0)="$eJzs3c9rHG0dAPDvTLJvf+U1qXqoBdtiK2nR7iaNbYOHWkHsqaDWe43JJoRssiG7aZtQJMW7gogKnjx5EfwPpH+CCAW9SxVFtNWDB3VlZ2f7I+42kW53+iafD0zneZ7Z3e/3adiZeWYedgI4tM5FxM2IGImISxExnren+XKrXdnpvO75s4fz7SWJVuvOX5NI8rbuZyX5+kTnLXE0Ir5xK+Lbyf/GbWxtr8zVatWNvF5prq5XGlvbl5dX55aqS9W1mZnpa7PXZ6/OTg2knxMRceMrf/zR93/+1Ru/+vz939/988XvtNMay7e/2o9B6nS9lP1fdI1GxMa7CFaAkXxd6rP9eyNDTAYAgD21z/E/HhGfyc7/x2MkOzsFAAAADpLWl8biX0lECwAAADiw0mwObJKW87kAY5Gm5XJnDu8n43haqzean1usb64tdObKTkQpXVyuVafyucITUUra9el8jm23fmVXfSYiTkbED8ePZfXyfL22UPTFDwAAADgkTuwa//9jPBv/Hyk6LwAAAGDAJopOAAAAAHjnjP8BAADg4DP+BwAAgAPta7dvt5dW9/nXC/e2Nlfq9y4vVBsr5dXN+fJ8fWO9vFSvL2W/2be61+fV6vX1L8Ta5oNKs9poVhpb23dX65trzbvLrz0CGwAAABiik2cf/y6JiJ0vHsuWtg+KTgoYimSP7dlDQp7mlT8MISFgaEaKTgAozGjRCQCFKRWdAFC4va4D9J288+vB5wIAALwbk5/qf//ftQE42NKiEwAAhs79fzi8Sq/PALxaXCZAUT62x/a3v//fav1fCQEAAAM3li1JWs7vBY5FmpbLER9mjwUoJYvLtepUPj747XjpSLs+nb0z2XPOMAAAAAAAAAAAAAAAAAAAAAAAAADQ0Wol0QIAAAAOtIj0T0n2a/4Rk+MXxnZfH/gg+ed4to6I+z+98+MHc83mxnS7/W8v2ps/yduvdFsAAACAInXH6d1xPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM0vNnD+e7yzDj/uXLETHRM/7Zo9nqaJQi4vjfkxh95X1JRIwMIP7Oo4g41St+0k4rJqKTRa/4xwqMn0bEiQHEh8PscXv/c7PX9y+Nc9m69/dvNF/eVv/9Xxrd/d9In/3Ph/uMcfrJLyt94z+KOD3ae//TjZ/0iX9+n/G/9c3t7X7bWj+LmOx5/Elei1Vprq5XGlvbl5dX55aqS9W1mZnpa7PXZ6/OTlUWl2vV/N+eMX7w6fjPm/p/vE/8iT36f2Gf/f/3kwfPPtEplnrFv3i+9/H3VJ/4aX7s+2xebm+f7JZ3OuVXnfnFb868qf8Lffr/4u/f40Dbjnlxn/2/9PXvPt3nSwGAIWhsba/M1WrVjY9iIY33Ig2FgRSOvGxJ34d8Dnmh6D0TAAAwaC9P+ovOBAAAAAAAAAAAAAAAAAAAAA6vYfyc2O6YO8V0FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgjf4bAAD//xAA2Eo=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='blkio.throttle.io_service_bytes_recursive\x00', 0x26e1, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f00000002c0)='./bus\x00', 0x14113e, 0x0) write$binfmt_script(r1, &(0x7f0000000080), 0x208e24b) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000000480)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) fchown(r2, 0x0, r4) ioctl$FS_IOC_SETFLAGS(r0, 0x6611, 0x0) 813.329804ms ago: executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x7fff) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x43}}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@ccm_128={{0x304}, "c4d7826fade200", "75e29881592b9fd38bcad042e286f2cd", ')\x00\x000', "578619a280c847dd"}, 0x28) sendfile(r0, r1, &(0x7f0000000100), 0x10001) 809.543655ms ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800004e9d00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$nl_route(0x10, 0x3, 0x0) connect$netlink(r0, &(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000140)=0x7, 0x4) bind$tipc(0xffffffffffffffff, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x10) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001440)=@newtaction={0x850, 0x31, 0x1, 0x0, 0x0, {}, [{0x83c, 0x1, [@m_police={0x838, 0x0, 0x0, 0x0, {{0xb}, {0x80c, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x481, 0x9, 0x80000001, 0x270, 0x1, 0x5, 0x8, 0xfffffcef, 0x40, 0x0, 0x0, 0x7, 0xe, 0x1, 0x3f, 0x0, 0x1ff, 0x14, 0xc3, 0x4f4d, 0x80, 0x81, 0x1ca000, 0xffffffff, 0x8001, 0x5, 0x4, 0x7fff, 0x8, 0x2, 0x2, 0x81, 0x4, 0x7, 0x7fff, 0x7f, 0x7fff, 0x4, 0x1, 0x80000000, 0x1b2, 0x0, 0xffffffff, 0x6, 0x7fff, 0x20, 0x6, 0x6d, 0xffffffff, 0x0, 0xcb4d, 0x7, 0x4, 0x6, 0x2, 0x0, 0x4, 0x0, 0xfffffff8, 0x12000000, 0xab, 0x6, 0x8000, 0x3, 0x6fb, 0x8, 0x5c0000, 0x5, 0x6, 0xc9, 0x5, 0x5, 0xffff, 0x8000, 0x5, 0x5196, 0x6, 0x5, 0x20, 0x7, 0x9, 0x2, 0x760e, 0x1f, 0x6, 0x3, 0x4, 0x7, 0x0, 0x4, 0x0, 0x52caa97d, 0x8, 0x3, 0x400, 0x1, 0x6, 0x6, 0x4, 0x1000, 0xc04, 0x4, 0x0, 0x32, 0x3, 0xfff, 0x8, 0x3, 0x8, 0x6, 0x1f, 0x8001, 0x1491, 0x0, 0x8, 0xffffffdc, 0x7ff, 0x400, 0x8, 0x8, 0x3, 0x8, 0x3, 0x1, 0x7, 0x2, 0x3, 0x5bf, 0x9, 0x3, 0x4440, 0x4, 0x7ff, 0x0, 0x9, 0x906, 0x7f, 0xff, 0x5, 0x6, 0x1, 0x88a1, 0x7, 0xa6b, 0x5744, 0x0, 0x10000, 0x4, 0x10000, 0x4, 0xd2a3, 0x4, 0xfffffff7, 0x7ff, 0xfffffeff, 0x4, 0x8, 0xa99, 0xffffffff, 0x8, 0x9f, 0x1, 0x23, 0x10001, 0x9, 0x5, 0x1, 0x0, 0x24b4, 0x8, 0x8, 0x1, 0x2, 0xffffffff, 0x2f1, 0x4, 0x6, 0x9, 0x4, 0xfffffffb, 0x9, 0xfffffff9, 0x8001, 0x0, 0xffff, 0x1000, 0x4, 0x6000, 0x6c9, 0x8, 0x10001, 0x200, 0xbf8, 0x2000, 0x9ce9, 0x68, 0xc73, 0x5, 0x0, 0x400, 0x1000, 0x5, 0x8, 0xff, 0x9, 0x7, 0x5, 0xc3abf343, 0x8, 0xfffffffc, 0x6, 0x7fff, 0x4, 0x5, 0xc62, 0x81, 0x36, 0x6, 0xffffff80, 0x1, 0x10001, 0x10000, 0x10000, 0x0, 0x8, 0x77, 0x48, 0x3ff, 0x2fca, 0x3, 0x7, 0x3, 0x89, 0x1, 0x0, 0x0, 0x40, 0xfffffffc, 0x35, 0x0, 0x40, 0x5, 0x7, 0x6, 0x80, 0x200, 0x2, 0x7, 0x8000, 0x6, 0xfffffffe, 0x3, 0x7, 0x1, 0x9, 0xfffffff9]}, @TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x449, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x850}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000020000f0000f901000000000002"], 0x1c}}, 0x0) 746.199795ms ago: executing program 4: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x141b01, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0) 715.853169ms ago: executing program 3: setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000080), 0x4) r0 = epoll_create1(0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002040)='/proc/stat\x00', 0x0, 0x0) epoll_pwait(r0, &(0x7f0000000000)=[{}], 0x1, 0xe591, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000004500)={0xc000200c}) 655.312359ms ago: executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'tunl0\x00', &(0x7f0000000140)=@ethtool_cmd={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45}}) 630.675842ms ago: executing program 3: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x12, 0x9c023d2d7e91de25, 0x0, 0x0, {}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x1, '\tESN'}]}, 0x54}}, 0x0) 620.045544ms ago: executing program 4: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r4 = dup(r3) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}}) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000d00)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@fscache}]}}) chdir(&(0x7f0000000000)='./file0\x00') mount$incfs(0x0, &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0) fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) setuid(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x1c, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0) 548.794025ms ago: executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000040)="2600000022004701050007108980e8ff06006d20002b1f00c0e90101c7bb0000b00000000000", 0x26) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000d9bffc), 0x4) sendto(r0, &(0x7f00000005c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000100)=""/98, 0x62}, {&(0x7f00000004c0)=""/203, 0xcb}, {&(0x7f0000001a40)=""/4093, 0xffd}, {&(0x7f0000000240)=""/185, 0xb9}, {&(0x7f0000001080)=""/189, 0xbd}, {&(0x7f0000000000)=""/26, 0x1a}, {&(0x7f0000000740)=""/45, 0x2d}], 0x7}}], 0x1, 0x0, 0x0) 528.953518ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x3, 0x48}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r1, 0x800) unshare(0x22020400) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r3 = inotify_init() inotify_add_watch(r3, &(0x7f00000000c0)='./bus\x00', 0x1) pread64(r2, &(0x7f0000000100)=""/216, 0xd8, 0x0) execve(&(0x7f0000000200)='./bus\x00', &(0x7f00000002c0)=[&(0x7f0000000240)='syzkaller\x00', &(0x7f0000000280)='\x00'], &(0x7f00000003c0)=[0x0]) 452.98836ms ago: executing program 0: r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x16d43e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) ftruncate(r1, 0x7fff) fcntl$setstatus(r0, 0x4, 0x6800) io_setup(0x7f, &(0x7f0000000100)=0x0) io_submit(r2, 0x2, &(0x7f0000000440)=[&(0x7f0000001540)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000001c0)="bc", 0x1}, &(0x7f0000000080)={0x0, 0x0, 0x2, 0x5, 0x0, r0, 0x0, 0x0, 0x8000}]) 452.48791ms ago: executing program 2: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="020000000000000080000040"]) 381.547391ms ago: executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r0, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) 372.407743ms ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 340.381497ms ago: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x7fff) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x43}}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@ccm_128={{0x304}, "c4d7826fade200", "75e29881592b9fd38bcad042e286f2cd", ')\x00\x000', "578619a280c847dd"}, 0x28) sendfile(r0, r1, &(0x7f0000000100), 0x10001) 327.128109ms ago: executing program 2: unshare(0x400) pipe(&(0x7f0000000bc0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x8, 0x80000000) 281.965156ms ago: executing program 2: syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x2000000, &(0x7f0000000180), 0x1, 0x520, &(0x7f0000000900)="$eJzs3d1rLGcZAPBnNtmer+iu2otaaHuwlZyiZzdpbBu8aCuIdwWl3h9Dsgkhm2zIbupJKJqD9woi2tteeSMI3grS/0BRCnovKkrRUwV7oY7M7OTkZLub5JD9oMnvB2/mnZmdeZ53kn3n85wJ4NK6GRGvRcRURDwfEZVieqkocdAt2ec+uP/WclaSSNM3/p5EUkzLPpYUJXOjWOxqd5D7d3o8bntvf2Op2WzsFOP1zuZ2vb23f3t9c2mtsdbYWliYf2nx5cUXF+eG0s6sXa989S8//sFPv/bKr7747T/e+dut72T5zhTzD9sxbN1tUs62xQPTEbEzimATMFW0pzzpRAAAOJPsGP/TEfG5/Pi/ElP50dzZJCPNDAAAABiW9NWZ+E8SkQIAAAAXVil/BjYp1YpnAWaiVKrVus/wPh7XS81Wu/OF1dbu1kr3WdlqlEur683GXPFMbTXKSTY+n9ePxl94MJ4cPHy94UeVa/n82nKruTK5yx4AAABwqdzoOf//V6V7/n+Ce2NLDgAAABie6lE1rUwyEQAAAGBkqh+Z8s5E8gAAAABG56Pn/wAAAMAF8vXXX89Kmr//uhqx8ube7kbrzdsrjfZGbXN3ubbc2tmurbVaa830SsTmaetrtlrbX4qt3bv1TqPdqbf39u9stna3OnfWj70CGwAAABijTz3z7h+SiDj48rW8ZB7LfkwNWMCzAnBhlB7lw38eXR7A+A3azQMX3/SkEwAmptwdJJPOA5ic0zqAgQ/v/Gb4uQAAAKMx+9n+9/+nj64NABfUI93/By4U9//h8nL/Hy6vsiMAuPRGf/8/TU9dFwAAMFIzeUlKteJe4EyUPky7ohrlZHW92ZiLiE9GxO8r5SvZ+Hy+ZOIfDQAAAAAAAAAAAAAAAAAAAAAAAADAGaVpEikAAABwoUWU/poU7/+arTw303t94LHkw0o+zN8O8MZP7i51Ojvz2fR/FNMjOm8X0194lCsP3jwOAAAAo3J4nn54Hg8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw/TB/beWD8vxOaWRxn3/KxFR7Rd/Oq7mw6tRjojr/0xi+nChZyKSiJgaQvyDexHxRL/4SZZWVIssjsUvtsq1PIuRx38qTdPv9ot/49zR4XJ7N+t/Xuv3/SvFzXzY//s/XZTzGtz/lR70f1N94mc9zyfOsP4rEfHkez+vD54b8eR0//7nMH4yIP6z/VbZZ6N865v7+4PyS9+JmD3a/3z/eISjWr2zuV1v7+3fXt9cWmusNbYWFuZfWnx58cXFufrqerNR/Owb44dP/fJ/g+K/fy/iet/9X7f/faj9S73tfy6rlAet+ch/37t7/zN5rZL2rCKPf+vZ/r//J47HP7Zps7+Jzxf7gWz+7GH9oFt/2NM/++3TJ7V/ZUD7T/v93+pZ16D98fPf+N6fTtxAAMBYtff2N5aazcbOyCtvp2k6plj5gci42nXuyuMfn1Tbe7/4Xbfyau+smye0Ir0y7j82lXNXenuKX4+/cwIAAIbq6KB/0pkAAAAAAAAAAAAAAAAAAADA5TWO/06sN+bBZJoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCi/wcAAP//rgHbtw==") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f00000001c0)='./bus\x00', 0x0) mkdirat(r0, &(0x7f0000000040)='./file1\x00', 0x0) symlinkat(&(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') mount$overlay(0x0, &(0x7f00000022c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r1, 0x0, 0x0) 263.041689ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='percpu_free_percpu\x00', r1}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f0, 0x0, 0x168, 0x10, 0x0, 0xb, 0x220, 0x250, 0x250, 0x220, 0x250, 0x3, 0x0, {[{{@uncond, 0x6000000, 0x108, 0x128, 0x0, {0x0, 0x28e}, [@common=@unspec=@quota={{0x38}}, @inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x0, 0x5}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350) 203.362638ms ago: executing program 0: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000140)={{0xffffffffffffffff}}) 106.421733ms ago: executing program 0: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r4 = dup(r3) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}}) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000d00)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@fscache}]}}) chdir(&(0x7f0000000000)='./file0\x00') mount$incfs(0x0, &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0) fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) setuid(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x1c, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0) 34.465764ms ago: executing program 0: r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x1c3a23, 0x0) userfaultfd(0x80001) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) syz_open_pts(r1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x40, &(0x7f0000000600), 0x0, &(0x7f0000000680)={0xff}, 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x5452, &(0x7f0000001440)=""/4103) 0s ago: executing program 2: socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vxcan1\x00'}) ioperm(0x0, 0x208, 0x7) mprotect(&(0x7f0000091000/0xc00000)=nil, 0xffffffffdff6efff, 0x0) open$dir(&(0x7f0000000440)='./file0\x00', 0x60060, 0x70) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x4008, 0x3, 0x1d8, 0x110, 0x32, 0x148, 0x110, 0x148, 0x1f0, 0x240, 0x240, 0x1f0, 0x240, 0x7fffffe, 0x0, {[{{@ip={@empty, @loopback, 0x0, 0x0, 'ip6gretap0\x00', 'tunl0\x00'}, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "c0122d14aa4adbb2f185677879ad9ea60815c4a6f77b178f14a2f7054a9b"}}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x238) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r3 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x8, 0x3, 0x2c0, 0xd8, 0xffffffff, 0xffffffff, 0xd8, 0xffffffff, 0x1f0, 0xffffffff, 0xffffffff, 0x1f0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@mcast2, @local, [], [], 'vlan0\x00', 'wlan1\x00'}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [], [], 'hsr0\x00', 'veth1_to_hsr\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x320) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000007e40)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1=0xe0000010}}, 0x1c, 0x0}}], 0x6c00, 0x0) kernel console output (not intermixed with test programs): [ 7.305280][ T23] audit: type=1400 audit(1718564940.600:27): avc: denied { create } for pid=184 comm="dbus-daemon" name="messagebus.pid" scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 7.310236][ T23] audit: type=1400 audit(1718564940.600:28): avc: denied { write open } for pid=184 comm="dbus-daemon" path="/run/messagebus.pid" dev="tmpfs" ino=10361 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 7.313888][ T23] audit: type=1400 audit(1718564940.600:29): avc: denied { getattr } for pid=184 comm="dbus-daemon" path="/run/messagebus.pid" dev="tmpfs" ino=10361 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 7.515122][ T23] audit: type=1400 audit(1718564940.830:30): avc: denied { search } for pid=198 comm="dhcpcd" name="/" dev="tmpfs" ino=213 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 17.281185][ T23] kauditd_printk_skb: 30 callbacks suppressed [ 17.281197][ T23] audit: type=1400 audit(1718564950.600:61): avc: denied { transition } for pid=289 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 17.290406][ T23] audit: type=1400 audit(1718564950.600:62): avc: denied { noatsecure } for pid=289 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 17.295786][ T23] audit: type=1400 audit(1718564950.600:63): avc: denied { write } for pid=289 comm="sh" path="pipe:[589]" dev="pipefs" ino=589 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 17.307113][ T23] audit: type=1400 audit(1718564950.600:64): avc: denied { rlimitinh } for pid=289 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 17.326407][ T23] audit: type=1400 audit(1718564950.600:65): avc: denied { siginh } for pid=289 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.206' (ED25519) to the list of known hosts. 2024/06/16 19:09:19 fuzzer started 2024/06/16 19:09:19 dialing manager at 10.128.0.163:30000 [ 25.813363][ T23] audit: type=1400 audit(1718564959.130:66): avc: denied { node_bind } for pid=348 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 25.834265][ T23] audit: type=1400 audit(1718564959.130:67): avc: denied { name_bind } for pid=348 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 25.888048][ T23] audit: type=1400 audit(1718564959.200:68): avc: denied { setattr } for pid=358 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.923667][ T23] audit: type=1400 audit(1718564959.240:69): avc: denied { mounton } for pid=359 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 25.948361][ T23] audit: type=1400 audit(1718564959.240:70): avc: denied { mount } for pid=359 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 25.951594][ T357] cgroup1: Unknown subsys name 'net' [ 25.971515][ T23] audit: type=1400 audit(1718564959.270:71): avc: denied { mounton } for pid=357 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.983975][ T364] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 26.000583][ T23] audit: type=1400 audit(1718564959.270:72): avc: denied { mount } for pid=357 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.007596][ T357] cgroup1: Unknown subsys name 'net_prio' [ 26.030597][ T23] audit: type=1400 audit(1718564959.350:73): avc: denied { relabelto } for pid=364 comm="mkswap" name="swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.035741][ T357] cgroup1: Unknown subsys name 'devices' [ 26.061423][ T23] audit: type=1400 audit(1718564959.380:74): avc: denied { write } for pid=364 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.091781][ T23] audit: type=1400 audit(1718564959.410:75): avc: denied { unmount } for pid=357 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.151395][ T360] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.201708][ T357] cgroup1: Unknown subsys name 'hugetlb' [ 26.207581][ T357] cgroup1: Unknown subsys name 'rlimit' 2024/06/16 19:09:19 starting 5 executor processes [ 26.751555][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.758605][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.765873][ T374] device bridge_slave_0 entered promiscuous mode [ 26.773146][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.780166][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.787972][ T374] device bridge_slave_1 entered promiscuous mode [ 26.936401][ T376] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.943396][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.950897][ T376] device bridge_slave_0 entered promiscuous mode [ 26.960586][ T376] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.967420][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.975105][ T376] device bridge_slave_1 entered promiscuous mode [ 27.082958][ T382] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.089823][ T382] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.097106][ T382] device bridge_slave_0 entered promiscuous mode [ 27.104299][ T382] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.111152][ T382] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.118669][ T382] device bridge_slave_1 entered promiscuous mode [ 27.134148][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.141016][ T374] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.148144][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.154968][ T374] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.171740][ T381] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.178619][ T381] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.185920][ T381] device bridge_slave_0 entered promiscuous mode [ 27.218940][ T381] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.225774][ T381] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.233531][ T381] device bridge_slave_1 entered promiscuous mode [ 27.279883][ T380] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.286715][ T380] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.294485][ T380] device bridge_slave_0 entered promiscuous mode [ 27.301793][ T380] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.308658][ T380] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.315954][ T380] device bridge_slave_1 entered promiscuous mode [ 27.396694][ T376] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.403611][ T376] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.410697][ T376] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.417520][ T376] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.437245][ T367] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.444276][ T367] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.451953][ T367] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.459093][ T367] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.467014][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 27.474630][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.487256][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.495559][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.502604][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.516930][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.525294][ T367] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.532137][ T367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.604991][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.629482][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.637198][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.644840][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.652960][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.661622][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.668487][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.676237][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.684434][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.691305][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.728855][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.736769][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 27.745558][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.755180][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.762036][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.769872][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 27.778181][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.786346][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.793270][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.801319][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 27.819915][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 27.827967][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.836320][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 27.845092][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.867322][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 27.875613][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.894616][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 27.902715][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.911227][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 27.919533][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.946373][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 27.954812][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.982753][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 27.990627][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.012183][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 28.021139][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.030406][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 28.038809][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.047003][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.055224][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.063432][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.071905][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.098518][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 28.106657][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.115125][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.124091][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.133265][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 28.141503][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.149867][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.157245][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.164850][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 28.173567][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.182041][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.188979][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.196156][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.204361][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.212328][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 28.220544][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.246470][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 28.254222][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.263897][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.275527][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 28.284494][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.292340][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 28.299833][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.307095][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 28.315602][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.323838][ T367] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.330872][ T367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.338700][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 28.346888][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.355029][ T367] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.361874][ T367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.369716][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.377800][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.386308][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 28.434208][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 28.460061][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.470855][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.482259][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.491480][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 28.501072][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.523464][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.532358][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.562286][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.573525][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.584006][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.592881][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.617535][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.629164][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 28.658507][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.669309][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.696784][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.704671][ T413] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 28.808605][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.826272][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.848717][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.872807][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.890287][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 28.898940][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.920790][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.932622][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.972612][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.989861][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.032682][ T422] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 29.170340][ T436] EXT4-fs (loop3): Ignoring removed bh option [ 29.176476][ T436] EXT4-fs (loop3): Ignoring removed nobh option [ 29.193432][ T436] EXT4-fs (loop3): 1 orphan inode deleted [ 29.199247][ T436] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,auto_da_alloc=0x0000000000000007,noquota,resuid=0x0000000000000000,bh,nobh,data_err=abort,delalloc,resgid=0x0000000000000000, [ 29.220908][ T436] ext4 filesystem being mounted at /root/syzkaller-testdir568292863/syzkaller.S6MlLw/6/file1 supports timestamps until 2038 (0x7fffffff) [ 29.498611][ T18] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 29.513350][ T436] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6099: Corrupt filesystem [ 29.563578][ T436] EXT4-fs (loop3): Remounting filesystem read-only [ 29.579320][ T451] EXT4-fs error (device loop3): swap_inode_boot_loader:125: comm syz-executor.3: inode #5: comm syz-executor.3: iget: illegal inode # [ 29.579522][ T436] EXT4-fs error (device loop3) in ext4_setattr:5881: Corrupt filesystem [ 29.606615][ T436] syz-executor.3 (436) used greatest stack depth: 22296 bytes left [ 29.632758][ T374] EXT4-fs error (device loop3): ext4_map_blocks:617: inode #2: block 3: comm syz-executor.3: lblock 0 mapped to illegal pblock 3 (length 1) [ 29.726762][ T374] syz-executor.3 (374) used greatest stack depth: 19544 bytes left [ 29.758265][ T18] usb 2-1: Using ep0 maxpacket: 32 [ 29.878396][ T18] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.897667][ T18] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.910467][ T18] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 29.993073][ T18] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.002314][ T18] usb 2-1: config 0 descriptor?? [ 30.039082][ T18] hub 2-1:0.0: USB hub found [ 30.082486][ T465] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.090646][ T465] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.105086][ T465] device bridge_slave_0 entered promiscuous mode [ 30.117626][ T465] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.124808][ T465] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.131903][ T481] EXT4-fs (loop4): Ignoring removed orlov option [ 30.135421][ T465] device bridge_slave_1 entered promiscuous mode [ 30.157467][ T481] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 30.191911][ T481] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 30.225620][ T494] xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables [ 30.249052][ T465] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.255904][ T465] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.263206][ T465] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.270078][ T465] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.280105][ T488] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 30.298472][ T18] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 30.316038][ T488] EXT4-fs error (device loop2): ext4_orphan_get:1236: inode #15: comm syz-executor.2: iget: bad i_size value: -67835469387268086 [ 30.341711][ T488] EXT4-fs error (device loop2): ext4_orphan_get:1240: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 30.342108][ T481] EXT4-fs error (device loop4): get_max_inline_xattr_value_size:68: inode #12: comm syz-executor.4: corrupt xattr in inline inode [ 30.367435][ T488] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 30.384136][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.385999][ T488] ext2 filesystem being mounted at /root/syzkaller-testdir386878228/syzkaller.YcFjji/8/file0 supports timestamps until 2038 (0x7fffffff) [ 30.406986][ T367] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.414880][ T481] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2221: inode #12: comm syz-executor.4: corrupted in-inode xattr [ 30.423991][ T488] overlayfs: upper fs needs to support d_type. [ 30.433582][ T367] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.454781][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.464075][ T380] ================================================================== [ 30.464846][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.471965][ T380] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xc1f/0xc30 [ 30.471975][ T380] Read of size 4 at addr ffff8881ebbcb000 by task syz-executor.4/380 [ 30.471977][ T380] [ 30.471989][ T380] CPU: 1 PID: 380 Comm: syz-executor.4 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 30.471994][ T380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 30.472003][ T380] Call Trace: [ 30.478839][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.486808][ T380] dump_stack+0x1d8/0x241 [ 30.496349][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.496990][ T380] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 30.507907][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.516850][ T380] ? printk+0xd1/0x111 [ 30.516863][ T380] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 30.516874][ T380] print_address_description+0x8c/0x600 [ 30.516891][ T380] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 30.520084][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.527201][ T380] __kasan_report+0xf3/0x120 [ 30.583621][ T380] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 30.589078][ T380] kasan_report+0x30/0x60 [ 30.593243][ T380] ext4_xattr_delete_inode+0xc1f/0xc30 [ 30.598635][ T380] ? check_preemption_disabled+0x9f/0x320 [ 30.604187][ T380] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 30.610188][ T380] ? __ext4_journal_start_sb+0x295/0x460 [ 30.615642][ T380] ext4_evict_inode+0x1378/0x1ac0 [ 30.620509][ T380] ? ext4_truncate_restart_trans+0xe0/0xe0 [ 30.626146][ T380] ? wb_io_lists_depopulated+0x85/0x170 [ 30.631526][ T380] ? ext4_truncate_restart_trans+0xe0/0xe0 [ 30.637171][ T380] evict+0x29b/0x6a0 [ 30.640993][ T380] vfs_rmdir+0x24b/0x3c0 [ 30.645167][ T380] do_rmdir+0x2c1/0x580 [ 30.649260][ T380] ? d_delete_notify+0xc0/0xc0 [ 30.653854][ T380] ? _raw_spin_unlock_irq+0x4a/0x60 [ 30.659060][ T380] do_syscall_64+0xca/0x1c0 [ 30.663403][ T380] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 30.669204][ T380] RIP: 0033:0x7f9a76b4b687 [ 30.673459][ T380] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 30.693265][ T380] RSP: 002b:00007fff7231f1c8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 30.701764][ T380] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f9a76b4b687 [ 30.709660][ T380] RDX: 0000000000000200 RSI: 00007fff72320370 RDI: 00000000ffffff9c [ 30.717472][ T380] RBP: 00007f9a76ba8636 R08: 0000000000000000 R09: 0000000000000000 [ 30.725471][ T380] R10: 0000000000000100 R11: 0000000000000207 R12: 00007fff72320370 [ 30.733370][ T380] R13: 00007f9a76ba8636 R14: 000000000000756f R15: 0000000000000008 [ 30.741201][ T380] [ 30.743357][ T380] The buggy address belongs to the page: [ 30.748827][ T380] page:ffffea0007aef2c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 30.757766][ T380] flags: 0x8000000000000000() [ 30.762285][ T380] raw: 8000000000000000 ffffea0007af96c8 ffffea0007ad2c08 0000000000000000 [ 30.770871][ T380] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 30.779539][ T380] page dumped because: kasan: bad access detected [ 30.785791][ T380] page_owner tracks the page as freed [ 30.790998][ T380] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT) [ 30.802747][ T380] prep_new_page+0x18f/0x370 [ 30.807166][ T380] get_page_from_freelist+0x2d13/0x2d90 [ 30.812585][ T380] __alloc_pages_nodemask+0x393/0x840 [ 30.817752][ T380] pte_alloc_one+0x1b/0xb0 [ 30.821994][ T380] __pte_alloc+0x1d/0x1c0 [ 30.826166][ T380] copy_page_range+0x1c24/0x26f0 [ 30.831369][ T380] copy_mm+0xb23/0x10d0 [ 30.835360][ T380] copy_process+0x1291/0x3230 [ 30.839873][ T380] _do_fork+0x197/0x900 [ 30.843867][ T380] __x64_sys_clone+0x26b/0x2c0 [ 30.848466][ T380] do_syscall_64+0xca/0x1c0 [ 30.852815][ T380] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 30.858732][ T380] page last free stack trace: [ 30.863227][ T380] free_unref_page_prepare+0x297/0x380 [ 30.868525][ T380] free_unref_page_list+0x10a/0x590 [ 30.873684][ T380] release_pages+0xad8/0xb20 [ 30.878097][ T380] tlb_finish_mmu+0x177/0x320 [ 30.882700][ T380] exit_mmap+0x2dc/0x520 [ 30.887236][ T380] __mmput+0x8e/0x2c0 [ 30.891164][ T380] do_exit+0xc08/0x2bc0 [ 30.895157][ T380] do_group_exit+0x138/0x300 [ 30.899587][ T380] get_signal+0xdb1/0x1440 [ 30.903834][ T380] do_signal+0xb0/0x11f0 [ 30.907925][ T380] exit_to_usermode_loop+0xc0/0x1a0 [ 30.912953][ T380] prepare_exit_to_usermode+0x199/0x200 [ 30.918333][ T380] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 30.924154][ T380] [ 30.926325][ T380] Memory state around the buggy address: [ 30.931893][ T380] ffff8881ebbcaf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.939784][ T380] ffff8881ebbcaf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.947683][ T380] >ffff8881ebbcb000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2024/06/16 19:09:24 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 30.955576][ T380] ^ [ 30.959485][ T380] ffff8881ebbcb080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.967385][ T380] ffff8881ebbcb100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.975278][ T380] ================================================================== [ 30.983176][ T380] Disabling lock debugging due to kernel taint [ 31.025299][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.038452][ T367] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.106626][ T418] device bridge_slave_1 left promiscuous mode [ 31.112835][ T18] usbhid 2-1:0.0: can't add hid device: -71 [ 31.118644][ T18] usbhid: probe of 2-1:0.0 failed with error -71 [ 31.127670][ T418] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.144983][ T418] device bridge_slave_0 left promiscuous mode [ 31.151004][ T418] bridge0: port 1(bridge_slave_0) entered disabled state [