last executing test programs: 3.526018085s ago: executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) ptrace$PTRACE_SETSIGMASK(0x420b, r0, 0x8, &(0x7f0000000280)={[0x5]}) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0xfffffa84, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) rename(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file0\x00') r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x45, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000300000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) pipe2(&(0x7f0000000040), 0x0) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r7, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000006c0)='net/route\x00') preadv(r8, &(0x7f00000025c0)=[{&(0x7f0000002500)=""/79, 0x4f}], 0x1, 0x10006c, 0x0) 3.173573112s ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000c00)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000cc0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) write$cgroup_subtree(r1, 0x0, 0x240) 3.00121733s ago: executing program 0: socket$key(0xf, 0x3, 0x2) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) io_setup(0x3, &(0x7f0000000180)=0x0) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') io_submit(r0, 0x1, &(0x7f0000000800)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0}, 0x10) ptrace$ARCH_SHSTK_STATUS(0x1e, 0x0, 0x0, 0x5005) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$netlink(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000001040)=ANY=[@ANYBLOB="38010000100013070000000000000000ac1414bb000000000000000000000000e000000200000000009cca7c8d026bcfbcec4fd700d7a6010000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000200000000000000000048000200656362286369706865725f6e756c6c29"], 0x138}, 0x1, 0xe}, 0x0) 2.955857097s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000002000400000000000181136b2", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'veth0_to_batadv\x00', 0x0}) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000200)=0x5, 0x4) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000040)=0x200, 0x4) sendto$packet(r2, &(0x7f00000000c0)="3f030e03f007120006001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xb318, 0x0, &(0x7f0000000540)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 2.945497729s ago: executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0xe, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x3d}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) 2.935548581s ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000004080)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d6095ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d750de773350349575dd808625a986c593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f574bd60d3d4513c40a92d801000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9f94d5be4ff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000005000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e810003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40bb4ab4f4a1d3c5e3b0c6fb2d4b205a800b6d713aceb1be714e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fe7ace45feeb685c5870d05f88a0f463db1a40484e2e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b00cbd0ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e598eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca86a45d37a21551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dbddc655309d9cb43ab4898d0f0aa565431b6abe585df5db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000000000000000000000990f6bb14e95d057e45b0e816916229da5cf0b5f04323eb378775217e3a5b75f58b563b0d720b17f77812b40f6c82722c812f1b2b413bf0327fdcbdad4807faaf3fc0bbd2aefabbb1b1c9bf1da2de5c941cb89c9867e81f79c674c4bbd43807740ededae6871de3ee691e8b6c598d04736c7575c55840cc75f73fc4db7ca274d9618add26c2f0e271687bb831c0a5782637c2f9184d42d724e7fbd42821831a47aa61e4eed3d4b9813ea924d8099631a3c0de97b7552c568a2502255e885fd3cb627f72c843fab574ad7850f2aa4a50e3c77e1208f9f94493e1aeea9461eaa2e604bd23aba1a47022491b3967af4aa2e4811a0e6f45c51814b6b594a70c864d8f4769e792ac3b1cd64c4dfed"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='kmem_cache_free\x00', r0}, 0x10) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89801) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 2.926414462s ago: executing program 1: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 2.908289635s ago: executing program 1: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000f80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000d00)={0x44, &(0x7f0000000300)=ANY=[@ANYBLOB="000001000000aa"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 2.875313621s ago: executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000010850000006d00000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000340)='ext4_mark_inode_dirty\x00', r0}, 0x10) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_TX_POWER(0xffffffffffffffff, 0x0, 0x0) unshare(0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0) 2.863883233s ago: executing program 4: socket$inet6(0xa, 0x0, 0x9) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, &(0x7f0000000140)={0x24, {{0x29, 0x0, 0x0, @mcast1}}}, 0x88) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) mkdir(0x0, 0x1d6) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r5, 0xc004743e, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x6}, {0x66, 0x0, 0x0, 0x80ffffff}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x1, 0x5, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 2.400554228s ago: executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x901006, 0x0, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1, 0x4, 0xb, 0x6}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r2}, 0x10) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 2.317808532s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000400)=""/262, 0x106}], 0x1}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='skb_copy_datagram_iovec\x00', r4}, 0x10) sendmsg(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000019c0)='/', 0x1}], 0x1}, 0x0) 2.230926956s ago: executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000088f05ae0850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x2, 0x4, 0x2300, 0x6}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000016c0)={0x0, &(0x7f0000000600)=""/41, &(0x7f0000000640), &(0x7f00000006c0), 0x1, r1}, 0x38) 2.172692826s ago: executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x2}, @IFLA_GRE_ERSPAN_HWID={0x6, 0x18, 0xf0}]}}}]}, 0x4c}}, 0x0) 2.137251811s ago: executing program 3: sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001840)={{r1}, &(0x7f00000017c0), &(0x7f0000001800)='%-5lx \x00'}, 0x20) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r4, &(0x7f0000003280)={0x0, 0x0, 0x0}, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x21, &(0x7f0000000040), 0x4) sendmsg$tipc(r4, &(0x7f0000001000)={0x0, 0x0, 0x0}, 0x0) recvmsg(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0) sendmsg$tipc(r3, &(0x7f0000000b40)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.047222376s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000c00)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000cc0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) write$cgroup_subtree(r1, 0x0, 0x240) 1.975502617s ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 1.967031839s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000035c30018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)}, 0x20) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket(0x1e, 0x4, 0x0) r4 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) sendmsg$tipc(r4, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 1.761603163s ago: executing program 0: timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f00000002c0)=0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x7f, 0x8d}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r2 = getpid() sched_setscheduler(r2, 0x1, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000000301010100000000000000000addff001800028006000340000000000c00028005000100010000000c001980080002000c"], 0x38}}, 0x0) pipe(&(0x7f0000002480)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r5, 0x0, 0x7, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000100)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) ioperm(0x0, 0x9, 0x7) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$rfkill(r6, &(0x7f0000000180), 0x8) read$rfkill(r5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@ipv4_delrule={0x1c, 0x1e, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x1c}}, 0x0) getdents64(0xffffffffffffffff, &(0x7f00000006c0)=""/26, 0x1a) futimesat(r4, &(0x7f0000000040)='./file0\x00', 0x0) getdents64(0xffffffffffffffff, 0xfffffffffffffffe, 0x29) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x80, &(0x7f0000000200), 0x1, 0x538, &(0x7f0000000700)="$eJzs3U9sHFcZAPBvJnZ2k7p1Cj0AKjSUQkBRdu1NG1W9kJ4qhCoheuSQGntjRdnNRtl1qU0OzpE7EhWc4MQZCSQOSDlxR+LCjUs5IBUaIdVISGw1s+Nkbe/aK//ZTby/nzSaN/Nm53vPo5m3+jaZF8DUuhgRmxFxNiLej4j5Yn9SLHG9t2THffbo/vLWo/vLSXS77/07yeuzfdH3mcxzxTnLEfHDdyJ+nOwK+teI9vrG7aVGo36v2FXtNO9W2+sbV241l1brq/U7tdq1xWsLb159o3ZsfX2l+btPzkXEn/741Y//svmdn2bNmivq+vtxnHpdn30cJzMTEd8/iWATMFv05+xhPnyoD3Gc0oj4QkS8mt//83Emv5o77bxM3x1j6wCAk9Dtzkd3vn97mE/nh9cBAM+SNM+BJWmlyAXMRZpWKr0c3ktxPm202p3LN1trd1Z6ubILMZvevNWoLxS5woe/v/529r1hMa/L65OsvrZr+2pEvBgRPy+dy7cry63GygS/9wDANHtu5/hfjmL8BwBOufKTYmmS7QAAxqc86QYAAGNn/AeA6WP8B4DpY/wHgOlj/AeA6WP8B4Cp8oN3382W7lbx/uuVD9bXbrc+uLJSb9+uNNeWK8ute3crq63Wav7OnuZB52u0WncXX4+1D6udertTba9v3Gi21u50buTv9b5Rnx1LrwCA/bz4ysO/JRGx+da5fIm+9/0fOFa/fNKtA05SOukGABNzZtINACZm72xfwLSQj4fp9f9utxt9c/dGxIPHpb6XgQ79J0IfjRQmNW8oPH0uffkI+X/gmbYj/28+dpgqh8v/+y4Pp4H8P0yvbjfZZ85/AOA0kuMHkgPq+3//X+j2bYz2+z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcSnP5kqSVYi7wuUjTSiXi+Yi4ELPJzVuN+kJEvFDMFZxtL0aEeYMA4FmW/jMp5v+6NP/a3O7as6X/lvJ1RPzkV+/94sOlTufeYsTZ5NPH+zsfFftrk2g/AHCQ7XF6exzf9tmj+8vby0HneHCM7fnk7d7kolncrWLp1czETL4ux2xE6fx/kmK7JynyEUe1mXXmS4P6n+S5kQvFzKe742exnx9r/HRH/DSv662zv8UXD4jzy2NoK5w2D7Pnz/VB918aF/P14Pu/nD+hjm77+be15/mXPn7+nRkQP7vnL44a4/U/f2/Pzu58r+5BxFdmIra2T973/JmJvomhB8R/bcT4f3/5a68Oq+v+OuJSDOp/siNWtdO8W22vb1y51Vxara/W79Rq1xavLbx59Y1aNc9RV7cz1Xv9663LLwyLn/X//JD4vStfzuMP+vt/c8T+/+Z/7//o6/vE//Y3Bl//l/aJPxsR3xox/tL5P5SH1WXxV4b0f2af+Nm+yyPG//gfGysjHgoAjEF7feP2UqNRv3ekwmZWKO97THrEEKMWkojNEw7xpFD67c/eOfjg0tjac8hCDKs687S08NQUSk9HM0YoTPrJBJy0Jzf9pFsCAAAAAAAAAAAAAAAMM47/TjTpPgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB6fR4AAP//uvbV2Q==") timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_nanosleep(0x9, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0) 1.747228775s ago: executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) ptrace$ARCH_GET_CPUID(0x1e, r0, 0x0, 0x1011) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x1e, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r4 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000000)='\x00', 0x0, r5) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0) fallocate(r6, 0x68, 0x0, 0xffffffff) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x2d) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) getresgid(&(0x7f0000000040), &(0x7f0000000180)=0x0, &(0x7f00000016c0)) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r9]) syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r5) 911.535321ms ago: executing program 0: socket$inet6(0xa, 0x0, 0x9) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, &(0x7f0000000140)={0x24, {{0x29, 0x0, 0x0, @mcast1}}}, 0x88) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) mkdir(0x0, 0x1d6) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r5, 0xc004743e, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x6}, {0x66, 0x0, 0x0, 0x80ffffff}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x1, 0x5, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 622.928708ms ago: executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r2}, &(0x7f0000000000), &(0x7f00000005c0)=r3}, 0x20) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) 345.908054ms ago: executing program 4: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0003020000000203"], 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000001780)={0x2c, 0x0, &(0x7f00000014c0)={0x0, 0x3, 0x4, @lang_id={0x4}}, 0x0, 0x0, 0x0}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="00031200000012033f"], 0x0, 0x0}, 0x0) 241.95762ms ago: executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001b00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_da_write_pages\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_da_write_pages\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x2000) 227.732703ms ago: executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0006000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001540)={&(0x7f0000001500)='kmem_cache_free\x00', r0}, 0x10) syz_emit_ethernet(0xb4, &(0x7f0000000b00)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaa0086dd60002b04007e2900fe8000000000000000000000000000bbff020000000000000000000000000001"], 0x0) 214.561355ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2, 0x1000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r3, 0x800448f0, 0x0) 192.735188ms ago: executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="184000ff7f0000000000e0f23507b54efc400000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000050018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='ext4_da_write_pages_extent\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000700), 0x12) ioctl$SIOCSIFHWADDR(r2, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) 170.409732ms ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 20.767907ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000017b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000ac0)='mm_page_free_batched\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) unshare(0x60600) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x69) ioctl$SIOCSIFHWADDR(r2, 0x40086602, &(0x7f0000000540)={'\x00', @dev}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.current\x00', 0x7a05, 0x1700) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000100), 0x1001) ioctl$SIOCSIFHWADDR(r5, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) finit_module(r1, &(0x7f0000000000)='])![\\]\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000340), 0xfdef) 0s ago: executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_service_time\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000580)={'gre0\x00', 0x0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): [ 23.348291][ T24] audit: type=1400 audit(1718472515.709:62): avc: denied { noatsecure } for pid=271 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.351067][ T24] audit: type=1400 audit(1718472515.709:63): avc: denied { write } for pid=271 comm="sh" path="pipe:[1479]" dev="pipefs" ino=1479 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 23.354692][ T24] audit: type=1400 audit(1718472515.709:64): avc: denied { rlimitinh } for pid=271 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.357610][ T24] audit: type=1400 audit(1718472515.709:65): avc: denied { siginh } for pid=271 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.175' (ED25519) to the list of known hosts. 2024/06/15 17:28:43 fuzzer started 2024/06/15 17:28:43 dialing manager at 10.128.0.163:30004 [ 31.593187][ T24] audit: type=1400 audit(1718472523.959:66): avc: denied { node_bind } for pid=288 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 31.613712][ T24] audit: type=1400 audit(1718472523.959:67): avc: denied { name_bind } for pid=288 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 118.516561][ T24] audit: type=1400 audit(1718472610.879:68): avc: denied { mounton } for pid=384 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 118.517716][ T384] cgroup: Unknown subsys name 'net' [ 118.545167][ T384] cgroup: Unknown subsys name 'devices' [ 118.554003][ T24] audit: type=1400 audit(1718472610.879:69): avc: denied { mount } for pid=384 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 118.575972][ T24] audit: type=1400 audit(1718472610.909:70): avc: denied { unmount } for pid=384 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 118.580988][ T390] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 118.596930][ T24] audit: type=1400 audit(1718472610.919:71): avc: denied { mounton } for pid=386 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 118.628502][ T24] audit: type=1400 audit(1718472610.919:72): avc: denied { mount } for pid=386 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 118.651579][ T24] audit: type=1400 audit(1718472610.929:73): avc: denied { setattr } for pid=388 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=161 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 118.674649][ T24] audit: type=1400 audit(1718472610.969:74): avc: denied { relabelto } for pid=390 comm="mkswap" name="swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 118.699975][ T24] audit: type=1400 audit(1718472610.969:75): avc: denied { write } for pid=390 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 118.725415][ T389] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 118.733984][ T24] audit: type=1400 audit(1718472611.069:76): avc: denied { read } for pid=389 comm="syz-executor" name="swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 118.759503][ T24] audit: type=1400 audit(1718472611.069:77): avc: denied { open } for pid=389 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 118.786405][ T384] cgroup: Unknown subsys name 'hugetlb' [ 118.792070][ T384] cgroup: Unknown subsys name 'rlimit' 2024/06/15 17:30:11 starting 5 executor processes [ 119.109222][ T401] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.116066][ T401] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.123862][ T401] device bridge_slave_0 entered promiscuous mode [ 119.130910][ T401] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.137836][ T401] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.144989][ T401] device bridge_slave_1 entered promiscuous mode [ 119.154033][ T400] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.160972][ T400] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.168146][ T400] device bridge_slave_0 entered promiscuous mode [ 119.176607][ T400] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.183494][ T400] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.190667][ T400] device bridge_slave_1 entered promiscuous mode [ 119.210964][ T404] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.218528][ T404] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.225565][ T404] device bridge_slave_0 entered promiscuous mode [ 119.234347][ T404] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.241213][ T404] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.248412][ T404] device bridge_slave_1 entered promiscuous mode [ 119.278577][ T403] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.285424][ T403] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.293444][ T403] device bridge_slave_0 entered promiscuous mode [ 119.303559][ T402] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.310447][ T402] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.317703][ T402] device bridge_slave_0 entered promiscuous mode [ 119.330790][ T403] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.337711][ T403] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.344822][ T403] device bridge_slave_1 entered promiscuous mode [ 119.351287][ T402] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.358146][ T402] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.365178][ T402] device bridge_slave_1 entered promiscuous mode [ 119.480437][ T404] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.487309][ T404] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.494409][ T404] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.501219][ T404] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.510241][ T401] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.517092][ T401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.524158][ T401] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.530975][ T401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.544188][ T400] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.551044][ T400] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.558154][ T400] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.564910][ T400] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.582680][ T403] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.589802][ T403] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.597021][ T403] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.603806][ T403] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.624526][ T402] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.631394][ T402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.638467][ T402] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.645252][ T402] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.667002][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.675482][ T54] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.682904][ T54] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.689870][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.698098][ T54] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.705014][ T54] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.712242][ T54] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.719257][ T54] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.726227][ T54] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.733270][ T54] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.740775][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.747985][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.755097][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.762281][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.787010][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.795284][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.803286][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.810119][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.818841][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.826727][ T54] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.833511][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.840726][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 119.848473][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 119.856095][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.863982][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.870818][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.878076][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 119.885733][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.893778][ T54] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.900610][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.907835][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 119.927114][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.935075][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.943062][ T15] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.949900][ T15] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.957047][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.964842][ T15] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.971622][ T15] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.978951][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 119.986650][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.007935][ T400] device veth0_vlan entered promiscuous mode [ 120.019075][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 120.027452][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 120.035043][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 120.042388][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 120.049883][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.057796][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.074601][ T401] device veth0_vlan entered promiscuous mode [ 120.085498][ T400] device veth1_macvtap entered promiscuous mode [ 120.092610][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 120.100966][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 120.108907][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 120.116723][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 120.124128][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 120.131672][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 120.139839][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 120.161226][ T402] device veth0_vlan entered promiscuous mode [ 120.167391][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 120.174592][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.181828][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.190702][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.199263][ T405] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.206079][ T405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.213372][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.221430][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.229367][ T405] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.236182][ T405] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.243370][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 120.251141][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.258929][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.266648][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.274305][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 120.282333][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 120.290398][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 120.298074][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 120.305655][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 120.313308][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 120.321250][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 120.328492][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 120.335716][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 120.343001][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 120.353928][ T404] device veth0_vlan entered promiscuous mode [ 120.360789][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 120.368891][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 120.383581][ T403] device veth0_vlan entered promiscuous mode [ 120.391926][ T401] device veth1_macvtap entered promiscuous mode [ 120.398735][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 120.406766][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 120.414922][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 120.423231][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 120.430968][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 120.438799][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 120.446610][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 120.460137][ T404] device veth1_macvtap entered promiscuous mode [ 120.467717][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 120.475354][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 120.483643][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 120.492100][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 120.500223][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 120.512877][ T400] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 120.529959][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 120.538857][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 120.548076][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 120.556134][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 120.569460][ T402] device veth1_macvtap entered promiscuous mode [ 120.583835][ T403] device veth1_macvtap entered promiscuous mode [ 120.601158][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 120.609870][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 120.619080][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 120.626487][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 120.635247][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 120.643606][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 120.651772][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 120.660521][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 120.668815][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 120.676808][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 120.698550][ T431] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 120.719251][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 120.729775][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 120.738179][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 120.748528][ T433] sit: Dst spoofed 0.0.0.0/2002::bfd8:a5dd -> 224.0.0.1/2002:c021:42c4:3911:45ba:dd28:fd7f:ffc [ 120.777331][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 120.785726][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 120.801541][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 120.817203][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 120.825436][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 120.881571][ T450] Illegal XDP return value 4294967274, expect packet loss! [ 120.987343][ T463] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 121.075492][ T437] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 121.103736][ T472] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 121.117552][ T437] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 121.141550][ T437] F2FS-fs (loop4): invalid crc value [ 121.188172][ T437] F2FS-fs (loop4): Found nat_bits in checkpoint [ 121.198692][ T488] EXT4-fs (loop3): Unrecognized mount option "obj_user=" or missing value [ 121.225556][ T437] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 121.232833][ T437] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 121.332317][ T500] ====================================================== [ 121.332317][ T500] WARNING: the mand mount option is being deprecated and [ 121.332317][ T500] will be removed in v5.15! [ 121.332317][ T500] ====================================================== [ 121.466965][ T54] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 121.707246][ T54] usb 3-1: Using ep0 maxpacket: 8 [ 121.812858][ T513] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.820277][ T513] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.827357][ T54] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 121.835957][ T513] device bridge_slave_0 entered promiscuous mode [ 121.842748][ T54] usb 3-1: config 179 has no interface number 0 [ 121.849069][ T54] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 121.850500][ T513] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.860024][ T54] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1029, setting to 1024 [ 121.876957][ T513] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.878195][ T54] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11 [ 121.896073][ T54] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024 [ 121.901635][ T513] device bridge_slave_1 entered promiscuous mode [ 121.907526][ T54] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 121.926608][ T54] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 121.935538][ T54] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.976983][ T472] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 121.985765][ T472] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 122.026417][ T513] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.033302][ T513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.040389][ T513] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.043552][ T54] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input4 [ 122.047177][ T513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.130845][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 122.139245][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 122.147571][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 122.183592][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 122.191567][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 122.199592][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 122.208488][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 122.221440][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 122.230543][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 122.253463][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 122.262914][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 122.279199][ T20] usb 3-1: USB disconnect, device number 2 [ 122.289365][ T513] device veth0_vlan entered promiscuous mode [ 122.298433][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 122.307925][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 122.316765][ T20] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 122.318958][ T537] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 122.334768][ T537] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 122.343326][ T513] device veth1_macvtap entered promiscuous mode [ 122.350549][ T537] F2FS-fs (loop3): Found nat_bits in checkpoint [ 122.357430][ T544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 122.365460][ T544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 122.373923][ T544] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 122.390118][ T110] device bridge_slave_1 left promiscuous mode [ 122.397667][ T110] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.404890][ T537] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 122.412263][ T110] device bridge_slave_0 left promiscuous mode [ 122.418259][ T537] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 122.425546][ T110] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.440087][ T110] device veth1_macvtap left promiscuous mode [ 122.450430][ T110] device veth0_vlan left promiscuous mode [ 122.580900][ T427] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 122.589201][ T427] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 122.598742][ T427] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 122.606805][ T568] syz-executor.4 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 122.613285][ T427] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 122.801435][ T600] cgroup: syz-executor.1 (600) created nested cgroup for controller "memory" which has incomplete hierarchy support. Nested cgroups may change behavior in the future. [ 122.818340][ T600] cgroup: "memory" requires setting use_hierarchy to 1 on the root [ 122.850659][ T601] incfs_lookup_dentry err:-14 [ 122.855261][ T601] incfs: Can't find or create .incomplete dir in ./file0 [ 122.863864][ T601] incfs: mount failed -14 [ 122.925133][ T616] syz-executor.1[616] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 122.925268][ T616] syz-executor.1[616] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 123.304069][ T657] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.322509][ T657] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.330041][ T657] device bridge_slave_0 entered promiscuous mode [ 123.336846][ T657] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.343894][ T657] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.351228][ T657] device bridge_slave_1 entered promiscuous mode [ 123.397680][ T669] x_tables: unsorted entry at hook 3 [ 123.405287][ T657] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.412161][ T657] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.419245][ T657] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.426026][ T657] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.449878][ T427] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 123.458892][ T427] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.466317][ T427] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.529647][ T427] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 123.578906][ T427] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.585774][ T427] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.668095][ T427] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 123.726356][ T427] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.733255][ T427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.752050][ T24] kauditd_printk_skb: 122 callbacks suppressed [ 123.752061][ T24] audit: type=1400 audit(1718472616.119:200): avc: denied { append } for pid=75 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 123.878953][ T24] audit: type=1400 audit(1718472616.119:201): avc: denied { open } for pid=75 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 123.904544][ T24] audit: type=1400 audit(1718472616.119:202): avc: denied { getattr } for pid=75 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 123.928800][ T24] audit: type=1326 audit(1718472616.299:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=679 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e84179ea9 code=0x7ffc0000 [ 123.949911][ T657] device veth0_vlan entered promiscuous mode [ 123.967470][ T657] device veth1_macvtap entered promiscuous mode [ 123.974575][ T24] audit: type=1326 audit(1718472616.299:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=679 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e84179ea9 code=0x7ffc0000 [ 123.999747][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 124.000414][ T24] audit: type=1326 audit(1718472616.299:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=679 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7f0e84179ea9 code=0x7ffc0000 [ 124.031675][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 124.040713][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 124.046448][ T24] audit: type=1326 audit(1718472616.339:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=679 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e84179ea9 code=0x7ffc0000 [ 124.071474][ T24] audit: type=1326 audit(1718472616.339:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=679 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e84179ea9 code=0x7ffc0000 [ 124.071597][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 124.102736][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 124.110743][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 124.118489][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 124.132145][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 124.140481][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 124.417070][ T405] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 124.529106][ T729] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 124.542126][ T729] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 124.638622][ T729] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2800: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 124.652082][ T729] EXT4-fs (loop2): 1 truncate cleaned up [ 124.657867][ T729] EXT4-fs (loop2): mounted filesystem without journal. Opts: nouid32,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,quota,,errors=continue [ 124.967036][ T544] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 125.011228][ T405] usb 4-1: Using ep0 maxpacket: 32 [ 125.027809][ T110] device bridge_slave_1 left promiscuous mode [ 125.033919][ T110] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.041364][ T110] device bridge_slave_0 left promiscuous mode [ 125.047430][ T110] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.057696][ T110] device veth1_macvtap left promiscuous mode [ 125.063504][ T110] device veth0_vlan left promiscuous mode [ 125.147010][ T405] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.158374][ T405] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.172149][ T766] syz-executor.4[766] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 125.172204][ T766] syz-executor.4[766] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 125.227012][ T544] usb 3-1: Using ep0 maxpacket: 16 [ 125.297050][ T405] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 125.305908][ T405] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 125.314171][ T405] usb 4-1: Product: syz [ 125.321893][ T405] usb 4-1: Manufacturer: syz [ 125.357064][ T544] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.367969][ T544] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 125.377404][ T405] hub 4-1:4.0: USB hub found [ 125.380779][ T544] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 125.393935][ T544] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.402293][ T544] usb 3-1: config 0 descriptor?? [ 125.407648][ T772] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 125.415243][ T772] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 125.425462][ T772] F2FS-fs (loop4): Found nat_bits in checkpoint [ 125.448601][ T772] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 125.455770][ T772] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 125.466832][ T24] audit: type=1400 audit(1718472617.829:208): avc: denied { map } for pid=771 comm="syz-executor.4" path="/root/syzkaller-testdir4049245914/syzkaller.E5gWnq/45/file0/bus" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 125.495802][ T24] audit: type=1400 audit(1718472617.829:209): avc: denied { execute } for pid=771 comm="syz-executor.4" path="/root/syzkaller-testdir4049245914/syzkaller.E5gWnq/45/file0/bus" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 125.497619][ T772] attempt to access beyond end of device [ 125.497619][ T772] loop4: rw=2049, want=45104, limit=40427 [ 125.569488][ T110] attempt to access beyond end of device [ 125.569488][ T110] loop4: rw=1, want=45104, limit=40427 [ 125.587114][ T405] hub 4-1:4.0: 2 ports detected [ 125.703657][ T791] capability: warning: `syz-executor.0' uses deprecated v2 capabilities in a way that may be insecure [ 125.732799][ T791] device vlan2 entered promiscuous mode [ 125.738422][ T791] bridge0: port 3(vlan2) entered blocking state [ 125.744473][ T791] bridge0: port 3(vlan2) entered disabled state [ 125.880929][ T544] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0001/input/input5 [ 125.917987][ T811] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 not in group (block 7696581394437)! [ 125.928960][ T811] EXT4-fs (loop0): group descriptors corrupted! [ 125.957824][ T544] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 126.116971][ T405] hub 4-1:4.0: set hub depth failed [ 126.178559][ T405] usb 4-1: USB disconnect, device number 2 [ 126.220078][ T843] binder: 842:843 ioctl c0306201 200001c0 returned -14 [ 126.267434][ T427] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 126.407780][ T853] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 126.415351][ T853] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 126.424149][ T853] F2FS-fs (loop0): invalid crc value [ 126.430871][ T853] F2FS-fs (loop0): Found nat_bits in checkpoint [ 126.453830][ T853] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 126.460832][ T853] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 126.657156][ T427] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 126.675102][ T427] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 126.687033][ T427] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.696785][ T427] usb 2-1: New USB device found, idVendor=056a, idProduct=4001, bcdDevice= 0.00 [ 126.706110][ T427] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.779335][ T427] usb 2-1: config 0 descriptor?? [ 127.268187][ T427] wacom 0003:056A:4001.0002: unknown main item tag 0x0 [ 127.278697][ T427] wacom 0003:056A:4001.0002: hidraw1: USB HID v0.00 Device [HID 056a:4001] on usb-dummy_hcd.1-1/input0 [ 127.342357][ T427] usb 3-1: USB disconnect, device number 3 [ 127.431651][ T894] kvm: emulating exchange as write [ 127.470869][ T405] usb 2-1: USB disconnect, device number 2 [ 127.542976][ T913] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 127.570286][ T915] syz-executor.3 (pid 915) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 127.628168][ T593] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 127.907019][ T593] usb 5-1: Using ep0 maxpacket: 8 [ 127.967337][ T423] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 128.117045][ T593] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 128.125879][ T593] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 128.134179][ T593] usb 5-1: SerialNumber: syz [ 128.139417][ T593] usb 5-1: config 0 descriptor?? [ 128.177575][ T593] uvcvideo: Found UVC 0.00 device (05ac:8501) [ 128.184363][ T593] uvcvideo: No valid video chain found. [ 128.217061][ T423] usb 4-1: Using ep0 maxpacket: 16 [ 128.237798][ T955] erofs: (device loop1): mounted with root inode @ nid 36. [ 128.245332][ T955] erofs: (device loop1): z_erofs_map_blocks_iter: invalid logical cluster 0 at nid 36 [ 128.254902][ T955] attempt to access beyond end of device [ 128.254902][ T955] loop1: rw=0, want=304, limit=16 [ 128.265201][ T955] erofs: (device loop1): z_erofs_readpage: failed to read, err [-117] [ 128.347028][ T423] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 128.357990][ T423] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 128.359025][ T962] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a000c118, mo2=0002] [ 128.367614][ T423] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 128.367635][ T423] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 128.367645][ T423] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.377426][ T423] usb 4-1: config 0 descriptor?? [ 128.388875][ T962] System zones: [ 128.400198][ T593] usb 5-1: USB disconnect, device number 2 [ 128.405412][ T962] 0-1, 3-12 [ 128.423669][ T962] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv1,bsddf,barrier=0x0000000000000000,norecovery,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,acl,debug,,errors=continue [ 129.117033][ T423] usbhid 4-1:0.0: can't add hid device: -71 [ 129.122833][ T423] usbhid: probe of 4-1:0.0 failed with error -71 [ 129.129760][ T423] usb 4-1: USB disconnect, device number 3 [ 129.216981][ T405] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 129.277485][ T24] kauditd_printk_skb: 59 callbacks suppressed [ 129.277495][ T24] audit: type=1400 audit(1718472621.649:269): avc: denied { shutdown } for pid=990 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 129.404140][ T1003] syz-executor.0[1003] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 129.404171][ T1003] syz-executor.0[1003] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 129.470483][ T24] audit: type=1400 audit(1718472621.839:270): avc: denied { setattr } for pid=1005 comm="syz-executor.3" name="file0" dev="9p" ino=7016996764471618667 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=blk_file permissive=1 [ 129.486234][ T1008] erofs: (device loop2): mounted with root inode @ nid 36. [ 129.523225][ T24] audit: type=1400 audit(1718472621.889:271): avc: denied { read } for pid=1005 comm="syz-executor.3" name="file0" dev="9p" ino=7016996764471618667 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=blk_file permissive=1 [ 129.547285][ T24] audit: type=1400 audit(1718472621.889:272): avc: denied { open } for pid=1005 comm="syz-executor.3" path="/root/syzkaller-testdir4288233920/syzkaller.xgkTDt/24/file0/file0" dev="9p" ino=7016996764471618667 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=blk_file permissive=1 [ 129.581353][ T1008] erofs: (device loop2): z_erofs_map_blocks_iter: invalid logical cluster 0 at nid 36 [ 129.591077][ T1008] attempt to access beyond end of device [ 129.591077][ T1008] loop2: rw=0, want=304, limit=16 [ 129.601622][ T1008] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117] [ 129.609704][ T405] usb 2-1: config 45 has too many interfaces: 194, using maximum allowed: 32 [ 129.618468][ T405] usb 2-1: config 45 has 1 interface, different from the descriptor's value: 194 [ 129.631894][ T405] usb 2-1: config 45 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.647718][ T405] usb 2-1: config 45 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.657573][ T405] usb 2-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00 [ 129.666404][ T405] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.995311][ T1047] erofs: (device loop2): mounted with root inode @ nid 36. [ 130.077110][ T1047] erofs: (device loop2): z_erofs_map_blocks_iter: invalid logical cluster 0 at nid 36 [ 130.086618][ T1047] attempt to access beyond end of device [ 130.086618][ T1047] loop2: rw=0, want=304, limit=16 [ 130.102271][ T1047] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117] [ 130.127153][ T15] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 130.300993][ T405] uclogic 0003:5543:0042.0003: unknown main item tag 0x0 [ 130.321306][ T405] uclogic 0003:5543:0042.0003: item fetching failed at offset 3/5 [ 130.329702][ T405] uclogic 0003:5543:0042.0003: parse failed [ 130.336033][ T405] uclogic: probe of 0003:5543:0042.0003 failed with error -22 [ 130.369245][ T15] usb 4-1: Using ep0 maxpacket: 8 [ 130.450839][ T25] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 130.518047][ T15] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.669024][ T405] usb 2-1: USB disconnect, device number 3 [ 130.679549][ T15] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 130.722664][ T15] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 130.730909][ T15] usb 4-1: SerialNumber: syz [ 130.736041][ T15] usb 4-1: config 0 descriptor?? [ 130.777502][ T15] uvcvideo: Found UVC 0.00 device (05ac:8501) [ 130.784355][ T15] uvcvideo 4-1:0.0: Entity type for entity Output 255 was not initialized! [ 130.793027][ T15] uvcvideo: Failed to create links for entity 255 [ 130.799314][ T15] uvcvideo: Failed to register entities (-22). [ 130.838546][ T1066] F2FS-fs (loop0): invalid crc value [ 130.844898][ T1066] F2FS-fs (loop0): Found nat_bits in checkpoint [ 130.866282][ T1066] F2FS-fs (loop0): sanity_check_inode: corrupted inode i_blocks i_ino=3 iblocks=0, run fsck to fix. [ 130.877041][ T1066] F2FS-fs (loop0): Failed to read root inode [ 130.937026][ T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 130.947768][ T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 130.957282][ T25] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 130.966841][ T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 130.976271][ T25] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 130.980844][ T405] usb 4-1: USB disconnect, device number 4 [ 130.987838][ T25] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 131.077053][ T25] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 131.086157][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 131.094046][ T25] usb 5-1: SerialNumber: syz [ 131.099627][ T1080] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 131.109670][ T1080] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 131.121719][ T1080] EXT4-fs (loop2): failed to initialize system zone (-117) [ 131.128902][ T1080] EXT4-fs (loop2): mount failed [ 131.157217][ T25] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 131.165081][ T25] cdc_acm: probe of 5-1:1.0 failed with error -12 [ 131.230394][ T24] audit: type=1400 audit(1718472623.599:273): avc: denied { lock } for pid=1084 comm="syz-executor.1" path="socket:[17265]" dev="sockfs" ino=17265 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 131.317213][ T24] audit: type=1326 audit(1718472623.689:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1091 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb47b0aeea9 code=0x7ffc0000 [ 131.347874][ T24] audit: type=1400 audit(1718472623.709:275): avc: denied { read } for pid=1086 comm="syz-executor.0" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=17318 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 131.373318][ T24] audit: type=1326 audit(1718472623.709:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1091 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7fb47b0aeea9 code=0x7ffc0000 [ 131.397116][ T15] usb 5-1: USB disconnect, device number 3 [ 131.413586][ T24] audit: type=1326 audit(1718472623.709:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1091 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb47b0aeea9 code=0x7ffc0000 [ 131.447031][ T24] audit: type=1400 audit(1718472623.739:278): avc: denied { create } for pid=1094 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 131.470090][ T1080] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=1080 comm=syz-executor.2 [ 131.847948][ T25] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 132.148035][ T1141] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 132.168072][ T1141] EXT4-fs (loop4): failed to initialize system zone (-117) [ 132.175215][ T1141] EXT4-fs (loop4): mount failed [ 132.207214][ T25] usb 4-1: config 45 has too many interfaces: 194, using maximum allowed: 32 [ 132.215897][ T25] usb 4-1: config 45 has 1 interface, different from the descriptor's value: 194 [ 132.224919][ T25] usb 4-1: config 45 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.235837][ T25] usb 4-1: config 45 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 132.245703][ T25] usb 4-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00 [ 132.254695][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.307333][ T427] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 132.331421][ T1148] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 132.488306][ T1150] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 132.495872][ T1150] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 132.506858][ T1150] F2FS-fs (loop4): Found nat_bits in checkpoint [ 132.542093][ T1150] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 132.547031][ T427] usb 1-1: Using ep0 maxpacket: 8 [ 132.549099][ T1150] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 132.667018][ T427] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 132.707657][ T1162] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 132.716485][ T1162] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 132.725454][ T1162] F2FS-fs (loop2): invalid crc value [ 132.728243][ T25] uclogic 0003:5543:0042.0004: unknown main item tag 0x0 [ 132.730681][ T405] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 132.744870][ T25] uclogic 0003:5543:0042.0004: item fetching failed at offset 3/5 [ 132.752791][ T25] uclogic 0003:5543:0042.0004: parse failed [ 132.753586][ T1162] F2FS-fs (loop2): Found nat_bits in checkpoint [ 132.758654][ T427] usb 1-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 132.782371][ T25] uclogic: probe of 0003:5543:0042.0004 failed with error -22 [ 132.792153][ T1162] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 132.797888][ T427] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 132.799084][ T1162] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 132.816923][ T427] usb 1-1: SerialNumber: syz [ 132.829602][ T427] usb 1-1: config 0 descriptor?? [ 132.877415][ T427] uvcvideo: Found UVC 0.00 device (05ac:8501) [ 132.884410][ T427] uvcvideo 1-1:0.0: Entity type for entity Output 255 was not initialized! [ 132.892932][ T427] uvcvideo: Failed to create links for entity 255 [ 132.893623][ T9] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 132.907818][ T427] uvcvideo: Failed to register entities (-22). [ 132.907951][ T9] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 132.946164][ T593] usb 4-1: USB disconnect, device number 5 [ 133.095743][ T25] usb 1-1: USB disconnect, device number 2 [ 133.107017][ T405] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 133.117876][ T405] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24832, setting to 1024 [ 133.147509][ T405] usb 2-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 133.156405][ T405] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.171317][ T405] usb 2-1: config 0 descriptor?? [ 133.230115][ T1172] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.237468][ T1172] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.244687][ T1172] device bridge_slave_0 entered promiscuous mode [ 133.254248][ T1172] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.262279][ T1172] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.269561][ T1172] device bridge_slave_1 entered promiscuous mode [ 133.310079][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 133.317759][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 133.338208][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.346279][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.354812][ T423] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.361641][ T423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.368851][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.376936][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.384797][ T423] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.391576][ T423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.398708][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 133.406388][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 133.414136][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.427747][ T1172] device veth0_vlan entered promiscuous mode [ 133.437014][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 133.445129][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 133.453571][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 133.461242][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 133.468613][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 133.480484][ T1172] device veth1_macvtap entered promiscuous mode [ 133.490809][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 133.503031][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 133.522609][ T1182] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 133.607792][ T9] device bridge_slave_1 left promiscuous mode [ 133.614024][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.616987][ T427] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 133.628449][ T9] device bridge_slave_0 left promiscuous mode [ 133.634662][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.643049][ T9] device veth1_macvtap left promiscuous mode [ 133.649843][ T9] device veth0_vlan left promiscuous mode [ 133.693928][ T405] itetech 0003:06CB:73F5.0005: unknown main item tag 0x0 [ 133.703108][ T405] itetech 0003:06CB:73F5.0005: hidraw0: USB HID v0.00 Device [HID 06cb:73f5] on usb-dummy_hcd.1-1/input0 [ 133.906807][ T1212] syz-executor.2[1212] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 133.906858][ T1212] syz-executor.2[1212] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 133.934674][ T544] usb 2-1: USB disconnect, device number 4 [ 134.037801][ T1203] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 134.045389][ T1203] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 134.055621][ T1203] F2FS-fs (loop0): Found nat_bits in checkpoint [ 134.067049][ T427] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.079619][ T427] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 134.104138][ T427] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 134.113552][ T427] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.182713][ T427] usb 5-1: config 0 descriptor?? [ 134.282182][ T1203] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 134.289529][ T1203] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 134.303670][ T1203] attempt to access beyond end of device [ 134.303670][ T1203] loop0: rw=2049, want=45104, limit=40427 [ 134.337299][ T438] attempt to access beyond end of device [ 134.337299][ T438] loop0: rw=1, want=45104, limit=40427 [ 134.467773][ T1239] erofs: (device loop2): mounted with root inode @ nid 36. [ 134.475505][ T1239] erofs: (device loop2): z_erofs_map_blocks_iter: invalid logical cluster 0 at nid 36 [ 134.485063][ T1239] attempt to access beyond end of device [ 134.485063][ T1239] loop2: rw=0, want=304, limit=16 [ 134.495600][ T1239] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117] [ 134.678041][ T427] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 134.687611][ T427] plantronics 0003:047F:FFFF.0006: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 134.939131][ T1253] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 134.947001][ T1253] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 134.965671][ T1253] F2FS-fs (loop0): Found nat_bits in checkpoint [ 134.997090][ T423] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 135.011541][ T1253] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 135.018527][ T1253] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 135.041503][ T1253] attempt to access beyond end of device [ 135.041503][ T1253] loop0: rw=2049, want=45104, limit=40427 [ 135.071478][ T9] attempt to access beyond end of device [ 135.071478][ T9] loop0: rw=1, want=45104, limit=40427 [ 135.198599][ T1273] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 135.247873][ T1278] erofs: (device loop0): mounted with root inode @ nid 36. [ 135.256266][ T1278] erofs: (device loop0): z_erofs_map_blocks_iter: invalid logical cluster 0 at nid 36 [ 135.265741][ T1278] attempt to access beyond end of device [ 135.265741][ T1278] loop0: rw=0, want=304, limit=16 [ 135.276155][ T1278] erofs: (device loop0): z_erofs_readpage: failed to read, err [-117] [ 135.387121][ T423] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 135.397968][ T423] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 135.487995][ T1292] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 135.497907][ T423] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 135.498226][ T1292] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 135.506728][ T423] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 135.506737][ T423] usb 3-1: SerialNumber: syz [ 135.530258][ T1292] EXT4-fs (loop1): failed to initialize system zone (-117) [ 135.537361][ T1248] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 135.537501][ T1292] EXT4-fs (loop1): mount failed [ 135.607059][ T15] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 135.627025][ T405] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 135.629911][ T544] usb 5-1: USB disconnect, device number 4 [ 135.725623][ T1292] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=1292 comm=syz-executor.1 [ 135.777500][ T24] kauditd_printk_skb: 20 callbacks suppressed [ 135.777510][ T24] audit: type=1400 audit(1718472628.149:299): avc: denied { write } for pid=1299 comm="syz-executor.1" name="001" dev="devtmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 135.830971][ T24] audit: type=1400 audit(1718472628.199:300): avc: denied { sys_module } for pid=1304 comm="syz-executor.1" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 135.865919][ T1307] process 'syz-executor.1' launched '/dev/fd/4/./file2' with NULL argv: empty string added [ 135.876622][ T24] audit: type=1400 audit(1718472628.249:301): avc: denied { nosuid_transition } for pid=1306 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process2 permissive=1 [ 135.897561][ T24] audit: type=1400 audit(1718472628.249:302): avc: denied { transition } for pid=1306 comm="syz-executor.1" path="/file2" dev="sda1" ino=1968 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 135.920730][ T24] audit: type=1400 audit(1718472628.249:303): avc: denied { entrypoint } for pid=1306 comm="syz-executor.1" path="/file2" dev="sda1" ino=1968 scontext=system_u:object_r:hugetlbfs_t tcontext=root:object_r:user_home_t tclass=file permissive=1 [ 135.943987][ T24] audit: type=1400 audit(1718472628.249:304): avc: denied { noatsecure } for pid=1306 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 136.010517][ T1313] EXT4-fs (loop1): 1 truncate cleaned up [ 136.016072][ T1313] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000c32,nolazytime,jqfmt=vfsold,acl,nodiscard,errors=continue,usrjquota=,,errors=continue [ 136.047045][ T15] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.057912][ T405] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.068943][ T15] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24832, setting to 1024 [ 136.069270][ T405] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.091579][ T405] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 136.112942][ T405] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.122930][ T405] usb 4-1: config 0 descriptor?? [ 136.127891][ T15] usb 1-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 136.138615][ T15] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.149361][ T15] usb 1-1: config 0 descriptor?? [ 136.216589][ T1318] EXT4-fs error (device loop1): ext4_find_dest_de:2076: inode #2: block 13: comm syz-executor.1: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 136.396135][ T1322] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 136.406260][ T1322] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 136.415734][ T1322] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 136.425594][ T1322] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 136.435868][ T1322] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 136.446372][ T1322] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 136.457204][ T1322] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 136.518050][ T1324] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 136.527789][ T1324] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 136.543140][ T1324] EXT4-fs (loop4): failed to initialize system zone (-117) [ 136.550400][ T1324] EXT4-fs (loop4): mount failed [ 136.617970][ T405] lg-g15 0003:046D:C222.0007: item fetching failed at offset 10/11 [ 136.625880][ T405] lg-g15: probe of 0003:046D:C222.0007 failed with error -22 [ 136.738037][ T15] itetech 0003:06CB:73F5.0008: unknown main item tag 0x0 [ 136.745786][ T15] itetech 0003:06CB:73F5.0008: hidraw0: USB HID v0.00 Device [HID 06cb:73f5] on usb-dummy_hcd.0-1/input0 [ 136.808408][ T1324] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=1324 comm=syz-executor.4 [ 136.831494][ T15] usb 4-1: USB disconnect, device number 6 [ 136.844065][ T1328] netlink: 216 bytes leftover after parsing attributes in process `syz-executor.4'. [ 136.986032][ T24] audit: type=1400 audit(1718472629.349:305): avc: denied { mount } for pid=1329 comm="syz-executor.4" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 137.033535][ T427] usb 1-1: USB disconnect, device number 3 [ 137.496361][ T1348] device syzkaller0 entered promiscuous mode [ 137.587073][ T423] cdc_ether: probe of 3-1:1.0 failed with error -71 [ 137.595566][ T24] audit: type=1400 audit(1718472629.959:306): avc: denied { read } for pid=1356 comm="syz-executor.2" name="file0" dev="incremental-fs" ino=1969 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 137.599332][ T423] usb 3-1: USB disconnect, device number 4 [ 137.619025][ T24] audit: type=1400 audit(1718472629.959:307): avc: denied { open } for pid=1356 comm="syz-executor.2" path="/root/syzkaller-testdir3100592590/syzkaller.oTzMLG/15/file0/file0" dev="incremental-fs" ino=1969 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 137.674709][ T24] audit: type=1400 audit(1718472629.959:308): avc: denied { write } for pid=1356 comm="syz-executor.2" path="/root/syzkaller-testdir3100592590/syzkaller.oTzMLG/15/file0/file0" dev="incremental-fs" ino=1969 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 137.734406][ T1362] EXT4-fs (loop2): 1 truncate cleaned up [ 137.740635][ T1362] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000c32,nolazytime,jqfmt=vfsold,acl,nodiscard,errors=continue,usrjquota=,,errors=continue [ 137.867048][ T544] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 137.922693][ T1384] EXT4-fs error (device loop2): ext4_find_dest_de:2076: inode #2: block 13: comm syz-executor.2: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 138.116965][ T544] usb 1-1: Using ep0 maxpacket: 8 [ 138.207579][ T15] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 138.214913][ T593] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 138.237054][ T544] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 138.327041][ T544] usb 1-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 138.335945][ T544] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 138.343939][ T544] usb 1-1: SerialNumber: syz [ 138.348707][ T544] usb 1-1: config 0 descriptor?? [ 138.387321][ T544] uvcvideo: Found UVC 0.00 device (05ac:8501) [ 138.394166][ T544] uvcvideo 1-1:0.0: Entity type for entity Output 255 was not initialized! [ 138.402595][ T544] uvcvideo: Failed to create links for entity 255 [ 138.408812][ T544] uvcvideo: Failed to register entities (-22). [ 138.589604][ T544] usb 1-1: USB disconnect, device number 4 [ 138.597600][ T1387] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 138.608871][ T1387] EXT4-fs error (device loop3): ext4_quota_enable:6407: comm syz-executor.3: Bad quota inum: 9, type: 2 [ 138.619970][ T593] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.630678][ T15] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 138.642101][ T593] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24832, setting to 1024 [ 138.642781][ T1387] EXT4-fs warning (device loop3): ext4_enable_quotas:6455: Failed to enable quota tracking (type=2, err=-117, ino=9). Please run e2fsck to fix. [ 138.653147][ T15] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 138.680392][ T593] usb 5-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 138.689798][ T1387] EXT4-fs (loop3): mount failed [ 138.695066][ T593] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.703621][ T593] usb 5-1: config 0 descriptor?? [ 138.797042][ T15] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 138.800034][ T1394] device syzkaller0 entered promiscuous mode [ 138.806015][ T15] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 138.819816][ T15] usb 2-1: SerialNumber: syz [ 138.837002][ T1382] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 138.968677][ T1398] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1398 comm=syz-executor.3 [ 138.997413][ T1398] exfat: Deprecated parameter 'utf8' [ 139.002581][ T1398] exfat: Deprecated parameter 'namecase' [ 139.008278][ T1398] exfat: Deprecated parameter 'utf8' [ 139.015478][ T1398] exFAT-fs (loop3): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d) [ 139.177647][ T593] itetech 0003:06CB:73F5.0009: unknown main item tag 0x0 [ 139.184943][ T593] itetech 0003:06CB:73F5.0009: hidraw0: USB HID v0.00 Device [HID 06cb:73f5] on usb-dummy_hcd.4-1/input0 [ 139.379968][ T423] usb 5-1: USB disconnect, device number 5 [ 140.294008][ T1435] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1435 comm=syz-executor.0 [ 140.508241][ T1456] netlink: 576 bytes leftover after parsing attributes in process `syz-executor.3'. [ 141.007283][ T1452] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 141.014954][ T1452] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 141.018808][ T1474] syz-executor.0[1474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 141.023001][ T1474] syz-executor.0[1474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 141.042388][ T1474] syz-executor.0[1474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 141.054215][ T15] cdc_ether: probe of 2-1:1.0 failed with error -71 [ 141.066859][ T1474] syz-executor.0[1474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 141.073239][ T1452] F2FS-fs (loop2): invalid crc value [ 141.073524][ T15] usb 2-1: USB disconnect, device number 5 [ 141.109039][ T1452] F2FS-fs (loop2): Found nat_bits in checkpoint [ 141.143129][ T1452] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 141.150067][ T1452] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 141.208298][ T9] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 141.217981][ T9] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 141.223222][ T24] kauditd_printk_skb: 5 callbacks suppressed [ 141.223233][ T24] audit: type=1400 audit(1718472633.589:314): avc: denied { read } for pid=1489 comm="syz-executor.0" dev="sockfs" ino=20165 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 141.701129][ T24] audit: type=1400 audit(1718472633.889:315): avc: denied { read } for pid=1506 comm="syz-executor.4" name="ppp" dev="devtmpfs" ino=133 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 141.789613][ T24] audit: type=1400 audit(1718472633.889:316): avc: denied { open } for pid=1506 comm="syz-executor.4" path="/dev/ppp" dev="devtmpfs" ino=133 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 141.822397][ T1512] syz-executor.3[1512] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 141.822447][ T1512] syz-executor.3[1512] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 141.834476][ T24] audit: type=1400 audit(1718472633.899:317): avc: denied { ioctl } for pid=1506 comm="syz-executor.4" path="/dev/ppp" dev="devtmpfs" ino=133 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 141.865800][ T1512] syz-executor.3[1512] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 141.870986][ T1512] syz-executor.3[1512] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 142.005309][ T1517] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.023701][ T1517] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.031085][ T1517] device bridge_slave_0 entered promiscuous mode [ 142.040211][ T1517] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.047562][ T1517] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.055502][ T1517] device bridge_slave_1 entered promiscuous mode [ 142.061983][ T15] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 142.098528][ T1517] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.105369][ T1517] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.112443][ T1517] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.119276][ T1517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.142583][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 142.150929][ T423] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.158285][ T423] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.174950][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 142.183371][ T423] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.190206][ T423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.207679][ T423] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 142.215662][ T423] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.222518][ T423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.249604][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 142.266288][ T544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 142.274574][ T544] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 142.284761][ T1517] device veth0_vlan entered promiscuous mode [ 142.292386][ T1531] EXT4-fs (loop4): Ignoring removed orlov option [ 142.298724][ T1531] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 142.298729][ T544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 142.299049][ T544] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 142.322481][ T1531] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 142.327315][ T544] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 142.343725][ T15] usb 2-1: Using ep0 maxpacket: 8 [ 142.350583][ T427] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 142.362719][ T24] audit: type=1400 audit(1718472634.719:318): avc: denied { mounton } for pid=1530 comm="syz-executor.4" path="/root/syzkaller-testdir4049245914/syzkaller.E5gWnq/93/file1/file0/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 142.365647][ T1531] EXT4-fs error (device loop4): get_max_inline_xattr_value_size:68: inode #12: comm syz-executor.4: corrupt xattr in inline inode [ 142.401905][ T24] audit: type=1400 audit(1718472634.719:319): avc: denied { map } for pid=1530 comm="syz-executor.4" path="/root/syzkaller-testdir4049245914/syzkaller.E5gWnq/93/file1/file0/bus" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 142.403995][ T1531] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2204: inode #12: comm syz-executor.4: corrupted in-inode xattr [ 142.453032][ T544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 142.468705][ T1517] device veth1_macvtap entered promiscuous mode [ 142.469139][ T24] audit: type=1400 audit(1718472634.829:320): avc: denied { rmdir } for pid=401 comm="syz-executor.4" name="lost+found" dev="loop4" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 142.497686][ T24] audit: type=1400 audit(1718472634.839:321): avc: denied { unlink } for pid=401 comm="syz-executor.4" name="file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 142.521073][ T24] audit: type=1400 audit(1718472634.839:322): avc: denied { unlink } for pid=401 comm="syz-executor.4" name="file1" dev="loop4" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 142.543755][ T15] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 142.544858][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 142.552623][ T24] audit: type=1400 audit(1718472634.839:323): avc: denied { unmount } for pid=401 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 142.561708][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 142.586117][ T15] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.597516][ T15] usb 2-1: config 0 descriptor?? [ 142.651406][ T9] device bridge_slave_1 left promiscuous mode [ 142.659373][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.666830][ T9] device bridge_slave_0 left promiscuous mode [ 142.673047][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.681079][ T9] device veth1_macvtap left promiscuous mode [ 142.687192][ T9] device veth0_vlan left promiscuous mode [ 142.711053][ T427] usb 4-1: Using ep0 maxpacket: 32 [ 142.827131][ T427] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.895552][ T427] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.057019][ T427] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 143.066001][ T427] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 143.074275][ T427] usb 4-1: Product: syz [ 143.078475][ T427] usb 4-1: Manufacturer: syz [ 143.117310][ T427] hub 4-1:4.0: USB hub found [ 143.137858][ T1562] EXT4-fs (loop2): Unrecognized mount option "obj_user=" or missing value [ 143.147013][ T15] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 143.156751][ T15] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHYID register: ffffffe0 [ 143.589284][ T427] hub 4-1:4.0: 2 ports detected [ 144.026974][ T427] hub 4-1:4.0: set hub depth failed [ 144.068277][ T427] usb 4-1: USB disconnect, device number 7 [ 144.077890][ T1587] EXT4-fs (loop2): Ignoring removed orlov option [ 144.084092][ T1587] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 144.096985][ T15] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 144.098592][ T1587] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 144.106853][ T15] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 144.146954][ T593] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 144.155762][ T15] asix: probe of 2-1:0.0 failed with error -71 [ 144.162985][ T15] usb 2-1: USB disconnect, device number 6 [ 144.176404][ T1587] EXT4-fs error (device loop2): get_max_inline_xattr_value_size:68: inode #12: comm syz-executor.2: corrupt xattr in inline inode [ 144.197483][ T1587] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2204: inode #12: comm syz-executor.2: corrupted in-inode xattr [ 144.215281][ T1517] ================================================================== [ 144.223172][ T1517] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xc67/0xc80 [ 144.230962][ T1517] Read of size 4 at addr ffff888128c0b000 by task syz-executor.2/1517 [ 144.238938][ T1517] [ 144.241121][ T1517] CPU: 0 PID: 1517 Comm: syz-executor.2 Not tainted 5.10.214-syzkaller-00187-ge6f44899ce5d #0 [ 144.251184][ T1517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 144.261082][ T1517] Call Trace: [ 144.264210][ T1517] dump_stack_lvl+0x1e2/0x24b [ 144.268717][ T1517] ? bfq_pos_tree_add_move+0x43b/0x43b [ 144.274009][ T1517] ? panic+0x80b/0x80b [ 144.277916][ T1517] ? ext4_mark_iloc_dirty+0x2c23/0x3e60 [ 144.283298][ T1517] print_address_description+0x81/0x3b0 [ 144.288688][ T1517] kasan_report+0x179/0x1c0 [ 144.293020][ T1517] ? __ext4_journal_ensure_credits+0x470/0x470 [ 144.299015][ T1517] ? ext4_xattr_delete_inode+0xc67/0xc80 [ 144.304476][ T1517] ? ext4_xattr_delete_inode+0xc67/0xc80 [ 144.309945][ T1517] __asan_report_load4_noabort+0x14/0x20 [ 144.315410][ T1517] ext4_xattr_delete_inode+0xc67/0xc80 [ 144.320708][ T1517] ? sb_end_intwrite+0x110/0x110 [ 144.325479][ T1517] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 144.331384][ T1517] ? __kasan_check_read+0x11/0x20 [ 144.336243][ T1517] ext4_evict_inode+0x1095/0x1730 [ 144.341106][ T1517] ? ext4_inode_is_fast_symlink+0x360/0x360 [ 144.346833][ T1517] ? inode_io_list_del_locked+0x1ad/0x210 [ 144.352387][ T1517] ? _raw_spin_unlock+0x4d/0x70 [ 144.357075][ T1517] ? ext4_inode_is_fast_symlink+0x360/0x360 [ 144.362802][ T1517] evict+0x2a3/0x6c0 [ 144.366533][ T1517] iput+0x632/0x7e0 [ 144.370181][ T1517] vfs_rmdir+0x271/0x3f0 [ 144.374260][ T1517] do_rmdir+0x2cf/0x5c0 [ 144.378255][ T1517] ? d_delete_notify+0xd0/0xd0 [ 144.382850][ T1517] ? strncpy_from_user+0x18e/0x2d0 [ 144.387798][ T1517] ? getname_flags+0x1fd/0x520 [ 144.392397][ T1517] __x64_sys_unlinkat+0xdf/0xf0 [ 144.397088][ T1517] do_syscall_64+0x34/0x70 [ 144.401337][ T1517] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 144.407064][ T1517] RIP: 0033:0x7f79626b5687 [ 144.411320][ T1517] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 144.430760][ T1517] RSP: 002b:00007ffd37e10e08 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 144.439004][ T1517] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f79626b5687 [ 144.446831][ T1517] RDX: 0000000000000200 RSI: 00007ffd37e11fb0 RDI: 00000000ffffff9c [ 144.454633][ T1517] RBP: 00007f7962712636 R08: 0000000000000000 R09: 0000000000000000 [ 144.462441][ T1517] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffd37e11fb0 [ 144.470251][ T1517] R13: 00007f7962712636 R14: 000000000002329c R15: 0000000000000007 [ 144.478066][ T1517] [ 144.480229][ T1517] The buggy address belongs to the page: [ 144.485722][ T1517] page:ffffea0004a302c0 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x1 pfn:0x128c0b [ 144.496028][ T1517] flags: 0x4000000000000000() [ 144.500547][ T1517] raw: 4000000000000000 ffffea00049ec208 ffffea00049a6648 0000000000000000 [ 144.508963][ T1517] raw: 0000000000000001 0000000000000000 00000000ffffff7f 0000000000000000 [ 144.517376][ T1517] page dumped because: kasan: bad access detected [ 144.523636][ T1517] page_owner tracks the page as freed [ 144.528841][ T1517] page last allocated via order 0, migratetype Movable, gfp_mask 0x8100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x8000000), pid 1587, ts 144046821704, free_ts 144052099947 [ 144.545247][ T1517] prep_new_page+0x166/0x180 [ 144.549671][ T1517] get_page_from_freelist+0x2d8c/0x2f30 [ 144.555049][ T1517] __alloc_pages_nodemask+0x435/0xaf0 [ 144.560260][ T1517] handle_pte_fault+0x1782/0x3e30 [ 144.565116][ T1517] __handle_speculative_fault+0x13a6/0x1ec0 [ 144.570848][ T1517] exc_page_fault+0x234/0x5b0 [ 144.575359][ T1517] asm_exc_page_fault+0x1e/0x30 [ 144.580040][ T1517] page last free stack trace: [ 144.584559][ T1517] free_unref_page_prepare+0x2ae/0x2d0 [ 144.589853][ T1517] free_unref_page_list+0x122/0xb20 [ 144.594886][ T1517] release_pages+0xea0/0xef0 [ 144.599316][ T1517] free_pages_and_swap_cache+0x8a/0xa0 [ 144.604607][ T1517] tlb_finish_mmu+0x177/0x320 [ 144.609122][ T1517] unmap_region+0x31c/0x370 [ 144.613462][ T1517] __do_munmap+0x699/0x8c0 [ 144.617713][ T1517] __se_sys_munmap+0x120/0x1a0 [ 144.622313][ T1517] __x64_sys_munmap+0x5b/0x70 [ 144.626825][ T1517] do_syscall_64+0x34/0x70 [ 144.631082][ T1517] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 144.636802][ T1517] [ 144.638975][ T1517] Memory state around the buggy address: [ 144.644450][ T1517] ffff888128c0af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 144.652342][ T1517] ffff888128c0af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 144.660242][ T1517] >ffff888128c0b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 144.668138][ T1517] ^ 2024/06/15 17:30:37 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 144.672044][ T1517] ffff888128c0b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 144.679945][ T1517] ffff888128c0b100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 144.687841][ T1517] ================================================================== [ 144.695744][ T1517] Disabling lock debugging due to kernel taint