last executing test programs: 1.99689887s ago: executing program 1: syz_emit_ethernet(0x86, &(0x7f0000000280)={@local, @empty, @val, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "dd690b", 0x48, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x8100, 0x0, 0x0, [0x15f5]}, {0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x800, [0x0]}}}}}}}, 0x0) 1.673743461s ago: executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10) write$FUSE_DIRENTPLUS(r2, &(0x7f00000012c0)=ANY=[@ANYBLOB="b0"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=', @ANYRESDEC=r6]) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)=@known='trusted.overlay.redirect\x00', 0x0, 0x0) 1.383030996s ago: executing program 0: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$selinux_attr(r0, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d) r1 = memfd_create(&(0x7f0000000c00)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5\x00\x00\x00\x00\x00\x00\x00\x05L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0\xc8d\x96G\xcf\x066\x84\x82-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xff\xff\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xed\x00\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a\xbc\x92W\xf7\xf9\xbd\xa7\xe9\x03\x1a\xa1\xee\xd2\xa5\x89\xab\x15\xc0E\xb5\xbc\xd2\xab\t;\xd6\xf9U\xad5!\x1cnr;1\xa2\xf1\x83\xc5\xb1\xb7\xbc\xd5W]\xd8\xa6\xd0\xaad\x89\x99\n\x89kwa\x90E\xcc\rT\x7f\x7f', 0x0) execveat(r1, &(0x7f0000000140)='\x00', 0x0, 0x0, 0x1000) 1.35589648s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x2, 0xc}, 0x48) bind$packet(r2, &(0x7f00000000c0)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="e4bb98e2876d"}, 0x14) dup2(r4, r2) 1.341557892s ago: executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000079000000090000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0xa, 0x4, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan0\x00'}) sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x210000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000900", @ANYRES16=0x0, @ANYBLOB="00032cbd7000fddbdf2563000000"], 0x14}, 0x1, 0x0, 0x0, 0xc1}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = io_uring_setup(0x3453, &(0x7f0000000100)) close(r3) clock_nanosleep(0xb, 0x0, &(0x7f00000000c0)={0x77359400}, 0xfffffffffffffffe) mkdir(0x0, 0x0) chdir(0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) getrandom(&(0x7f0000000080)=""/240, 0xfffffffffffffe77, 0x0) execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000300), 0x0) r4 = inotify_init1(0x0) inotify_add_watch(r4, &(0x7f0000000200)='.\x00', 0x10000a0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) preadv(r5, 0x0, 0x0, 0x0, 0x0) 1.330579934s ago: executing program 1: syz_open_dev$usbfs(0x0, 0x0, 0x101301) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) write$cgroup_int(r4, &(0x7f00000001c0), 0xfffffdef) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={0x0}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x10, 0xffffffffffffffff, 0x0) madvise(&(0x7f000019e000/0x4000)=nil, 0x200000, 0x0) 1.321327685s ago: executing program 4: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/drivers\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(0x0, r2, 0xee01) fchown(r0, 0x0, 0x0) 1.300646488s ago: executing program 4: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000680)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) recvfrom$packet(0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0) 1.265583354s ago: executing program 2: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000040)) 1.249014366s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000e3830000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_ext_remove_space_done\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000100), 0x1001) ioctl$SIOCSIFHWADDR(r2, 0x4030582b, &(0x7f0000000000)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) 1.244365687s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x5, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01dfffffff0000000000210000000c00018008000100", @ANYRES32=r2], 0x20}}, 0x0) 1.22572377s ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2a08000, &(0x7f00000002c0), 0xfc, 0x46d, &(0x7f0000000b80)="$eJzs3MtrXFUYAPBv7mTSps/4qNqHGl9YfDRN+rALN4qCCwVBF9VdTNNSm1ppItgSTBSpSym4F5eCf4Er3Yi6EtzqXgpBsml8gFfunXvznjwnmej8fjDhnHvPzDnfPfdMzj13ZgJoWz3Zn0rEnoj4JUsneXZGWhTKyk1PjQ3+MTU2WIk0fe33Sr7v9tTYYFm2fN6eInM0iUg+rsThJeoduXb90sDw8NDVIt87evnd3pFr15++eHngwtCFoXf6z5w5eaLvmdP9p5oS596srYc+uHLk4Etv3Hxl8OzNt374qqNs64I4mqUneuYdy7kea3ZlLbZ3TrrS0cKGsCbViMi6q5aP//1RjdnO2x8vftTSxgGbKk3TdF/j3RMp8D9WiVa3AGiN8h/97amuiBgb3Izr4O1s8rn6BVAW93TxqO/piKQoU1twfdtMO4t1k7MTf34eeT/saKvjDwBsvW+y+c9T9flP+ajv6Y575pTbl68HZ1sj7oiIOyPiroi4OyIORORl742I+9ZYf8+C/OL5Z3JrXYGtUjb/e7a4tzV//lfM/v5Ju6tFbm90RXfUKucvDg8dL47J0ajtyPJ9y9Tx7Qs/f9poX08x9ysfWf3lXLBox62OHfOfc25gdGBjUc+a/DBfAxxfHP/snassdTAiDq3j9bN588UnvjzSaP/K8S+jCfeZ0i8iHq/3/0QsE//C+5Ndxb7T/ad6d8bw0PHe8qxY7MefbrzaqP4Nxd8EWf/vWvL8n4m/uzL3fu3I2uu48esnDa9p1nD+v1luyc7/zsrrebqz2Pb+wOjo1b6IzsrLi7f3z75amS/LT+45EPHI0uM/e4/LzrEs/sMRkZ3E90fEAxHxYNH2hyLi4chfYinj0xHx/fOPvr2e+JOVDmwTZP1/bl7/xwr9v/ZE9dJ3X68n/rqs/0/mqaPFltW8/622gRs5dgAAAPBfkeSfga8kx2bSSXLsWMTufG13VzJ8ZWT0yfNX3vvrXP2z8t1RS8qVrvp6cH09tK9YGy7z/QvyJ4p148+qXXl+V3HvG2id3Q3Gf+a3aqtbB2w639eC9mX8Q/sy/qF9Gf/QvlY7/tNNbgew9ZYa/+MtaAew9cz/oX0Z/9C+jH9oX8Y/tKWNfK9fYoXEeJMPb+c2iStPRJIn0vEWNuPv4mdYVld489pT/lrGyoVrxbjbDj24fKJ170kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADN9G8AAAD//8ui3fI=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000380), 0x12) open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0) write$binfmt_script(r2, &(0x7f0000000280), 0x208e24b) ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x40c000}) 1.215871522s ago: executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = open(0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfecc) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x6, 0x12, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e23, 0x8}}}}}, 0x0) copy_file_range(0xffffffffffffffff, &(0x7f0000000000), r1, 0x0, 0x0, 0x0) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r3, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', 0x0, 0x11}}, 0x120) clock_gettime(0x0, &(0x7f00000002c0)) r4 = socket$vsock_stream(0x28, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0xa) ppoll(&(0x7f0000000280)=[{r0, 0x100}, {r4}, {}, {r3, 0x20}, {0xffffffffffffffff, 0x4110}, {r5, 0x4048}, {r5, 0xa}], 0x7, &(0x7f0000000300), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6) futex(&(0x7f0000001300)=0x80000001, 0x800000000006, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8) r7 = signalfd(0xffffffffffffffff, &(0x7f00000002c0), 0x8) read$FUSE(r7, &(0x7f0000002900)={0x2020}, 0x2020) 1.09851143s ago: executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(r1, 0x4068aea3, &(0x7f0000000040)={0xc0, 0x0, 0x10000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r2, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000000), 0xc, 0x0}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17.370557ms ago: executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = open(0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfecc) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x6, 0x12, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e23, 0x8}}}}}, 0x0) copy_file_range(0xffffffffffffffff, &(0x7f0000000000), r1, 0x0, 0x0, 0x0) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r3, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', 0x0, 0x11}}, 0x120) clock_gettime(0x0, &(0x7f00000002c0)) r4 = socket$vsock_stream(0x28, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0xa) ppoll(&(0x7f0000000280)=[{r0, 0x100}, {r4}, {}, {r3, 0x20}, {0xffffffffffffffff, 0x4110}, {r5, 0x4048}, {r5, 0xa}], 0x7, &(0x7f0000000300), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6) futex(&(0x7f0000001300)=0x80000001, 0x800000000006, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8) r7 = signalfd(0xffffffffffffffff, &(0x7f00000002c0), 0x8) read$FUSE(r7, &(0x7f0000002900)={0x2020}, 0x2020) 0s ago: executing program 4: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = open(0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfecc) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x6, 0x12, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e23, 0x8}}}}}, 0x0) copy_file_range(0xffffffffffffffff, &(0x7f0000000000), r1, 0x0, 0x0, 0x0) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r3, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', 0x0, 0x11}}, 0x120) clock_gettime(0x0, &(0x7f00000002c0)) r4 = socket$vsock_stream(0x28, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0xa) ppoll(&(0x7f0000000280)=[{r0, 0x100}, {r4}, {}, {r3, 0x20}, {0xffffffffffffffff, 0x4110}, {r5, 0x4048}, {r5, 0xa}], 0x7, &(0x7f0000000300), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6) futex(&(0x7f0000001300)=0x80000001, 0x800000000006, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8) r7 = signalfd(0xffffffffffffffff, &(0x7f00000002c0), 0x8) read$FUSE(r7, &(0x7f0000002900)={0x2020}, 0x2020) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.89' (ED25519) to the list of known hosts. 2024/05/29 05:43:56 fuzzer started 2024/05/29 05:43:56 dialing manager at 10.128.0.163:30012 [ 22.368006][ T28] audit: type=1400 audit(1716961436.425:66): avc: denied { node_bind } for pid=285 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 22.388378][ T28] audit: type=1400 audit(1716961436.425:67): avc: denied { name_bind } for pid=285 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 22.442698][ T28] audit: type=1400 audit(1716961436.505:68): avc: denied { mounton } for pid=295 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.443974][ T295] cgroup: Unknown subsys name 'net' [ 22.488206][ T28] audit: type=1400 audit(1716961436.505:69): avc: denied { mount } for pid=295 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.510229][ T28] audit: type=1400 audit(1716961436.535:70): avc: denied { setattr } for pid=296 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.510417][ T295] cgroup: Unknown subsys name 'devices' [ 22.533534][ T28] audit: type=1400 audit(1716961436.545:71): avc: denied { mounton } for pid=303 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.548433][ T297] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.563334][ T28] audit: type=1400 audit(1716961436.555:72): avc: denied { mount } for pid=303 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.594745][ T28] audit: type=1400 audit(1716961436.555:73): avc: denied { unmount } for pid=295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.606814][ T294] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.614492][ T28] audit: type=1400 audit(1716961436.635:74): avc: denied { relabelto } for pid=297 comm="mkswap" name="swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.648321][ T28] audit: type=1400 audit(1716961436.635:75): avc: denied { write } for pid=297 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.761464][ T295] cgroup: Unknown subsys name 'hugetlb' [ 22.766934][ T295] cgroup: Unknown subsys name 'rlimit' 2024/05/29 05:43:56 starting 5 executor processes [ 23.312475][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.319677][ T312] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.326971][ T312] device bridge_slave_0 entered promiscuous mode [ 23.352700][ T312] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.359580][ T312] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.366737][ T312] device bridge_slave_1 entered promiscuous mode [ 23.403201][ T313] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.410272][ T313] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.417476][ T313] device bridge_slave_0 entered promiscuous mode [ 23.425769][ T313] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.432674][ T313] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.439973][ T313] device bridge_slave_1 entered promiscuous mode [ 23.499048][ T316] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.506185][ T316] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.513503][ T316] device bridge_slave_0 entered promiscuous mode [ 23.533563][ T316] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.540492][ T316] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.547596][ T316] device bridge_slave_1 entered promiscuous mode [ 23.571258][ T314] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.578103][ T314] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.585510][ T314] device bridge_slave_0 entered promiscuous mode [ 23.602679][ T314] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.609646][ T314] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.616801][ T314] device bridge_slave_1 entered promiscuous mode [ 23.670296][ T315] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.677131][ T315] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.684424][ T315] device bridge_slave_0 entered promiscuous mode [ 23.691268][ T315] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.698100][ T315] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.705451][ T315] device bridge_slave_1 entered promiscuous mode [ 23.830247][ T312] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.837096][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.858561][ T313] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.865574][ T313] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.872685][ T313] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.879550][ T313] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.902634][ T314] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.909488][ T314] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.916566][ T314] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.923375][ T314] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.945949][ T315] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.952816][ T315] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.959907][ T315] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.966685][ T315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.986952][ T316] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.993814][ T316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.000947][ T316] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.007690][ T316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.038277][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.045732][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.053038][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.060036][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.066977][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.074011][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.081080][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.088275][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.095476][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.102903][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.110202][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.160260][ T223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.167983][ T223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.177437][ T223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.185489][ T223] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.192336][ T223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.199755][ T223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.207715][ T223] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.214571][ T223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.221723][ T223] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.229527][ T223] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.237371][ T223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.245572][ T223] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.252596][ T223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.259824][ T223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.267775][ T223] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.274620][ T223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.301942][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.310669][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.319002][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.327101][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.334544][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.342534][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.349955][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.357924][ T317] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.364790][ T317] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.371965][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.380093][ T317] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.387036][ T317] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.394412][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.402868][ T317] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.409717][ T317] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.416878][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.424921][ T317] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.431779][ T317] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.446227][ T312] device veth0_vlan entered promiscuous mode [ 24.453264][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.460593][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.467869][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.475874][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.483988][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.492282][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.500064][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.508224][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.516303][ T317] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.523144][ T317] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.539548][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.547539][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.555442][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.563717][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.584525][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.592532][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.600478][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.608341][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.617540][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.626209][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.634376][ T317] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.641225][ T317] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.652793][ T312] device veth1_macvtap entered promiscuous mode [ 24.668993][ T315] device veth0_vlan entered promiscuous mode [ 24.679418][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.688477][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.696662][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.704488][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.711871][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.719954][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.727858][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.735503][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.746748][ T314] device veth0_vlan entered promiscuous mode [ 24.753643][ T223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.761816][ T223] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.769423][ T223] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.783408][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.791682][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.800146][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.808639][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.827614][ T314] device veth1_macvtap entered promiscuous mode [ 24.839562][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.847809][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.856000][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.863969][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.872109][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.880014][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.887746][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.895932][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.919928][ T313] device veth0_vlan entered promiscuous mode [ 24.929651][ T315] device veth1_macvtap entered promiscuous mode [ 24.937188][ T316] device veth0_vlan entered promiscuous mode [ 24.952586][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.962401][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.970710][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.978384][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.986380][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.994150][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.002059][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.010233][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.018389][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.025801][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.033199][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.040839][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.057900][ T313] device veth1_macvtap entered promiscuous mode [ 25.067030][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.076472][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.085097][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.093084][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.101056][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.109046][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.122298][ T223] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.130401][ T223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.716193][ T223] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.738508][ T223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.903245][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.006099][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.023104][ T316] device veth1_macvtap entered promiscuous mode [ 26.038807][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.048473][ T356] process 'syz-executor.0' launched '/dev/fd/4' with NULL argv: empty string added [ 26.051029][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.067964][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.101913][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.113135][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.121721][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.130053][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.214159][ T377] loop2: detected capacity change from 0 to 512 [ 26.224758][ T377] EXT4-fs error (device loop2): ext4_get_branch:178: inode #13: block 2: comm syz-executor.2: invalid block [ 26.236865][ T377] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor.2: invalid indirect mapped block 10 (level 1) [ 26.251707][ T377] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor.2: invalid indirect mapped block 8 (level 1) [ 26.347256][ T377] EXT4-fs (loop2): 1 truncate cleaned up [ 26.379081][ T377] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 27.369241][ T28] kauditd_printk_skb: 67 callbacks suppressed [ 27.369262][ T28] audit: type=1400 audit(1716961440.995:143): avc: denied { open } for pid=382 comm="syz-executor.4" path="/dev/kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 27.448722][ T28] audit: type=1400 audit(1716961441.465:144): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 127.509078][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 127.515910][ C0] (detected by 0, t=10002 jiffies, g=1257, q=709 ncpus=2) [ 127.522930][ C0] rcu: All QSes seen, last rcu_preempt kthread activity 10002 (4294949969-4294939967), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 127.536130][ C0] rcu: rcu_preempt kthread starved for 10002 jiffies! g1257 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 127.547146][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 127.557034][ C0] rcu: RCU grace-period kthread stack dump: [ 127.562781][ C0] task:rcu_preempt state:R running task stack:28040 pid:14 ppid:2 flags:0x00004000 [ 127.573363][ C0] Call Trace: [ 127.576480][ C0] [ 127.579261][ C0] __schedule+0xca7/0x1550 [ 127.583513][ C0] ? __sched_text_start+0x8/0x8 [ 127.588199][ C0] ? __kasan_check_write+0x14/0x20 [ 127.593145][ C0] schedule+0xc3/0x180 [ 127.597052][ C0] schedule_timeout+0x18c/0x380 [ 127.601738][ C0] ? _raw_spin_unlock_irq+0x4d/0x70 [ 127.606773][ C0] ? console_conditional_schedule+0x10/0x10 [ 127.612497][ C0] ? update_process_times+0x1b0/0x1b0 [ 127.617704][ C0] ? prepare_to_swait_event+0x308/0x320 [ 127.623088][ C0] rcu_gp_fqs_loop+0x2ed/0x1060 [ 127.627775][ C0] ? _raw_spin_unlock_irq+0x4d/0x70 [ 127.632807][ C0] ? rcu_gp_init+0xc7f/0xf80 [ 127.637235][ C0] ? rcu_gp_init+0xf80/0xf80 [ 127.641658][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 127.647306][ C0] ? finish_swait+0x17d/0x1b0 [ 127.651819][ C0] rcu_gp_kthread+0xa3/0x390 [ 127.656250][ C0] ? queued_spin_lock_slowpath+0x50/0x50 [ 127.661711][ C0] ? set_cpus_allowed_ptr+0xa4/0xe0 [ 127.666747][ C0] ? __kasan_check_read+0x11/0x20 [ 127.671608][ C0] ? __kthread_parkme+0x12d/0x180 [ 127.676464][ C0] kthread+0x26d/0x300 [ 127.680367][ C0] ? queued_spin_lock_slowpath+0x50/0x50 [ 127.685855][ C0] ? kthread_blkcg+0xd0/0xd0 [ 127.690265][ C0] ret_from_fork+0x1f/0x30 [ 127.694520][ C0] [ 127.697382][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 127.703556][ C0] CPU: 0 PID: 391 Comm: syz-executor.4 Not tainted 6.1.75-syzkaller-00030-g3f139724700e #0 [ 127.713349][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 127.723254][ C0] RIP: 0010:_raw_spin_unlock_irq+0x48/0x70 [ 127.728895][ C0] Code: 3c 08 00 74 0c 48 c7 c7 e0 ef ed 86 e8 a1 7b bc fc 48 83 3d e9 fb ed 01 00 74 29 48 89 df e8 f3 0e 00 00 90 fb bf 01 00 00 00 d3 63 4f fc 65 8b 05 b4 79 02 7b 85 c0 74 03 5b 5d c3 e8 d4 8b [ 127.748418][ C0] RSP: 0018:ffffc9000966fb48 EFLAGS: 00000246 [ 127.754318][ C0] RAX: 0000000000000001 RBX: ffff88810d459a40 RCX: dffffc0000000000 [ 127.762128][ C0] RDX: ffffc90001119000 RSI: 000000000003ffff RDI: 0000000000000001 [ 127.769938][ C0] RBP: ffffc9000966fb50 R08: ffffffff81486a6f R09: fffff520012cdfc0 [ 127.777752][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810d459e60 [ 127.785564][ C0] R13: 1ffff11021a8b3cc R14: 0000000000000021 R15: dffffc0000000000 [ 127.793373][ C0] FS: 00007fb350f686c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 127.802329][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 127.808750][ C0] CR2: 0000000020274000 CR3: 0000000130079000 CR4: 00000000003506b0 [ 127.816565][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 127.824369][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 127.832185][ C0] Call Trace: [ 127.835308][ C0] [ 127.837999][ C0] ? show_regs+0x58/0x60 [ 127.842084][ C0] ? dump_cpu_task+0x3c/0x70 [ 127.846594][ C0] ? rcu_check_gp_kthread_starvation+0x1d1/0x240 [ 127.852754][ C0] ? _find_next_bit+0x126/0x130 [ 127.857443][ C0] ? print_other_cpu_stall+0x1140/0x1300 [ 127.862910][ C0] ? _nohz_idle_balance+0x6e0/0x6e0 [ 127.867947][ C0] ? print_cpu_stall+0x590/0x590 [ 127.872807][ C0] ? acct_account_cputime+0x1c2/0x2c0 [ 127.878022][ C0] ? rcu_sched_clock_irq+0xaeb/0x1330 [ 127.883225][ C0] ? rcu_boost_kthread_setaffinity+0x5a0/0x5a0 [ 127.889303][ C0] ? hrtimer_run_queues+0x15f/0x440 [ 127.894333][ C0] ? update_wall_time+0x25/0x30 [ 127.899015][ C0] ? update_process_times+0x149/0x1b0 [ 127.904231][ C0] ? tick_sched_timer+0x188/0x240 [ 127.909079][ C0] ? tick_setup_sched_timer+0x490/0x490 [ 127.914547][ C0] ? __hrtimer_run_queues+0x41a/0xad0 [ 127.919760][ C0] ? hrtimer_interrupt+0xaa0/0xaa0 [ 127.924707][ C0] ? try_to_wake_up+0x670/0x1220 [ 127.929478][ C0] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 127.935381][ C0] ? hrtimer_interrupt+0x40c/0xaa0 [ 127.940337][ C0] ? __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 127.946235][ C0] ? sysvec_apic_timer_interrupt+0x95/0xc0 [ 127.951873][ C0] [ 127.954649][ C0] [ 127.957436][ C0] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 127.963416][ C0] ? get_signal+0x12af/0x1820 [ 127.967925][ C0] ? _raw_spin_unlock_irq+0x48/0x70 [ 127.972961][ C0] ? _raw_spin_unlock_irq+0x41/0x70 [ 127.977995][ C0] get_signal+0x14e6/0x1820 [ 127.982342][ C0] ? ptrace_notify+0x350/0x350 [ 127.986934][ C0] ? __kasan_check_write+0x14/0x20 [ 127.991887][ C0] arch_do_signal_or_restart+0xb0/0x16f0 [ 127.997351][ C0] ? __do_compat_sys_x32_rt_sigreturn+0x1e0/0x1e0 [ 128.003599][ C0] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 128.008548][ C0] ? do_sigaltstack+0x3f9/0x630 [ 128.013236][ C0] ? get_sigframe_size+0x10/0x10 [ 128.018007][ C0] ? restore_altstack+0x107/0x150 [ 128.022867][ C0] ? __ia32_sys_sigaltstack+0x260/0x260 [ 128.028252][ C0] ? __do_sys_rt_sigreturn+0x160/0x1e0 [ 128.033554][ C0] exit_to_user_mode_loop+0x74/0xa0 [ 128.038575][ C0] exit_to_user_mode_prepare+0x5a/0xa0 [ 128.043870][ C0] syscall_exit_to_user_mode+0x26/0x140 [ 128.049254][ C0] do_syscall_64+0x49/0xb0 [ 128.053509][ C0] ? sysvec_apic_timer_interrupt+0x55/0xc0 [ 128.059144][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.064881][ C0] RIP: 0033:0x7fb35027cee7 [ 128.069130][ C0] Code: 14 25 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 [ 128.088740][ C0] RSP: 002b:00007fb350f680c8 EFLAGS: 00000246 [ 128.094641][ C0] RAX: 00000000000000ca RBX: 00007fb3503b3fa0 RCX: 00007fb35027cee9 [ 128.102455][ C0] RDX: 0000000000000000 RSI: 0000800000000006 RDI: 0000000020001300 [ 128.110269][ C0] RBP: 00007fb3502c947f R08: 0000000000000000 R09: 0000000000000000 [ 128.118080][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.125889][ C0] R13: 000000000000000b R14: 00007fb3503b3fa0 R15: 00007ffe88e72d98 [ 128.133711][ C0] 2024/05/29 05:48:02 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: read tcp 10.128.0.89:40216->10.128.0.163:30012: read: connection timed out [ 268.161508][ T28] audit: type=1400 audit(1716961441.475:145): avc: denied { write } for pid=375 comm="syz-executor.2" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 268.246666][ T28] audit: type=1400 audit(1716961441.475:146): avc: denied { add_name } for pid=375 comm="syz-executor.2" name="cpuset.effective_cpus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 268.301570][ T28] audit: type=1400 audit(1716961441.475:147): avc: denied { create } for pid=375 comm="syz-executor.2" name="cpuset.effective_cpus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 268.325162][ T316] syz-executor.3 (316) used greatest stack depth: 21200 bytes left [ 268.360692][ T377] EXT4-fs (loop2): unmounting filesystem. [ 268.360825][ T28] audit: type=1400 audit(1716961441.475:148): avc: denied { read append open } for pid=375 comm="syz-executor.2" path="/root/syzkaller-testdir1500591920/syzkaller.hqTQPx/1/file0/cpuset.effective_cpus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 268.399767][ T28] audit: type=1400 audit(1716961441.475:149): avc: denied { write } for pid=375 comm="syz-executor.2" name="cpuset.effective_cpus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 268.429815][ T312] syz-executor.4 (312) used greatest stack depth: 20232 bytes left [