last executing test programs: 1.303411119s ago: executing program 2: unshare(0x20000400) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$AUTOFS_IOC_FAIL(r0, 0xae03, 0x1e) 1.249212658s ago: executing program 2: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) ppoll(&(0x7f0000000300)=[{r1}], 0x1, 0x0, 0x0, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000200)=""/150, 0x96}], 0x1) 1.006719805s ago: executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.state\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, "fee8a3ab78fc179fd1fca0e91ddaaca7bd64c6a4b4e00d9683d9a1affda79de2b7fb0ae20000000000cc000003000000009f000000000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd0000000000f0ffffff00"}}) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) ioctl$LOOP_CHANGE_FD(r0, 0x4c03, 0xffffffffffffffff) 873.887365ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000140)=0x4092, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendto$packet(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x11, 0x0, r3}, 0x14) recvfrom$packet(r2, 0x0, 0x0, 0x2000, 0x0, 0x0) 787.245109ms ago: executing program 1: unshare(0x20000400) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$AUTOFS_IOC_FAIL(r0, 0xae03, 0x1e) 786.619459ms ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x53d, &(0x7f0000000a80)="$eJzs3c9vHFcdAPDvjH82TesEeoAKSIBCQFF2400bVb20uYBQVQlRcUAcUmNvLJNdr/GuS20s4f4NIIHECf4EDkgckHriwI0jEgeEVA5IASxQjATSopkdO1t7TZbsepd6Px9pMvPmzcz3vWxm39u3m3kBTKyrEbEXEbMR8VZELBT7k2KJ1zpLdtzD/d3lg/3d5STa7Tf/muT52b7oOifzdHHN+Yj42pcjvpWcjNvc3rm/VKtVN4t0uVXfKDe3d26s1ZdWq6vV9Url9uLtmy/feqkytLpeqf/8wZfWXv/6r375yfd/u/fF72XFuljkdddjmDpVnzmKk5mOiNfPItgYTBXr2TGXgyeTRsRHIuIz+f2/EFP5v04A4DxrtxeivdCdBgDOuzQfA0vSUkSkadEJKHXG8J6LC2mt0Wxdv9fYWl/pjJVdipn03lqtevPy3O+/kx88k2TpxTwvz8/TlWPpWxFxOSJ+OPdUni4tN2or4+nyAMDEe7q7/Y+If8ylaanU16k9vtUDAD405sddAABg5LT/ADB5tP8AMHn6aP+LL/v3zrwsAMBo+PwPAJNH+w8Ak0f7DwAT5atvvJEt7YPi+dcrb29v3W+8fWOl2rxfqm8tl5Ybmxul1UZjNX9mT/1x16s1GhuLL8bWO+VWtdkqN7d37tYbW+utu/lzve9WZ0ZSKwDgv7l85b3fJRGx98pT+RJdczloq+F8S8ddAGBspgY5WQcBPtTM9gWTq68mPO8k/ObMywKMR8+Hec/33PygH/8PQfzOCP6vXPt4/+P/5niG88X4P0yuJxv/f3Xo5QBGz/g/TK52Ozk+5//sURYAcC4N8BO+9veH1QkBxupxk3kP5ft/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOGcuRsS3I0lL+VzgafZnWipFPBMRl2ImubdWq96MiGfjSkTMzGXpxXEXGgAYUPrnpJj/69rCCxeP584m/5zL1xHx3Z+8+aN3llqtzcVs/9+O9s8dTh9WeXTeAPMKAgBDlrfflWLd9UH+4f7u8uEyyvI8uBP/LqYiXj7Y382XTs50ZDsj5vO+xIW/JzFdnDMfEc9HxNQQ4u+9GxEf61X/JB8buVTMfNodP4rYz4w0fvqB+Gme11lnna+PDqEsMGneuxMRr/W6/9K4mq973//z+TvU4B7c6Vzs8L3voCv+dBFpqkf87J6/2m+MF3/9lRM72wudvHcjnp/uFT85ip+cEv+FPuP/4ROf+sGrp+S1fxpxLXrH745VbtU3ys3tnRtr9aXV6mp1vVK5vXj75su3XqqU8zHq8uFI9Ul/eeX6s6eVLav/hVPiz/es/+zRuZ/rs/4/+9db3/z0o+Tc8fhf+Gzv1/+5nvE7sjbx833GX7rwi1On787ir5xS/8e9/tf7jP/+n3ZW+jwUABiB5vbO/aVarbo50Eb2KXQY1zmxkRWxv4MPu4uDBf1jnEUtnnBj5qz+Vs98Y/qorzjcK38ju+KIq5MOvRYDbTwcVazxvScBo/Hoph93SQAAAAAAAAAAAAAAgNOM4r8ujbuOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CQAA//+zi8zo") syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='ext4_ext_convert_to_initialized_enter\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001040)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x20040006, 0x17800}) write$cgroup_int(r1, &(0x7f0000000200), 0xf000) pwritev2(r2, &(0x7f0000000e40)=[{&(0x7f00000002c0)='[', 0x1}], 0x1, 0x0, 0x0, 0x0) 578.784981ms ago: executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x41d9, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x71ab, 0x4) 557.655644ms ago: executing program 4: syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000003c0), 0x1, 0x4e2, &(0x7f0000000b80)="$eJzs3c9vG1kdAPDvTOImm81usrASPwRsWRYKqmon7m602tNyAaHVSogVJw7ZkLhRFDuOYmdpQiXS/wGJSpzgT+CAxAGpJ+7c4MalHJAKVKAGiYPRjCdpSOMkbRMb7M9HGs28eeP5vldr3nO/SfwCGFlXI2IvIq5ExMcRMVOcT4ot3u9u2XWPH91Z3n90ZzmJTuejvyV5fXYujrwm83Jxz8mI+N63I36YPB23tbO7vlSv17aKcqXd2Ky0dnZvrDWWVmurtY1qdWF+Ye7dm+9UL6yvbzR+9fBbax98/7e/+eKD3+9948dZs6aLuqP9uEjdrpcO42TGI+KDywg2AGNFf64MuiE8lzQiPhURb+bP/0yM5e/m+ZzwWAMA/wc6nZnozBwtAwDDLs1zYElaLnIB05Gm5XI3h/d6TKX1Zqt9/VZze2OlmyubjVJ6a61emytyhbNRSrLyfH78pFw9Vr4ZEa9FxE8nXsrL5eXz5xkAgIv18rH5/58T3fkfABhyk2ddsNifdgAA/XPm/A8ADB3zPwCMHvM/AIwe8z8AjB7zPwCMnmL+Hxt0OwCAvvjuhx9mW2e/+P7rlU92ttebn9xYqbXWy43t5fJyc2uzvNpsrtZr5eVm46z71ZvNzfm3Y/t2pV1rtSutnd3FRnN7o72Yf6/3Yq3Ul14BAKd57Y37f0wiYu+9l/ItjqzlYK6G4ZYOugHAwMj5w+jyLdwwuvwfHzhrLc+evyJ87zmCdX7yHC8CLtq1z8n/w6iS/4fRJf8Po0v+H0ZXp5P0WvM/PbwEABgqcvxAX3/+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAENiOt+StFysBT4daVouR7wSEbNRSm6t1WtzEfFqRPxhojSRlecH3WgA4AWlf0mK9b+uzbw1fbz2SvKviXwfET/6+Uc/u73Ubm/NZ+f/fni+fa84Xx1E+wGAsxzM0wfz+IHHj+4sH2z9bM/Db3YXF83i7hdbt2Y8xvP9ZJQiYuofSVHuyj6vjF1A/L27EfHZk/qf5LmR2WLl0+Pxs9iv9DV++l/x07yuu8/+LT79DDHPWusVRsX9bPx5/6TnL42r+X7yxMWPJ/MR6sUdjH/7T41/6eH4N9Zj/Lt63hhv/+47PevuRnx+/KT4yWH8pEf8t84Z/09f+NKbveo6v4i4FifHPxqr0m5sVlo7uzfWGkurtdXaRrW6ML8w9+7Nd6qVPEddOchUP+2v711/9bT+T/WIP3lG/796aq87EwdHv/z3xz/48inxv/6Vk9//10+Jn82JXzs1/hNLU7/uuXx3Fn+l2/+7z/r+Xz9n/Ad/3l0556UAQB+0dnbXl+r12taFHpTigm945CC5pDY7GPKD7PP4i97nM0XK7H+gO5d9MOiRCbhsTx76QbcEAAAAAAAAAAAAAADo5dL/nCgddA8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYZv8JAAD//wqryik=") quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebffffff}) 541.425706ms ago: executing program 1: io_setup(0x8, &(0x7f0000000000)=0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) io_submit(r0, 0x1, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000480), 0x4) 476.939067ms ago: executing program 0: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000340)=ANY=[@ANYBLOB="840100001900010000000000000000001d0109004d00128025b57e35619bf282cfcd8fba0cb7f2934efacde0a223b473fe77f3e5ba760d3793b2f943b7528ea34883bc4a506cf7567405747796fdacf9b59638700500000005006f88d6e1db9b2b0000001e0106"], 0x184}}, 0x0) 456.24909ms ago: executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.state\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, "fee8a3ab78fc179fd1fca0e91ddaaca7bd64c6a4b4e00d9683d9a1affda79de2b7fb0ae20000000000cc000003000000009f000000000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd0000000000f0ffffff00"}}) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) ioctl$LOOP_CHANGE_FD(r0, 0x4c03, 0xffffffffffffffff) 405.947538ms ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 386.216421ms ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000140)=0x4092, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendto$packet(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x11, 0x0, r3}, 0x14) recvfrom$packet(r2, 0x0, 0x0, 0x2000, 0x0, 0x0) 382.160921ms ago: executing program 4: mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) lseek(r0, 0x0, 0x2) 376.693962ms ago: executing program 3: unshare(0x4000400) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000300)) 366.977244ms ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x10) r1 = socket(0x1e, 0x1, 0x0) connect$tipc(r1, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendmsg$netlink(r1, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001180)=[{&(0x7f00000000c0)=ANY=[], 0x10}], 0x1}, 0x0) r2 = dup(r1) read$FUSE(r2, &(0x7f0000002300)={0x2020}, 0xfe96) 254.701531ms ago: executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$inet6(0xa, 0x802, 0x0) getsockopt$inet6_opts(r1, 0x29, 0x4, 0x0, &(0x7f0000000080)=0x35) 237.358014ms ago: executing program 3: r0 = socket$unix(0x1, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x41d9, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x71ab, 0x4) 233.886754ms ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x53d, &(0x7f0000000a80)="$eJzs3c9vHFcdAPDvjH82TesEeoAKSIBCQFF2400bVb20uYBQVQlRcUAcUmNvLJNdr/GuS20s4f4NIIHECf4EDkgckHriwI0jEgeEVA5IASxQjATSopkdO1t7TZbsepd6Px9pMvPmzcz3vWxm39u3m3kBTKyrEbEXEbMR8VZELBT7k2KJ1zpLdtzD/d3lg/3d5STa7Tf/muT52b7oOifzdHHN+Yj42pcjvpWcjNvc3rm/VKtVN4t0uVXfKDe3d26s1ZdWq6vV9Url9uLtmy/feqkytLpeqf/8wZfWXv/6r375yfd/u/fF72XFuljkdddjmDpVnzmKk5mOiNfPItgYTBXr2TGXgyeTRsRHIuIz+f2/EFP5v04A4DxrtxeivdCdBgDOuzQfA0vSUkSkadEJKHXG8J6LC2mt0Wxdv9fYWl/pjJVdipn03lqtevPy3O+/kx88k2TpxTwvz8/TlWPpWxFxOSJ+OPdUni4tN2or4+nyAMDEe7q7/Y+If8ylaanU16k9vtUDAD405sddAABg5LT/ADB5tP8AMHn6aP+LL/v3zrwsAMBo+PwPAJNH+w8Ak0f7DwAT5atvvJEt7YPi+dcrb29v3W+8fWOl2rxfqm8tl5Ybmxul1UZjNX9mT/1x16s1GhuLL8bWO+VWtdkqN7d37tYbW+utu/lzve9WZ0ZSKwDgv7l85b3fJRGx98pT+RJdczloq+F8S8ddAGBspgY5WQcBPtTM9gWTq68mPO8k/ObMywKMR8+Hec/33PygH/8PQfzOCP6vXPt4/+P/5niG88X4P0yuJxv/f3Xo5QBGz/g/TK52Ozk+5//sURYAcC4N8BO+9veH1QkBxupxk3kP5ft/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOGcuRsS3I0lL+VzgafZnWipFPBMRl2ImubdWq96MiGfjSkTMzGXpxXEXGgAYUPrnpJj/69rCCxeP584m/5zL1xHx3Z+8+aN3llqtzcVs/9+O9s8dTh9WeXTeAPMKAgBDlrfflWLd9UH+4f7u8uEyyvI8uBP/LqYiXj7Y382XTs50ZDsj5vO+xIW/JzFdnDMfEc9HxNQQ4u+9GxEf61X/JB8buVTMfNodP4rYz4w0fvqB+Gme11lnna+PDqEsMGneuxMRr/W6/9K4mq973//z+TvU4B7c6Vzs8L3voCv+dBFpqkf87J6/2m+MF3/9lRM72wudvHcjnp/uFT85ip+cEv+FPuP/4ROf+sGrp+S1fxpxLXrH745VbtU3ys3tnRtr9aXV6mp1vVK5vXj75su3XqqU8zHq8uFI9Ul/eeX6s6eVLav/hVPiz/es/+zRuZ/rs/4/+9db3/z0o+Tc8fhf+Gzv1/+5nvE7sjbx833GX7rwi1On787ir5xS/8e9/tf7jP/+n3ZW+jwUABiB5vbO/aVarbo50Eb2KXQY1zmxkRWxv4MPu4uDBf1jnEUtnnBj5qz+Vs98Y/qorzjcK38ju+KIq5MOvRYDbTwcVazxvScBo/Hoph93SQAAAAAAAAAAAAAAgNOM4r8ujbuOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CQAA//+zi8zo") syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='ext4_ext_convert_to_initialized_enter\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001040)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x20040006, 0x17800}) write$cgroup_int(r1, &(0x7f0000000200), 0xf000) pwritev2(r2, &(0x7f0000000e40)=[{&(0x7f00000002c0)='[', 0x1}], 0x1, 0x0, 0x0, 0x0) 231.035625ms ago: executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xbfff, 0x0, "ec28a144f13d7607"}) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0xfffffea4) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x1a) 230.412974ms ago: executing program 4: io_setup(0x8, &(0x7f0000000000)=0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) io_submit(r0, 0x1, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000480), 0x4) 162.263315ms ago: executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) r3 = dup3(r2, r1, 0x0) sendmsg$key(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000800)=ANY=[@ANYBLOB="0213000005"], 0x28}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x5, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x0, [{0x3, 0x2}]}]}, {0x0, [0x0, 0x0, 0x61]}}, &(0x7f00000002c0)=""/222, 0x35, 0xde, 0x1}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x4, 0x2}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 130.53699ms ago: executing program 3: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000340)=ANY=[@ANYBLOB="840100001900010000000000000000001d0109004d00128025b57e35619bf282cfcd8fba0cb7f2934efacde0a223b473fe77f3e5ba760d3793b2f943b7528ea34883bc4a506cf7567405747796fdacf9b59638700500000005006f88d6e1db9b2b0000001e0106"], 0x184}}, 0x0) 75.777118ms ago: executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.state\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, "fee8a3ab78fc179fd1fca0e91ddaaca7bd64c6a4b4e00d9683d9a1affda79de2b7fb0ae20000000000cc000003000000009f000000000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd0000000000f0ffffff00"}}) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) ioctl$LOOP_CHANGE_FD(r0, 0x4c03, 0xffffffffffffffff) 56.650211ms ago: executing program 3: syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000003c0), 0x1, 0x4e2, &(0x7f0000000b80)="$eJzs3c9vG1kdAPDvTOImm81usrASPwRsWRYKqmon7m602tNyAaHVSogVJw7ZkLhRFDuOYmdpQiXS/wGJSpzgT+CAxAGpJ+7c4MalHJAKVKAGiYPRjCdpSOMkbRMb7M9HGs28eeP5vldr3nO/SfwCGFlXI2IvIq5ExMcRMVOcT4ot3u9u2XWPH91Z3n90ZzmJTuejvyV5fXYujrwm83Jxz8mI+N63I36YPB23tbO7vlSv17aKcqXd2Ky0dnZvrDWWVmurtY1qdWF+Ye7dm+9UL6yvbzR+9fBbax98/7e/+eKD3+9948dZs6aLuqP9uEjdrpcO42TGI+KDywg2AGNFf64MuiE8lzQiPhURb+bP/0yM5e/m+ZzwWAMA/wc6nZnozBwtAwDDLs1zYElaLnIB05Gm5XI3h/d6TKX1Zqt9/VZze2OlmyubjVJ6a61emytyhbNRSrLyfH78pFw9Vr4ZEa9FxE8nXsrL5eXz5xkAgIv18rH5/58T3fkfABhyk2ddsNifdgAA/XPm/A8ADB3zPwCMHvM/AIwe8z8AjB7zPwCMnmL+Hxt0OwCAvvjuhx9mW2e/+P7rlU92ttebn9xYqbXWy43t5fJyc2uzvNpsrtZr5eVm46z71ZvNzfm3Y/t2pV1rtSutnd3FRnN7o72Yf6/3Yq3Ul14BAKd57Y37f0wiYu+9l/ItjqzlYK6G4ZYOugHAwMj5w+jyLdwwuvwfHzhrLc+evyJ87zmCdX7yHC8CLtq1z8n/w6iS/4fRJf8Po0v+H0ZXp5P0WvM/PbwEABgqcvxAX3/+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAENiOt+StFysBT4daVouR7wSEbNRSm6t1WtzEfFqRPxhojSRlecH3WgA4AWlf0mK9b+uzbw1fbz2SvKviXwfET/6+Uc/u73Ubm/NZ+f/fni+fa84Xx1E+wGAsxzM0wfz+IHHj+4sH2z9bM/Db3YXF83i7hdbt2Y8xvP9ZJQiYuofSVHuyj6vjF1A/L27EfHZk/qf5LmR2WLl0+Pxs9iv9DV++l/x07yuu8/+LT79DDHPWusVRsX9bPx5/6TnL42r+X7yxMWPJ/MR6sUdjH/7T41/6eH4N9Zj/Lt63hhv/+47PevuRnx+/KT4yWH8pEf8t84Z/09f+NKbveo6v4i4FifHPxqr0m5sVlo7uzfWGkurtdXaRrW6ML8w9+7Nd6qVPEddOchUP+2v711/9bT+T/WIP3lG/796aq87EwdHv/z3xz/48inxv/6Vk9//10+Jn82JXzs1/hNLU7/uuXx3Fn+l2/+7z/r+Xz9n/Ad/3l0556UAQB+0dnbXl+r12taFHpTigm945CC5pDY7GPKD7PP4i97nM0XK7H+gO5d9MOiRCbhsTx76QbcEAAAAAAAAAAAAAADo5dL/nCgddA8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYZv8JAAD//wqryik=") quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebffffff}) 36.807274ms ago: executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@setlink={0x3c, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1, 0x12}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @empty}]}]}]}, 0x3c}}, 0x0) 4.125139ms ago: executing program 4: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) ppoll(&(0x7f0000000300)=[{r1}], 0x1, 0x0, 0x0, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000200)=""/150, 0x96}], 0x1) 0s ago: executing program 0: unshare(0x4000400) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000300)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.192' (ED25519) to the list of known hosts. 2024/06/17 04:42:40 fuzzer started 2024/06/17 04:42:41 dialing manager at 10.128.0.163:30000 [ 22.618913][ T23] audit: type=1400 audit(1718599361.030:66): avc: denied { node_bind } for pid=345 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 22.639502][ T23] audit: type=1400 audit(1718599361.030:67): avc: denied { name_bind } for pid=345 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 22.698270][ T23] audit: type=1400 audit(1718599361.110:68): avc: denied { mounton } for pid=354 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.722679][ T354] cgroup1: Unknown subsys name 'net' [ 22.728037][ T354] cgroup1: Unknown subsys name 'net_prio' [ 22.729446][ T23] audit: type=1400 audit(1718599361.110:69): avc: denied { mounton } for pid=361 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.747491][ T354] cgroup1: Unknown subsys name 'devices' [ 22.758116][ T23] audit: type=1400 audit(1718599361.110:70): avc: denied { mount } for pid=361 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.786977][ T23] audit: type=1400 audit(1718599361.140:71): avc: denied { mount } for pid=354 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.794606][ T359] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.809383][ T23] audit: type=1400 audit(1718599361.160:72): avc: denied { setattr } for pid=360 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=880 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.840939][ T23] audit: type=1400 audit(1718599361.250:73): avc: denied { relabelto } for pid=359 comm="mkswap" name="swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.866170][ T23] audit: type=1400 audit(1718599361.250:74): avc: denied { unmount } for pid=354 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.885834][ T23] audit: type=1400 audit(1718599361.250:75): avc: denied { write } for pid=359 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.937846][ T355] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.985769][ T354] cgroup1: Unknown subsys name 'hugetlb' [ 22.991472][ T354] cgroup1: Unknown subsys name 'rlimit' 2024/06/17 04:42:41 starting 5 executor processes [ 23.694697][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.701543][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.709231][ T374] device bridge_slave_0 entered promiscuous mode [ 23.716321][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.723261][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.730476][ T374] device bridge_slave_1 entered promiscuous mode [ 23.806778][ T373] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.813787][ T373] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.821190][ T373] device bridge_slave_0 entered promiscuous mode [ 23.830841][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.837810][ T373] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.845248][ T373] device bridge_slave_1 entered promiscuous mode [ 23.855185][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.862015][ T375] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.869490][ T375] device bridge_slave_0 entered promiscuous mode [ 23.905435][ T375] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.912274][ T375] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.919827][ T375] device bridge_slave_1 entered promiscuous mode [ 24.009059][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.015963][ T372] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.023384][ T372] device bridge_slave_0 entered promiscuous mode [ 24.033969][ T376] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.040898][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.048431][ T376] device bridge_slave_0 entered promiscuous mode [ 24.059297][ T376] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.066199][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.073605][ T376] device bridge_slave_1 entered promiscuous mode [ 24.084479][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.091311][ T372] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.098979][ T372] device bridge_slave_1 entered promiscuous mode [ 24.152789][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.159627][ T374] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.166794][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.173662][ T374] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.277416][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.284271][ T373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.291376][ T373] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.298166][ T373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.328140][ T375] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.334988][ T375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.342097][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.348883][ T375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.363525][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.370362][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.377537][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.384373][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.394702][ T74] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.401746][ T74] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.408952][ T74] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.415931][ T74] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.423207][ T74] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.430167][ T74] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.437440][ T74] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.444695][ T74] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.452156][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.459548][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.484573][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.493173][ T108] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.500000][ T108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.523621][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.531732][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.538622][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.583617][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.591173][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.609894][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.617536][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.643206][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.651301][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.659496][ T108] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.666336][ T108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.675269][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.683329][ T108] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.690139][ T108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.697372][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.705189][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.713390][ T108] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.720202][ T108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.727438][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.735567][ T108] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.742397][ T108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.750921][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.763086][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.771319][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.779896][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.786741][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.795221][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.803419][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.811366][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.818201][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.825440][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.833660][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.841665][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.848534][ T364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.855678][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.863907][ T364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.871881][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.878723][ T364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.895473][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.903663][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.922795][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.931021][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.939990][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.948117][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.955993][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.963868][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.971560][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.979571][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.013106][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.021072][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.032770][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.040981][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.049240][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.057168][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.072426][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.080494][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.088578][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.097117][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.112389][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.120659][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.129205][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.137486][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.152597][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.160881][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.182570][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.190374][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.199405][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.207927][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.235827][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.244297][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.252011][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.260309][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.268085][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.276208][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.284284][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.292540][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.321382][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.330153][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.338692][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.346957][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.355164][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.363371][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.371506][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.379821][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.388292][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.396648][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.410971][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.419254][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.447819][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.458428][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.466735][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.474885][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.483654][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.491704][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.522291][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.530745][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.553251][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.563284][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.571616][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.580616][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.589280][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.597707][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.606349][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.614758][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.635154][ T403] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.657825][ T403] ext4 filesystem being mounted at /root/syzkaller-testdir3014446036/syzkaller.F6Pj9S/1/file0 supports timestamps until 2038 (0x7fffffff) [ 25.680013][ T401] syz-executor.4 (401) used greatest stack depth: 22872 bytes left [ 25.731688][ T403] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27 [ 25.748558][ T403] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27 [ 25.762807][ T418] device pim6reg1 entered promiscuous mode [ 25.780287][ T403] syz-executor.0 (403) used greatest stack depth: 22008 bytes left [ 25.832886][ T413] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 25.860042][ T413] ext4 filesystem being mounted at /root/syzkaller-testdir4280744643/syzkaller.FwdEe1/2/file0 supports timestamps until 2038 (0x7fffffff) [ 25.970130][ T433] EXT4-fs (loop1): Ignoring removed orlov option [ 25.991201][ T433] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 26.025854][ T433] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 26.062564][ T443] capability: warning: `syz-executor.0' uses deprecated v2 capabilities in a way that may be insecure [ 26.149648][ T433] EXT4-fs error (device loop1): get_max_inline_xattr_value_size:68: inode #12: comm syz-executor.1: corrupt xattr in inline inode [ 26.166850][ T433] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2221: inode #12: comm syz-executor.1: corrupted in-inode xattr [ 26.293000][ T456] device pim6reg1 entered promiscuous mode [ 26.383822][ T457] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.416810][ T457] ext4 filesystem being mounted at /root/syzkaller-testdir3014446036/syzkaller.F6Pj9S/6/file0 supports timestamps until 2038 (0x7fffffff) [ 26.501114][ T457] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27 [ 26.512251][ T457] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27 [ 26.559809][ T471] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 26.574459][ T471] ext4 filesystem being mounted at /root/syzkaller-testdir4280744643/syzkaller.FwdEe1/9/file0 supports timestamps until 2038 (0x7fffffff) [ 26.797893][ T485] EXT4-fs (loop0): Ignoring removed orlov option [ 26.813182][ T485] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 26.834398][ T485] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 26.870150][ T502] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 26.879468][ T502] ext4 filesystem being mounted at /root/syzkaller-testdir4058334861/syzkaller.hATS20/3/file0 supports timestamps until 2038 (0x7fffffff) [ 26.908026][ T485] EXT4-fs error (device loop0): get_max_inline_xattr_value_size:68: inode #12: comm syz-executor.0: corrupt xattr in inline inode [ 26.925429][ T485] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2221: inode #12: comm syz-executor.0: corrupted in-inode xattr [ 26.929986][ T502] EXT4-fs error (device loop2) in ext4_do_update_inode:5534: error 27 [ 26.962251][ T502] EXT4-fs error (device loop2) in ext4_do_update_inode:5534: error 27 [ 27.022928][ T374] ================================================================== [ 27.030837][ T374] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xc1f/0xc30 [ 27.038628][ T374] Read of size 4 at addr ffff8881ebee8000 by task syz-executor.0/374 [ 27.046517][ T374] [ 27.048704][ T374] CPU: 1 PID: 374 Comm: syz-executor.0 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 27.058585][ T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 27.068475][ T374] Call Trace: [ 27.071611][ T374] dump_stack+0x1d8/0x241 [ 27.075861][ T374] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 27.081500][ T374] ? printk+0xd1/0x111 [ 27.085582][ T374] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 27.091048][ T374] print_address_description+0x8c/0x600 [ 27.096432][ T374] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 27.101894][ T374] __kasan_report+0xf3/0x120 [ 27.106324][ T374] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 27.111790][ T374] kasan_report+0x30/0x60 [ 27.115957][ T374] ext4_xattr_delete_inode+0xc1f/0xc30 [ 27.121254][ T374] ? check_preemption_disabled+0x9f/0x320 [ 27.126809][ T374] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 27.132714][ T374] ? __ext4_journal_start_sb+0x295/0x460 [ 27.138184][ T374] ext4_evict_inode+0x1378/0x1ac0 [ 27.143054][ T374] ? ext4_truncate_restart_trans+0xe0/0xe0 [ 27.148681][ T374] ? wb_io_lists_depopulated+0x85/0x170 [ 27.154061][ T374] ? ext4_truncate_restart_trans+0xe0/0xe0 [ 27.159701][ T374] evict+0x29b/0x6a0 [ 27.163436][ T374] vfs_rmdir+0x24b/0x3c0 [ 27.167628][ T374] do_rmdir+0x2c1/0x580 [ 27.171621][ T374] ? d_delete_notify+0xc0/0xc0 [ 27.176222][ T374] ? _raw_spin_unlock_irq+0x4a/0x60 [ 27.181260][ T374] do_syscall_64+0xca/0x1c0 [ 27.185687][ T374] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 27.191510][ T374] RIP: 0033:0x7fe57611a687 [ 27.195750][ T374] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 27.215276][ T374] RSP: 002b:00007ffc0e75f2f8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 27.223523][ T374] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007fe57611a687 [ 27.231341][ T374] RDX: 0000000000000200 RSI: 00007ffc0e7604a0 RDI: 00000000ffffff9c [ 27.239149][ T374] RBP: 00007fe576177636 R08: 0000000000000000 R09: 0000000000000000 [ 27.246961][ T374] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffc0e7604a0 [ 27.254765][ T374] R13: 00007fe576177636 R14: 00000000000067ea R15: 0000000000000007 [ 27.262586][ T374] [ 27.264749][ T374] Allocated by task 162: [ 27.268933][ T374] __kasan_kmalloc+0x171/0x210 [ 27.273519][ T374] kernfs_iop_get_link+0x63/0x540 [ 27.278388][ T374] vfs_readlink+0x174/0x400 [ 27.282718][ T374] do_readlinkat+0x27f/0x3a0 [ 27.287234][ T374] __x64_sys_readlink+0x7b/0x90 [ 27.291918][ T374] do_syscall_64+0xca/0x1c0 [ 27.296259][ T374] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 27.301977][ T374] [ 27.304150][ T374] Freed by task 162: [ 27.307885][ T374] __kasan_slab_free+0x1b5/0x270 [ 27.312659][ T374] kfree+0x123/0x370 [ 27.316391][ T374] vfs_readlink+0x248/0x400 [ 27.320732][ T374] do_readlinkat+0x27f/0x3a0 [ 27.325160][ T374] __x64_sys_readlink+0x7b/0x90 [ 27.329858][ T374] do_syscall_64+0xca/0x1c0 [ 27.334186][ T374] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 27.339908][ T374] [ 27.342083][ T374] The buggy address belongs to the object at ffff8881ebee8000 [ 27.342083][ T374] which belongs to the cache kmalloc-4k of size 4096 [ 27.355976][ T374] The buggy address is located 0 bytes inside of [ 27.355976][ T374] 4096-byte region [ffff8881ebee8000, ffff8881ebee9000) [ 27.368985][ T374] The buggy address belongs to the page: [ 27.374470][ T374] page:ffffea0007afba00 refcount:1 mapcount:0 mapping:ffff8881f5c0c280 index:0x0 compound_mapcount: 0 [ 27.385219][ T374] flags: 0x8000000000010200(slab|head) [ 27.390524][ T374] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5c0c280 [ 27.398937][ T374] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 27.407348][ T374] page dumped because: kasan: bad access detected [ 27.413609][ T374] page_owner tracks the page as allocated [ 27.419161][ T374] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC) [ 27.434002][ T374] prep_new_page+0x18f/0x370 [ 27.438426][ T374] get_page_from_freelist+0x2d13/0x2d90 [ 27.443808][ T374] __alloc_pages_nodemask+0x393/0x840 [ 27.449017][ T374] alloc_slab_page+0x39/0x3c0 [ 27.453530][ T374] new_slab+0x97/0x440 [ 27.457434][ T374] ___slab_alloc+0x2fe/0x490 [ 27.461860][ T374] __slab_alloc+0x62/0xa0 [ 27.466028][ T374] kmem_cache_alloc_trace+0x12d/0x260 [ 27.471234][ T374] kobject_uevent_env+0x26f/0x710 [ 27.476188][ T374] kobject_synth_uevent+0x5fa/0xc60 [ 27.481215][ T374] uevent_store+0x47/0x70 [ 27.485382][ T374] kernfs_fop_write+0x2e2/0x3e0 [ 27.490072][ T374] __vfs_write+0x103/0x750 [ 27.494407][ T374] vfs_write+0x206/0x4e0 [ 27.498496][ T374] ksys_write+0x199/0x2c0 [ 27.502662][ T374] do_syscall_64+0xca/0x1c0 [ 27.506994][ T374] page_owner free stack trace missing [ 27.512199][ T374] [ 27.514368][ T374] Memory state around the buggy address: [ 27.519848][ T374] ffff8881ebee7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.527739][ T374] ffff8881ebee7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.535637][ T374] >ffff8881ebee8000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.543535][ T374] ^ [ 27.547440][ T374] ffff8881ebee8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.555340][ T374] ffff8881ebee8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.563230][ T374] ================================================================== 2024/06/17 04:42:46 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 27.571131][ T374] Disabling lock debugging due to kernel taint [ 27.673023][ T373] syz-executor.1 (373) used greatest stack depth: 20760 bytes left [