last executing test programs: 4.729395666s ago: executing program 1: mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) dup3(r1, r0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000580)=@generic={&(0x7f0000000500)='./file0\x00'}, 0x18) 4.673476195s ago: executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x3, 0xfff, 0x7}, 0x48) bpf$ENABLE_STATS(0x3, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='xen_mmu_flush_tlb_multi\x00'}, 0x10) r4 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000100), 0x8) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, &(0x7f0000001440)=ANY=[@ANYBLOB="0017"], 0xc0) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000d40)={{r3}, &(0x7f0000000400), 0x0}, 0x20) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r6 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r6, 0x0, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) 3.782699873s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xd, 0x4, 0x4, 0x1, 0x0, r0}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r1, &(0x7f00000001c0), &(0x7f0000000280)=@udp6=r0}, 0x20) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000300)={'sit0\x00', 0x0}) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r1, &(0x7f0000000300), 0x0}, 0x20) 3.767247915s ago: executing program 1: ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000200)) sched_setscheduler(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='net/igmp6\x00') preadv(r3, &(0x7f0000000100)=[{&(0x7f0000000140)=""/196, 0xc4}], 0x1, 0x200000, 0x0) 3.215029711s ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==") openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r0, &(0x7f0000004200)='t', 0x1) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x40102, 0x0) pwrite64(r1, &(0x7f00000001c0)='\x00', 0x1, 0xfffffffe) 2.694463042s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000002b"], 0x0}, 0x80) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000003c0)={r0, &(0x7f0000000080), &(0x7f0000000540)=""/170}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={r0, &(0x7f00000002c0), &(0x7f00000000c0)=""/146}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r0, &(0x7f0000000300)="18", &(0x7f0000000480)=""/162}, 0x20) 2.674007155s ago: executing program 1: syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x800000, &(0x7f0000000100), 0x1, 0x769, &(0x7f0000000340)="$eJzs3M9rHOUbAPBnptmmP/L9bgQP6kGEFloonSTNpT0ZL+KlUCh4rSGZhJBJtmQ3tYmFtp6F2lwUBNGzHr0Kpf4BXkQKCt4F0RoP4iUym03aptm4bTfZkn4+MNn3nXnffd5nZ/JmBvJuAC+sN8ofScRARFyIiGprfxoRB5ulQxE31tut3r82UW5JrK1d/D0pu8XqWnXzvZLW69FodolXIuJuJeLUh4/HrS8tz44XRb7Qqg815i4P1ZeWT8/MjU/n0/n8yOi54bOjo2eHR7uW6/F3zx2+/f3bKys/ftO49Xrf6STGmnlHK7euBXrI+mdSibEt++d3I1gPJR206duDcQAAsLPyPv9A696sEtU44C4NAAAA9p21/jUAAABg30ui1yMAAAAAdtfG/wFsrO3drXWw7fz2VkQMbhe/r7mGOOJQVCLiyGryyMqEZL0bPJMbNyPiztg211/Suv6e3vCWeidrpNlbd8r5Z2y7+SfdnH9im/mnb+O7E55R+/nvQfwDbea/Cx3G+PbzVytt49+MeK1vu/jJZvykTfz3Oox/a+Wj2+2OrX0ZcWLbvz/JI7F2+H6IoamZYsdfrbv/nLy3U/5HHoufJM2oyc75X+4w/w9W/5xtN5eU8U8e2/n8r8fvf6RfeU183BpHGhG3W69lfWVLjGNzP333eOTkxkb8yTaf//bn/53N/L/oMP9fvu6/2mFTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaEojYiCSNNssp2mWRRyNiJfjSFrU6o1TU7XF+cnyWMRgVNKpmSIfjojqej0p6yPN8oP6mS310Yh46efD60FnijybqBWTvU4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACATUcjYiCSNIuINCL+qqZplvV6VAAAAEDXDfZ6AAAAAMCu8/wPAAAA+9/TPv8nXR4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsK9dOH++3NZW71+bKOuTV5YWZ2tXTk/m9dlsbnEim6gtXM6ma7XpIs8manP/9X5pRIyci8WrQ4283hiqLy1fmqstzjcuzcyNT+eX8sqeZAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCTGmhuSZpFRNosp2mWRfwvIgajkkzNFPlwRPw/Iu5VK/1lfaTXgwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDr6kvLs+NFkS8oPJeFr2LHNpFEPC9DfcELEU/S63p09cT90P28ej0zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQC/Wl5dnxosgX6r0eCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL2V/ppERLmdqB4f2Hr0YPJ3tfkaEe9/dvGTq+ONxsJIuf+Pzf2NT1v7zzzU8fpe5gAAAAD73ptP0njjOX3jOR4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBT9aXl2fGiyBeesVCJiHZt4mavswQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ7GvwEAAP//lhHByQ==") r0 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000020000402505a1a440000000010109023b000101000007090400001202060000052406000005240020000d240f01000000000000000000090582020002000000090503"], 0x0) syz_usb_ep_read(r0, 0x3, 0xff33, 0x0) 2.606526345s ago: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000041, 0x0, 0x0, 0x0, &(0x7f0000000040)) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000140)='./file0\x00') r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r3, 0x8208200) r4 = open(&(0x7f0000000780)='./bus\x00', 0x14117e, 0x0) mmap(&(0x7f000041c000/0x4000)=nil, 0x4000, 0x7ffffe, 0x4002011, r4, 0x0) ftruncate(r4, 0x5) 2.492574773s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x9, 0x5, 0x2, 0x9}, 0x48) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000080)=0x21e7, 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0, 0xffffffffffffffff}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000200)={r1, &(0x7f0000000080), 0x0}, 0x20) 2.44711031s ago: executing program 4: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000140)="365ac333c842fb77f95691c14389ece8595873526e7eafe8131e1544c7619d78b9b1062da72846bd0918ddcc7b4a55b608e5aa39c401a396bd45a6bf8387763687ef77276050113f2236adf8cd9df18e5e275d3c921320d6a0e1460c2b313f7ca9d1c09909cf8d0ecf800c4b0dddba587156060f6fc7fe2a63b650ba827fac475cba89a409f41fcabb8b1c1aed174ef1f6", 0x91}], 0x1}}], 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000001000080"]) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="3b0000000000efff400101c0"]) 2.415466215s ago: executing program 4: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) write(r1, &(0x7f0000000000)="fa", 0xfffffdef) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$nfc_llcp(r2, 0x6, 0xc, 0x0, 0x2000e881) 2.356880074s ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x10, &(0x7f00000014c0), 0x1, 0x793, &(0x7f0000001700)="$eJzs3c1rXFUbAPDnTpKmb9r3TV4QbF0FBA2UTkyNrYKLigsRLBR0bTtMpqFmkimZSWlCoBYR3AhaXAi66dqPunPrx1b/Bd2ISEvVtFhxISN3PjqTZiadtvloze8Htz3n3jM595l77zln5h7mBrBjjab/ZCL2R8R7ScRwY30SEQO1VH/E0Xq5myvL+XRJolp99bekVubGynI+2l6T2tPI7IuIb96OOJBZW295cWkmVywW5hv58crsmfHy4tLB07O56cJ0Ye7wxOTkoSPPHBncuFj/+H5p79X3X3ry86N/vfXo5Xe/TeJo7G1sa49jo4zGaOM9GUjfwlVe3OjKtlmy3TvAPUkvzb76VR77Yzj6aqne9F4SAHiQnI+IKgCwwyT6fwDYYZrfA9xYWc6nS/X89n4fsdWuvRARu+vxN+9v1rf0N+7Z7a7dBx26kay635FExMgG1D8aER9/+fqn6RKbdB8SoJM3L0TEyZHRZvvfan+SNXMW6nqfkPFUD2VGb8tr/2DrfJWOf55tjf9a11/m1vgnOox/Bjtcu/diNGJXe37t9Z+5sgHVdJWO/54faM1tu9kWf8NIXyP339qYbyA5dbpYSNu2/0XEWAwMpvmJdeoYu/739VUr+lrJ9vHf7xff+CStP/2/VSJzpf+2JncqV8ndb9xN1y5EPNbfKf7k1vFPuox/j/dYx8vPvfNRt21p/Gm8zWV1/Js/q6x6KeKJ6Bx/U7Le/MTD47XTYbx5UnTwxU8fDnWrv/34p0taf/OzwFZIj//Q+vGPJO3zNct3X8d3l4a/7rbtzvF3Pv93Ja/V0s3G41yuUpmfiNiVvLJ2/aHWa5v5Zvk0/rHHO1//653/6WfCkz3G33/118/uPf7NlcY/dVfH/+4Tl2/O9HWrv7fjP1lLjTXW9NL+9bqD9/PeAQAAAAAAAAAAAAAAAAAAAAAAAECvMhGxN5JM9lY6k8lm68/wfiSGMsVSuXLgVGlhbipqz8oeiYFM86cuh9t+D3Wi8Xv4zfyh2/JPR8T/I+KDwf/U8tl8qTi13cEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMOeLs//T/0yuN17BwBsmt13LHG9sCU7AgBsmTv3/wDAv43+HwB2Hv0/AOw8+n8A2Hn0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGyy48eOpUv1z5XlfJqfOru4MFM6e3CqUJ7Jzi7ks/nS/JnsdKk0XSxk86XZtpf+0OnvFUulM5Mxt3BuvFIoV8bLi0snZksLc5UTp2dz04UThYEtiwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeldeXJrJFYuFeYmHJVEdrh+6B2V/Nj/x88Ef961X5qLTeOMT290yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwc/gkAAP//skMoxA==") r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000000)='./file0\x00') chroot(&(0x7f00000001c0)='./file0/../file0/../file0\x00') umount2(&(0x7f0000000240)='./file0/../file0/../file0\x00', 0x0) 2.00049066s ago: executing program 2: r0 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@private2, 0x0, 0x0, 0x1, 0x1}, 0x20) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @empty}}, 0x20) 1.925950781s ago: executing program 2: unshare(0x2040400) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='timerslack_ns\x00') lseek(r0, 0x0, 0x0) 1.911541483s ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000080), 0x1, 0x53c, &(0x7f00000025c0)="$eJzs3c9vI1cdAPDvTH52mzZb6AEqYBcoLGi19sbbrqpe2r2AUFUJUXFAHLYh8UZh7XWIndKESKR/A0ggcYI/gQMSB6SeOHDjyA0hlQPSAhFog0SF0YwnqZvYjWkcm8afjzQ7P178vu/FO/Oe38TzAphYVyNiLyJmI+L1iFgsjifFEi93luznHu3vrhzs767Ef9rt1/6W5OnZseh6TebxIs/5iPjGVyO+k5yM29zeub9cq1U3i/1yq75Rbm7v3FivL69V16oPKpXbS7dvvnDr+crQ6nql/suHX1l/5Zu/+fWn3/n93pd/kBVroUjrrscwdao+cxQnMx0Rr5xHsDGYKtazYy4HH04aER+LiM/l5/9iTOX/OwGAi6zdXoz2Yvc+AHDRpfkYWJKWirGAhUjTUqkzhvd0XEprjWbr+r3G1oPVzljZ5ZhJ54q+wvfyf2eSe+u16lKelqfn+5Vj+7ci4qmI+PHcY/l+aaVRWx1PlwcAJt7jx9r/f8512v8B9LirBwB8ZMyPuwAAwMhp/wFg8mj/AWDyDND+Fzf79869LADAaPj8DwCTR/sPAJNH+w8AE+Xrr76aLe2D4vnXq29sb91vvHFjtdq8X6pvrZRWGpsbpbVGYy1/Zk/9tPxqjcbG0nOx9Wa5VW22ys3tnbv1xtaD1t38ud53qzMjqRUA8EGeuvL2H5KI2HvxsXwJcznAxEjHXQBgbKbGXQBgbMz2BZNr8PH4351rOYDx6fkw7/mem+/30/8hiL8zgv8r1z7Zf/z/eN/AfQG4WIz/w+T6cOP/Lw29HMDo9Rr/18+HydBuJ8fn/J89SgIALqQzfB+v/cNhdUKAsTptMu+h3P8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAC2YhIr4bSVoq5gJfiDQtlSKeiIjLMZPcW69Vb0bEk3ElImbmsv2lcRcaADij9C9JMf/XtcVnF46nzib/motiTvDv/+y1n7y53GptLmXH/350fO5w+rDKe687w7yCAMCQ5e13pVh3fZB/tL+7criMsjwP78S7xVTEKwf7u/nSSZmO6Xw9n/clLv0jKfY7c5E+ExFTQ4i/91ZEfOKo/sm77XYRP8nHRi4XM592x48i9hPDj9/1+z8eP31f/DRP66yzztfHj+WbDqFscNG9fSciXu51/qVxNV/3Pv/n8yvU2T2808ns8Np30BX/8Po31SN+ds5fHTTGc7/92omD7cVO2lsRz0z3ip8cxU/6xH92wPh//NRnfvRSn7T2zyOuRe/43bHKrfpGubm9c2O9vrxWXas+qFRuL92++cKt5yvlfIy6fDhSfdJfX7z+ZL+yZfW/1Cf+fM/6zx699gsD1v8X/37925/9gPhf+nzv9//pnvE7sjbxiwPGX770q77Td2fxV/vU/7T3//qA8d/5887qgD8KAIxAc3vn/nKtVt0800b2aXMY+ZzYyIo41AxP2fhTjC7WqRsz5/VbPfeN6aO+4nBz/laW44irkw69FmfaeDSqWOO9LgHn772TftwlAQAAAAAAAAAAAAAA+hnFV5fGXUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAurv8GAAD//5S5ywU=") mkdir(&(0x7f0000000400)='./file1\x00', 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_queued\x00', 0x275a, 0x0) mkdir(0x0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_setup(0x2deb, &(0x7f0000001600)={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000), &(0x7f0000000000)) 1.844379884s ago: executing program 4: ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000200)) sched_setscheduler(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='net/igmp6\x00') preadv(r3, &(0x7f0000000100)=[{&(0x7f0000000140)=""/196, 0xc4}], 0x1, 0x200000, 0x0) 1.437097287s ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==") openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r0, &(0x7f0000004200)='t', 0x1) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000000080)='./bus\x00', 0x40102, 0x0) pwrite64(r1, &(0x7f00000001c0)='\x00', 0x1, 0xfffffffe) 1.429322408s ago: executing program 3: creat(&(0x7f00000000c0)='./bus\x00', 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed000c, &(0x7f0000000a40)={[{@jqfmt_vfsold}, {@data_err_abort}, {@abort}, {@user_xattr}, {@journal_path={'journal_path', 0x3d, './bus'}}, {@block_validity}, {@init_itable_val={'init_itable', 0x3d, 0x6}}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x8}}]}, 0xfe, 0x451, &(0x7f00000004c0)="$eJzs3MtvG8UfAPDvrpP0/Ut+pTxaWggURMUjadIHPXABgcQBJCQ4FHEKiVuFug1qgkSrCgqHckSVuCOOSPwBiBNcEHBC4gp3VKlCvbRwMlrvbusmdhonTl3iz0fadGZ3rJnv7o49O2M3gL41mv1JIrZHxO8RMZxnby8wmv9z49qF6b+vXZhOol5/86+kUe76tQvTZdHyddvyTL1e5De1qPfSOxFTtVr1bJEfXzj9/vj8ufPPzZ6eOlk9WT0zeezY4UP7ho5OHulKnFlc1/d8NLd396tvX359+vjld3/+Jmvv9uJ4cxzdMpqf3Zae7HZlPbajKZ0M9LAhdKQSEdnlGmz0/+GoxJabx4bjlU972jhgXdXr9Xqrz+fCxTqwgSXR6xYAvVF+0GfPv+V2l4Ye94SrL+YPQFncN4otPzIQaZ54dHDR8203jUbE8Yv/fJltsU7zEAAAzb7Pxj/Pthr/pfFAnhjK/vyvWEMZiYj/R8TOiLgvInZFxP0RjbIPRsRDHda/eIVk6fgnvbLq4FYgG/+9UKxt3T7+S8siI5Uit6MR/2ByYrZWPVickwMxuOnEbFKdWKaOH17+7fN2x5rHf9mW1V+OBYt2XBlYNEE3M7UwtZaYm139JGLPQKv4kyiXcZKI2B0Re1ZZx+zTX+9td+zO8S+jC+tM9a8insqv/8VYFH8pabs+OfH80ckj45ujVj04Xt4VS/3y66U32tW/pvi7ILv+W1ve/zfjH0k2R8yfO3+qsV4733kdl/74rO0zzWrv/6HkrUZ6qNj34dTCwtmJiKHktaX7J2+9tsyX5bP4D+xv3f93xq0z8XBEZDfxvoh4JHsoLNr+WEQ8HhH7l4n/p5eeeK/z+JeZle+iLP6ZO13/aL7+nScqp378rvP4S9n1P9xIHSj2rOT9b6UNXMu5AwAAgP+KtPEd+CQdu5lO07Gx/Dv8u2JrWpubX3jmxNwHZ2by78qPxGBaznQNN82HThRzw2V+clH+UDFv/EVlSyM/Nj1Xm+l18NDntrXp/5k/K71uHbDu/F4L+pf+D/1L/4f+pf9D/9L/oX+16v8fty099u26Nga4q3z+Q//S/6F/6f/Qv/R/6Ettfxufrukn/xIbPhHpPdGMjZ8YWPF/ZtFBoj6c9/9sz6aWZXr9zgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAd/wYAAP//d2ziuQ==") 1.28837211s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x9, 0x5, 0x2, 0x9}, 0x48) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000080)=0x21e7, 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0, 0xffffffffffffffff}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000200)={r1, &(0x7f0000000080), 0x0}, 0x20) 1.211448672s ago: executing program 3: sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000140)="365ac333c842fb77f95691c14389ece8595873526e7eafe8131e1544c7619d78b9b1062da72846bd0918ddcc7b4a55b608e5aa39c401a396bd45a6bf8387763687ef77276050113f2236adf8cd9df18e5e275d3c921320d6a0e1460c2b313f7ca9d1c09909cf8d0ecf800c4b0dddba587156060f6fc7fe2a63b650ba827fac475cba89a409f41fcabb8b1c1aed174ef1f6", 0x91}], 0x1}}], 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000001000080"]) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="3b0000000000efff400101c0"]) 1.126803605s ago: executing program 3: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000400)={'veth0\x00', &(0x7f0000000140)=@ethtool_per_queue_op={0x4b, 0x1}}) 1.077752912s ago: executing program 3: mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) dup3(r1, r0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000580)=@generic={&(0x7f0000000500)='./file0\x00'}, 0x18) 1.058134566s ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x10, &(0x7f00000014c0), 0x1, 0x793, &(0x7f0000001700)="$eJzs3c1rXFUbAPDnTpKmb9r3TV4QbF0FBA2UTkyNrYKLigsRLBR0bTtMpqFmkimZSWlCoBYR3AhaXAi66dqPunPrx1b/Bd2ISEvVtFhxISN3PjqTZiadtvloze8Htz3n3jM595l77zln5h7mBrBjjab/ZCL2R8R7ScRwY30SEQO1VH/E0Xq5myvL+XRJolp99bekVubGynI+2l6T2tPI7IuIb96OOJBZW295cWkmVywW5hv58crsmfHy4tLB07O56cJ0Ye7wxOTkoSPPHBncuFj/+H5p79X3X3ry86N/vfXo5Xe/TeJo7G1sa49jo4zGaOM9GUjfwlVe3OjKtlmy3TvAPUkvzb76VR77Yzj6aqne9F4SAHiQnI+IKgCwwyT6fwDYYZrfA9xYWc6nS/X89n4fsdWuvRARu+vxN+9v1rf0N+7Z7a7dBx26kay635FExMgG1D8aER9/+fqn6RKbdB8SoJM3L0TEyZHRZvvfan+SNXMW6nqfkPFUD2VGb8tr/2DrfJWOf55tjf9a11/m1vgnOox/Bjtcu/diNGJXe37t9Z+5sgHVdJWO/54faM1tu9kWf8NIXyP339qYbyA5dbpYSNu2/0XEWAwMpvmJdeoYu/739VUr+lrJ9vHf7xff+CStP/2/VSJzpf+2JncqV8ndb9xN1y5EPNbfKf7k1vFPuox/j/dYx8vPvfNRt21p/Gm8zWV1/Js/q6x6KeKJ6Bx/U7Le/MTD47XTYbx5UnTwxU8fDnWrv/34p0taf/OzwFZIj//Q+vGPJO3zNct3X8d3l4a/7rbtzvF3Pv93Ja/V0s3G41yuUpmfiNiVvLJ2/aHWa5v5Zvk0/rHHO1//653/6WfCkz3G33/118/uPf7NlcY/dVfH/+4Tl2/O9HWrv7fjP1lLjTXW9NL+9bqD9/PeAQAAAAAAAAAAAAAAAAAAAAAAAECvMhGxN5JM9lY6k8lm68/wfiSGMsVSuXLgVGlhbipqz8oeiYFM86cuh9t+D3Wi8Xv4zfyh2/JPR8T/I+KDwf/U8tl8qTi13cEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMOeLs//T/0yuN17BwBsmt13LHG9sCU7AgBsmTv3/wDAv43+HwB2Hv0/AOw8+n8A2Hn0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGyy48eOpUv1z5XlfJqfOru4MFM6e3CqUJ7Jzi7ks/nS/JnsdKk0XSxk86XZtpf+0OnvFUulM5Mxt3BuvFIoV8bLi0snZksLc5UTp2dz04UThYEtiwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeldeXJrJFYuFeYmHJVEdrh+6B2V/Nj/x88Ef961X5qLTeOMT290yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwc/gkAAP//skMoxA==") r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000000)='./file0\x00') chroot(&(0x7f00000001c0)='./file0/../file0/../file0\x00') umount2(&(0x7f0000000240)='./file0/../file0/../file0\x00', 0x0) 1.016830512s ago: executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r4, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) socket$inet6(0xa, 0x3, 0x84) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in=@multicast2, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x401, 0x0, 0x0, 0x2}}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x32}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0x4, 0x0, 0x9}}, 0xe8) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x0, 0x1000, 0x3a}, 0x1c) socket$inet6(0xa, 0x0, 0x6) r5 = socket$inet6(0xa, 0x2, 0x0) socket$packet(0x11, 0x2, 0x300) r6 = socket$inet6(0x10, 0x3, 0x0) read(r6, &(0x7f0000000340)=""/254, 0xfe) sendto$inet6(r6, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) recvfrom$inet6(r6, 0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg$inet(r5, &(0x7f0000002c40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)=[@ip_ttl={{0x14, 0x0, 0x2, 0x2}}, @ip_retopts={{0x10}}], 0x28}}], 0x1, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r7, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5d1014e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0xadf29f33fb903ae1, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) 1.011572323s ago: executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48) r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_pressure(r3, &(0x7f0000000240)='io.pressure\x00', 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f00000015c0)="a6", 0x1, 0x0, 0x0, 0x0) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000640)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x6, [@volatile={0x0, 0x0, 0x0, 0x9, 0x2}, @fwd={0x4}, @restrict]}, {0x0, [0x0, 0x0, 0x0, 0x5f]}}, &(0x7f0000000540)=""/246, 0x42, 0xf6, 0x1}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000b00)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, r5, 0x3, 0x1}, 0x48) 943.757944ms ago: executing program 4: syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f0000000380), 0x1, 0x2f8, &(0x7f00000003c0)="$eJzs3cFqY1UYB/DPOrZDZSZdiKAgHnSjm0tbX8AgMzBYUOpEdBbCHXujIbdJyQ2VDOK4c+tzDC7dCeILdOMzuMvG5SwGI006mWSMuKqXkt8PyvnD6R/OJdxwNuEbf/bjcbddZe18GBvvp9iIiI3HETvTNPPCxboxzZux6Pt498718RuffH7vw+bBwa3DlG437763n1K6+eav33z701u/DV/+9Oebv2zF2c4X4z/3/zh79ey18V93v+5UqVOlXn+Y8nS/3x/m98siHXWqbpbSx2WRV0Xq9KpisLTfLvsnJ6OU945ubJ8MiqpKeW+UusUoDftpOBil/Ku800tZlqUb28F/aT06PMybdZ+CyzUYNPPzd3jrHzutR7UcCAColfv/OnP/Xwfn9//Ni/d3mfs/AAAAAAAAAAAAAABcBY8nk8ZkMmk8XZ//q/t8XC6f/3pb+OHe9YjjH05bp63ZOttvtqMTZRSxG414EjGZm+Xbdw5u7aapnbh3/PCi//C09eJyfy8asbO6vzfrp+X+S7G92N+PRryyur+/sr8Z77y90M+iEb9/Gf0o4yjOu8/63+2l9MFHB8/1t6b/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB6yNLcyvn9WfZv+7P+fL7+bjTiyer5/Lsr5/Nfi9ev1fvsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUNXrQzcuyGAiCIMxD3d9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8P97NvS77pMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQp2r0oJuXZTG4xFD3MwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwlfwcAAP//WQkrYw==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000080)='./file0\x00', 0x80000108) ioctl$FITRIM(r0, 0x40047211, &(0x7f0000000100)) 91.188766ms ago: executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) ioctl$sock_bt_hci(r0, 0x400448e4, &(0x7f0000000100)) 87.516227ms ago: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x1000041, 0x0, 0x0, 0x0, &(0x7f0000000040)) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000140)='./file0\x00') r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r3, 0x8208200) r4 = open(&(0x7f0000000780)='./bus\x00', 0x14117e, 0x0) mmap(&(0x7f000041c000/0x4000)=nil, 0x4000, 0x7ffffe, 0x4002011, r4, 0x0) ftruncate(r4, 0x5) 80.439508ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000002b"], 0x0}, 0x80) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000003c0)={r0, &(0x7f0000000080), &(0x7f0000000540)=""/170}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={r0, &(0x7f00000002c0), &(0x7f00000000c0)=""/146}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r0, &(0x7f0000000300)="18", &(0x7f0000000480)=""/162}, 0x20) 0s ago: executing program 2: r0 = epoll_create(0xc2c) r1 = socket$tipc(0x1e, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0xb0000005}) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000001200)={0x43}, 0x10) epoll_pwait(r0, &(0x7f0000001180)=[{}], 0x1, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.254' (ED25519) to the list of known hosts. 2024/06/15 23:10:25 fuzzer started 2024/06/15 23:10:26 dialing manager at 10.128.0.163:30000 [ 23.229932][ T23] audit: type=1400 audit(1718493026.090:66): avc: denied { node_bind } for pid=346 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 23.250432][ T23] audit: type=1400 audit(1718493026.090:67): avc: denied { name_bind } for pid=346 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 23.306738][ T356] cgroup1: Unknown subsys name 'net' [ 23.312168][ T356] cgroup1: Unknown subsys name 'net_prio' [ 23.317970][ T23] audit: type=1400 audit(1718493026.160:68): avc: denied { mounton } for pid=356 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 23.338050][ T359] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 23.351024][ T356] cgroup1: Unknown subsys name 'devices' [ 23.353687][ T23] audit: type=1400 audit(1718493026.170:69): avc: denied { mount } for pid=356 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.379369][ T23] audit: type=1400 audit(1718493026.200:70): avc: denied { mounton } for pid=360 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.404800][ T23] audit: type=1400 audit(1718493026.200:71): avc: denied { mount } for pid=360 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 23.427876][ T23] audit: type=1400 audit(1718493026.210:72): avc: denied { relabelto } for pid=359 comm="mkswap" name="swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.454320][ T23] audit: type=1400 audit(1718493026.210:73): avc: denied { write } for pid=359 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.479850][ T23] audit: type=1400 audit(1718493026.220:74): avc: denied { setattr } for pid=364 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=176 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.502756][ T23] audit: type=1400 audit(1718493026.240:75): avc: denied { unmount } for pid=356 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.502781][ T355] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.608278][ T356] cgroup1: Unknown subsys name 'hugetlb' [ 23.614062][ T356] cgroup1: Unknown subsys name 'rlimit' 2024/06/15 23:10:26 starting 5 executor processes [ 24.157885][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.164867][ T372] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.172929][ T372] device bridge_slave_0 entered promiscuous mode [ 24.179706][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.186573][ T372] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.193861][ T372] device bridge_slave_1 entered promiscuous mode [ 24.366202][ T377] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.373110][ T377] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.380495][ T377] device bridge_slave_0 entered promiscuous mode [ 24.402974][ T377] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.409917][ T377] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.417294][ T377] device bridge_slave_1 entered promiscuous mode [ 24.440669][ T373] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.447509][ T373] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.454693][ T373] device bridge_slave_0 entered promiscuous mode [ 24.464721][ T379] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.471883][ T379] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.479143][ T379] device bridge_slave_0 entered promiscuous mode [ 24.495042][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.501940][ T373] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.509159][ T373] device bridge_slave_1 entered promiscuous mode [ 24.515497][ T379] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.522311][ T379] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.529832][ T379] device bridge_slave_1 entered promiscuous mode [ 24.546398][ T378] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.553213][ T378] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.560571][ T378] device bridge_slave_0 entered promiscuous mode [ 24.570297][ T378] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.577138][ T378] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.584401][ T378] device bridge_slave_1 entered promiscuous mode [ 24.696853][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.703792][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.710941][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.717692][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.780568][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.787415][ T373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.794552][ T373] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.801311][ T373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.849806][ T379] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.856647][ T379] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.863734][ T379] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.870537][ T379] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.878900][ T378] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.885818][ T378] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.892920][ T378] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.899719][ T378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.908371][ T377] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.915191][ T377] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.922340][ T377] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.929086][ T377] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.946251][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.953386][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.960631][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.967600][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.974499][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.981695][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.988649][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.995681][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.002615][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.009557][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.017012][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.024207][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.046550][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.054549][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.061374][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.068929][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.077360][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.084168][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.120333][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.140150][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.148396][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.155202][ T374] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.163333][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.171349][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.178180][ T374] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.185294][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.193088][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.200789][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.208127][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.226514][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.234640][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.243142][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.249971][ T374] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.257219][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.265379][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.273378][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.280210][ T374] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.287388][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.294684][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.317094][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.324372][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.331667][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.339970][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.348612][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.356394][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.375513][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.383594][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.391819][ T395] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.398657][ T395] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.405864][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.414020][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.422978][ T395] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.429809][ T395] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.437044][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.444895][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.452716][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.460531][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.485530][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.493421][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.501501][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.510249][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.518826][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.525654][ T374] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.532786][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.541041][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.549005][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.555820][ T374] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.562960][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.570812][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.578537][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.586562][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.625390][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.634048][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.642246][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.650431][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.658577][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.666795][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.674837][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.682817][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.690644][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.698502][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.706274][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.714309][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.742878][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.750914][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.758992][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.768824][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.776990][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.785029][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.805685][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.813463][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.822414][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.831051][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.839107][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.847259][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.890044][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.899264][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.907341][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.915299][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.923449][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.931562][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.939684][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.947691][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.198681][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.207939][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.217863][ T405] syz-executor.0 uses obsolete (PF_INET,SOCK_PACKET) [ 26.226282][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.294701][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.303027][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.311590][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.333618][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.341791][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.350043][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.358478][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.853926][ T420] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.874378][ T420] ext4 filesystem being mounted at /root/syzkaller-testdir348099308/syzkaller.Avx3Cl/2/bus supports timestamps until 2038 (0x7fffffff) [ 27.405545][ T374] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 27.446202][ T430] syz-executor.1 (430) used greatest stack depth: 21304 bytes left [ 28.250548][ T459] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.257781][ T459] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.265103][ T459] device bridge_slave_0 entered promiscuous mode [ 28.272322][ T23] kauditd_printk_skb: 55 callbacks suppressed [ 28.272334][ T23] audit: type=1400 audit(1718493031.130:131): avc: denied { read } for pid=460 comm="syz-executor.4" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 28.305026][ T23] audit: type=1400 audit(1718493031.130:132): avc: denied { open } for pid=460 comm="syz-executor.4" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 28.329249][ T374] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 172, changing to 7 [ 28.329261][ T459] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.340124][ T374] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 16750, setting to 1024 [ 28.346882][ T459] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.357969][ T374] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 28.366777][ T459] device bridge_slave_1 entered promiscuous mode [ 28.377532][ T23] audit: type=1400 audit(1718493031.160:133): avc: denied { ioctl } for pid=460 comm="syz-executor.4" path="/dev/binderfs/binder0" dev="binder" ino=7 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 28.440897][ T23] audit: type=1400 audit(1718493031.280:134): avc: denied { unmount } for pid=372 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 28.468782][ T471] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 28.483618][ T471] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.546022][ T459] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.552865][ T459] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.559999][ T459] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.566753][ T459] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.605656][ T374] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 28.614993][ T374] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 29.401433][ T23] audit: type=1400 audit(1718493031.490:135): avc: denied { create } for pid=466 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 29.505628][ T374] usb 1-1: SerialNumber: syz [ 29.513649][ T23] audit: type=1400 audit(1718493031.500:136): avc: denied { connect } for pid=466 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 29.542642][ T23] audit: type=1400 audit(1718493031.500:137): avc: denied { setopt } for pid=466 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 29.562693][ T23] audit: type=1400 audit(1718493031.500:138): avc: denied { name_bind } for pid=466 comm="syz-executor.2" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 29.563708][ T374] cdc_ether: probe of 1-1:1.0 failed with error -22 [ 29.584728][ T23] audit: type=1400 audit(1718493032.260:139): avc: denied { mounton } for pid=470 comm="syz-executor.4" path="/root/syzkaller-testdir3398387331/syzkaller.og2MAF/4/file0/file0" dev="loop4" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 29.617821][ T23] audit: type=1400 audit(1718493032.260:140): avc: denied { write } for pid=470 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 29.644560][ T395] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.652019][ T395] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.660629][ T481] EXT4-fs (loop1): Mount option "nouser_xattr" will be removed by 3.5 [ 29.660629][ T481] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 29.660629][ T481] [ 29.678832][ T481] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 29.699671][ T481] EXT4-fs error (device loop1): ext4_orphan_get:1236: inode #17: comm syz-executor.1: iget: bad i_size value: -6917529027641081756 [ 29.707916][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 29.720113][ T481] EXT4-fs error (device loop1): ext4_orphan_get:1240: comm syz-executor.1: couldn't read orphan inode 17 (err -117) [ 29.737948][ T481] EXT4-fs (loop1): mounted filesystem without journal. Opts: barrier,nouser_xattr,resgid=0x000000000000ee00,nombcache,noload,,errors=continue [ 29.746196][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.776688][ T410] usb 1-1: USB disconnect, device number 2 [ 29.793040][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 29.801272][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.809329][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.816169][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.824314][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 29.836382][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.844506][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.851339][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.925083][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 29.933345][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.934209][ T499] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 29.942566][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 29.966492][ T395] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.192499][ T499] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 30.226406][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 30.250725][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.261090][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 30.268857][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.286538][ T397] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 30.294995][ T397] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.310973][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 30.319755][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.342561][ T179] device bridge_slave_1 left promiscuous mode [ 30.348972][ T179] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.356875][ T179] device bridge_slave_0 left promiscuous mode [ 30.362846][ T179] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.488454][ T397] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 30.500095][ T397] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.514603][ T96] Bluetooth: hci0: sending frame failed (-49) [ 31.656948][ T377] syz-executor.2 (377) used greatest stack depth: 20760 bytes left [ 31.657383][ T538] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 31.675396][ T538] ext4 filesystem being mounted at /root/syzkaller-testdir3421870367/syzkaller.35cxWg/8/bus supports timestamps until 2038 (0x7fffffff) [ 31.819635][ T547] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.826677][ T547] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.833848][ T547] device bridge_slave_0 entered promiscuous mode [ 31.840567][ T547] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.847395][ T547] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.854597][ T547] device bridge_slave_1 entered promiscuous mode [ 31.965625][ T18] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 32.153308][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 32.161175][ T555] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 32.161286][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.181735][ T555] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.183237][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 32.251574][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.259601][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.266438][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.276469][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 32.296171][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 32.304219][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 32.313041][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.319876][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.327667][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 32.336188][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 32.445821][ T18] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 172, changing to 7 [ 32.457081][ T18] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 16750, setting to 1024 [ 32.469509][ T18] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 32.497099][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 32.505272][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 32.521466][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 32.534190][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 32.545199][ T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 32.575542][ T18] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 32.585179][ T18] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 32.593669][ T18] usb 2-1: SerialNumber: syz [ 32.650530][ T18] cdc_ether: probe of 2-1:1.0 failed with error -22 [ 32.665754][ T179] device bridge_slave_1 left promiscuous mode [ 32.671826][ T179] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.681341][ T179] device bridge_slave_0 left promiscuous mode [ 32.687929][ T179] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.879892][ T124] usb 2-1: USB disconnect, device number 2 [ 33.588989][ T124] Bluetooth: hci0: command 0x1003 tx timeout [ 33.600162][ T23] kauditd_printk_skb: 14 callbacks suppressed [ 33.600173][ T23] audit: type=1400 audit(1718493036.460:155): avc: denied { append } for pid=144 comm="syslogd" name="messages" dev="tmpfs" ino=241 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 33.725593][ T96] Bluetooth: hci0: sending frame failed (-49) [ 33.738547][ T23] audit: type=1400 audit(1718493036.460:156): avc: denied { open } for pid=144 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=241 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 34.499884][ T23] audit: type=1400 audit(1718493036.460:157): avc: denied { getattr } for pid=144 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=241 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 34.570982][ T23] audit: type=1400 audit(1718493037.400:158): avc: denied { read } for pid=596 comm="syz-executor.0" name="msr" dev="devtmpfs" ino=9192 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 34.612029][ T23] audit: type=1400 audit(1718493037.400:159): avc: denied { open } for pid=596 comm="syz-executor.0" path="/dev/cpu/0/msr" dev="devtmpfs" ino=9192 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 34.708259][ T607] erofs: (device loop4): mounted with opts: , root inode @ nid 36. [ 34.712009][ T609] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 34.786767][ T609] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.547584][ T23] audit: type=1400 audit(1718493038.390:160): avc: denied { mounton } for pid=605 comm="syz-executor.0" path="/root/syzkaller-testdir348099308/syzkaller.Avx3Cl/10/file0/file0" dev="loop0" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 35.804605][ T5] Bluetooth: hci0: command 0x1001 tx timeout [ 35.813219][ T96] Bluetooth: hci0: sending frame failed (-49) [ 35.892999][ T626] syz-executor.4 (626) used greatest stack depth: 19800 bytes left [ 36.517347][ T636] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 36.526490][ T636] ext4 filesystem being mounted at /root/syzkaller-testdir348099308/syzkaller.Avx3Cl/11/file0 supports timestamps until 2038 (0x7fffffff) [ 36.553692][ T636] EXT4-fs error (device loop0): ext4_search_dir:1509: inode #2: block 3: comm syz-executor.0: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 36.574533][ T23] audit: type=1400 audit(1718493039.430:161): avc: denied { add_name } for pid=635 comm="syz-executor.0" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 36.619216][ T23] audit: type=1400 audit(1718493039.450:162): avc: denied { create } for pid=635 comm="syz-executor.0" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 36.640853][ T23] audit: type=1400 audit(1718493039.470:163): avc: denied { create } for pid=635 comm="syz-executor.0" name="blkio.bfq.io_queued" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 36.662457][ T23] audit: type=1400 audit(1718493039.470:164): avc: denied { read append open } for pid=635 comm="syz-executor.0" path="/root/syzkaller-testdir348099308/syzkaller.Avx3Cl/11/file0/blkio.bfq.io_queued" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 37.010683][ T666] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 37.350857][ T672] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 37.377708][ T672] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.825487][ T691] Bluetooth: hci0: command 0x1009 tx timeout [ 38.360708][ T707] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 38.592904][ T707] EXT4-fs (loop0): re-mounted. Opts: (null) [ 38.708926][ T720] erofs: (device loop0): mounted with opts: , root inode @ nid 36. [ 38.777947][ T23] kauditd_printk_skb: 8 callbacks suppressed [ 38.777958][ T23] audit: type=1400 audit(1718493041.640:173): avc: denied { listen } for pid=733 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 39.241163][ T748] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 39.264833][ T748] EXT4-fs (loop0): re-mounted. Opts: (null) [ 39.495428][ T766] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 39.504559][ T766] ext4 filesystem being mounted at /root/syzkaller-testdir3398387331/syzkaller.og2MAF/37/file0 supports timestamps until 2038 (0x7fffffff) [ 39.543450][ T766] EXT4-fs error (device loop4): ext4_search_dir:1509: inode #2: block 3: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 40.120029][ T793] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 40.133551][ T793] EXT4-fs (loop2): re-mounted. Opts: (null) [ 40.726219][ T810] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 40.776359][ T23] audit: type=1400 audit(1718493043.640:174): avc: denied { write } for pid=809 comm="syz-executor.0" path="/root/syzkaller-testdir348099308/syzkaller.Avx3Cl/30/file1/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 40.804799][ T9] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 40.819694][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 40.831656][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 40.831656][ T9] [ 40.841113][ T9] EXT4-fs (loop0): Total free blocks count 0 [ 40.846924][ T9] EXT4-fs (loop0): Free/Dirty block details [ 40.852642][ T9] EXT4-fs (loop0): free_blocks=2415919104 [ 40.858211][ T9] EXT4-fs (loop0): dirty_blocks=32 [ 40.863251][ T9] EXT4-fs (loop0): Block reservation details [ 40.869080][ T9] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 40.875139][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2097151 with max blocks 1 with error 28 [ 40.887621][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 40.887621][ T9] [ 40.906895][ T821] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 40.916007][ T821] ext4 filesystem being mounted at /root/syzkaller-testdir3421870367/syzkaller.35cxWg/27/bus supports timestamps until 2038 (0x7fffffff) [ 41.346631][ T838] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 41.379398][ T838] EXT4-fs (loop2): re-mounted. Opts: (null) [ 41.385570][ T24] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 41.557449][ T851] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 41.568566][ T851] ext4 filesystem being mounted at /root/syzkaller-testdir3367551172/syzkaller.EeLwNd/19/file0 supports timestamps until 2038 (0x7fffffff) [ 41.588982][ T851] EXT4-fs error (device loop2): ext4_search_dir:1509: inode #2: block 3: comm syz-executor.2: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 42.005570][ T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 172, changing to 7 [ 42.016360][ T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 16750, setting to 1024 [ 42.027205][ T24] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 42.037266][ T865] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 42.049080][ T865] EXT4-fs (loop3): external journal device major/minor numbers have changed [ 42.058318][ T865] EXT4-fs (loop3): failed to open journal device unknown-block(7,3): -16 [ 42.067384][ T863] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 42.122975][ T179] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 42.125661][ T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 42.137714][ T179] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 42.146392][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 42.158622][ T179] EXT4-fs (loop0): This should not happen!! Data will be lost [ 42.158622][ T179] [ 42.166115][ T24] usb 2-1: SerialNumber: syz [ 42.175755][ T179] EXT4-fs (loop0): Total free blocks count 0 [ 42.187120][ T179] EXT4-fs (loop0): Free/Dirty block details [ 42.192891][ T179] EXT4-fs (loop0): free_blocks=2415919104 [ 42.198460][ T179] EXT4-fs (loop0): dirty_blocks=32 [ 42.203698][ T23] audit: type=1400 audit(1718493045.060:175): avc: denied { unmount } for pid=459 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 42.223736][ T179] EXT4-fs (loop0): Block reservation details [ 42.230834][ T179] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 42.237274][ T179] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2097151 with max blocks 1 with error 28 [ 42.249782][ T179] EXT4-fs (loop0): This should not happen!! Data will be lost [ 42.249782][ T179] [ 42.250425][ T24] cdc_ether: probe of 2-1:1.0 failed with error -22 [ 42.329540][ T23] audit: type=1400 audit(1718493045.190:176): avc: denied { create } for pid=875 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 42.360312][ T23] audit: type=1400 audit(1718493045.190:177): avc: denied { ioctl } for pid=875 comm="syz-executor.3" path="socket:[14056]" dev="sockfs" ino=14056 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 42.481204][ T24] usb 2-1: USB disconnect, device number 3 [ 43.255706][ T881] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 43.281533][ T881] EXT4-fs (loop3): re-mounted. Opts: (null) [ 43.410234][ T459] ================================================================== [ 43.418129][ T459] BUG: KASAN: use-after-free in kthread_stop+0x37/0x4a0 [ 43.424882][ T459] Write of size 4 at addr ffff8881d4bf0fe0 by task syz-executor.3/459 [ 43.432862][ T459] [ 43.435048][ T459] CPU: 0 PID: 459 Comm: syz-executor.3 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 43.444929][ T459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 43.454905][ T459] Call Trace: [ 43.455510][ T23] audit: type=1400 audit(1718493046.310:178): avc: denied { block_suspend } for pid=903 comm="syz-executor.2" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 43.458039][ T459] dump_stack+0x1d8/0x241 [ 43.458054][ T459] ? prepare_exit_to_usermode+0x199/0x200 [ 43.489108][ T459] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 43.494756][ T459] ? printk+0xd1/0x111 [ 43.498751][ T459] ? kthread_stop+0x37/0x4a0 [ 43.503172][ T459] print_address_description+0x8c/0x600 [ 43.508555][ T459] ? kthread_stop+0x37/0x4a0 [ 43.512996][ T459] __kasan_report+0xf3/0x120 [ 43.517401][ T459] ? kthread_stop+0x37/0x4a0 [ 43.521833][ T459] kasan_report+0x30/0x60 [ 43.525990][ T459] check_memory_region+0x272/0x280 [ 43.531036][ T459] kthread_stop+0x37/0x4a0 [ 43.535289][ T459] ext4_put_super+0x790/0xbb0 [ 43.539794][ T459] ? ext4_drop_inode+0x1f0/0x1f0 [ 43.544577][ T459] generic_shutdown_super+0x120/0x2a0 [ 43.549772][ T459] kill_block_super+0x7a/0xe0 [ 43.554389][ T459] deactivate_locked_super+0xa8/0x110 [ 43.559596][ T459] deactivate_super+0x1e2/0x2a0 [ 43.564282][ T459] ? vfs_submount+0xb0/0xb0 [ 43.568825][ T459] ? deactivate_locked_super+0x110/0x110 [ 43.574290][ T459] ? fast_dput+0x7a/0x280 [ 43.578462][ T459] cleanup_mnt+0x44e/0x500 [ 43.582721][ T459] task_work_run+0x140/0x170 [ 43.587234][ T459] exit_to_usermode_loop+0x190/0x1a0 [ 43.592359][ T459] prepare_exit_to_usermode+0x199/0x200 [ 43.597731][ T459] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 43.603461][ T459] RIP: 0033:0x7f28351d01d7 [ 43.607705][ T459] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 43.627233][ T459] RSP: 002b:00007ffc221cc448 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 43.635477][ T459] RAX: 0000000000000000 RBX: 0000000000000064 RCX: 00007f28351d01d7 [ 43.643287][ T459] RDX: 0000000000000200 RSI: 0000000000000009 RDI: 00007ffc221cd5f0 [ 43.651201][ T459] RBP: 00007f283522b636 R08: 0000000000000000 R09: 0000000000000000 [ 43.658996][ T459] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffc221cd5f0 [ 43.666808][ T459] R13: 00007f283522b636 R14: 00005555569b7430 R15: 0000000000000006 [ 43.674622][ T459] [ 43.676793][ T459] Allocated by task 2: [ 43.680705][ T459] __kasan_kmalloc+0x171/0x210 [ 43.685387][ T459] kmem_cache_alloc+0xd9/0x250 [ 43.689985][ T459] dup_task_struct+0x4f/0x600 [ 43.694683][ T459] copy_process+0x56d/0x3230 [ 43.699111][ T459] _do_fork+0x197/0x900 [ 43.703101][ T459] kernel_thread+0x16a/0x1d0 [ 43.707530][ T459] kthreadd+0x3b1/0x4f0 [ 43.711522][ T459] ret_from_fork+0x1f/0x30 [ 43.715786][ T459] [ 43.717940][ T459] Freed by task 17: [ 43.721592][ T459] __kasan_slab_free+0x1b5/0x270 [ 43.726364][ T459] kmem_cache_free+0x10b/0x2c0 [ 43.730965][ T459] rcu_do_batch+0x492/0xa00 [ 43.735360][ T459] rcu_core+0x4c8/0xcb0 [ 43.739294][ T459] __do_softirq+0x23b/0x6b7 [ 43.743629][ T459] [ 43.745806][ T459] The buggy address belongs to the object at ffff8881d4bf0fc0 [ 43.745806][ T459] which belongs to the cache task_struct of size 3904 [ 43.759782][ T459] The buggy address is located 32 bytes inside of [ 43.759782][ T459] 3904-byte region [ffff8881d4bf0fc0, ffff8881d4bf1f00) [ 43.772881][ T459] The buggy address belongs to the page: [ 43.778360][ T459] page:ffffea000752fc00 refcount:1 mapcount:0 mapping:ffff8881f5cf8500 index:0x0 compound_mapcount: 0 [ 43.789200][ T459] flags: 0x8000000000010200(slab|head) [ 43.794504][ T459] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf8500 [ 43.802967][ T459] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 43.811328][ T459] page dumped because: kasan: bad access detected [ 43.817592][ T459] page_owner tracks the page as allocated [ 43.823136][ T459] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL) [ 43.839370][ T459] prep_new_page+0x18f/0x370 [ 43.843795][ T459] get_page_from_freelist+0x2d13/0x2d90 [ 43.849175][ T459] __alloc_pages_nodemask+0x393/0x840 [ 43.854393][ T459] alloc_slab_page+0x39/0x3c0 [ 43.858895][ T459] new_slab+0x97/0x440 [ 43.862807][ T459] ___slab_alloc+0x2fe/0x490 [ 43.867230][ T459] __slab_alloc+0x62/0xa0 [ 43.871394][ T459] kmem_cache_alloc+0x109/0x250 [ 43.876088][ T459] dup_task_struct+0x4f/0x600 [ 43.880596][ T459] copy_process+0x56d/0x3230 [ 43.885022][ T459] _do_fork+0x197/0x900 [ 43.889021][ T459] kernel_thread+0x16a/0x1d0 [ 43.893438][ T459] kthreadd+0x3b1/0x4f0 [ 43.897431][ T459] ret_from_fork+0x1f/0x30 [ 43.901679][ T459] page last free stack trace: [ 43.906202][ T459] __free_pages_ok+0x847/0x950 [ 43.910799][ T459] __free_pages+0x91/0x140 [ 43.915057][ T459] __free_slab+0x221/0x2e0 [ 43.919312][ T459] unfreeze_partials+0x14e/0x180 [ 43.924082][ T459] put_cpu_partial+0x44/0x180 [ 43.928591][ T459] __slab_free+0x297/0x360 [ 43.933038][ T459] qlist_free_all+0x43/0xb0 [ 43.937376][ T459] quarantine_reduce+0x1d9/0x210 [ 43.942155][ T459] __kasan_kmalloc+0x41/0x210 [ 43.946662][ T459] kmem_cache_alloc+0xd9/0x250 [ 43.951271][ T459] __alloc_skb+0x7a/0x4d0 [ 43.955450][ T459] alloc_skb_with_frags+0x92/0x550 [ 43.960390][ T459] sock_alloc_send_pskb+0x831/0x950 [ 43.965414][ T459] unix_dgram_sendmsg+0x6fa/0x1ff0 [ 43.970359][ T459] sock_write_iter+0x344/0x470 [ 43.974959][ T459] __vfs_write+0x5d3/0x750 [ 43.979207][ T459] [ 43.981376][ T459] Memory state around the buggy address: [ 43.986850][ T459] ffff8881d4bf0e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.994745][ T459] ffff8881d4bf0f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 44.002650][ T459] >ffff8881d4bf0f80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 44.010538][ T459] ^ [ 44.017571][ T459] ffff8881d4bf1000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.025471][ T459] ffff8881d4bf1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.033365][ T459] ================================================================== [ 44.041262][ T459] Disabling lock debugging due to kernel taint [ 44.080970][ T459] ------------[ cut here ]------------ [ 44.086458][ T459] refcount_t: addition on 0; use-after-free. [ 44.092603][ T459] WARNING: CPU: 0 PID: 459 at lib/refcount.c:25 refcount_warn_saturate+0x132/0x1a0 [ 44.101670][ T459] Modules linked in: [ 44.105416][ T459] CPU: 0 PID: 459 Comm: syz-executor.3 Tainted: G B 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 44.116695][ T459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 44.126591][ T459] RIP: 0010:refcount_warn_saturate+0x132/0x1a0 [ 44.132583][ T459] Code: 04 01 48 c7 c7 a0 0b fa 84 e8 6a ef 0d ff 0f 0b eb a9 e8 31 3b 37 ff c6 05 c4 97 1c 04 01 48 c7 c7 20 0c fa 84 e8 4e ef 0d ff <0f> 0b eb 8d e8 15 3b 37 ff c6 05 a9 97 1c 04 01 48 c7 c7 80 0c fa [ 44.152019][ T459] RSP: 0018:ffff8881ecfa7c30 EFLAGS: 00010246 [ 44.157922][ T459] RAX: 68ee3b0e3241ef00 RBX: 0000000000000002 RCX: ffff8881ed648fc0 [ 44.165731][ T459] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 44.173539][ T459] RBP: 0000000000000002 R08: ffffffff814d5cd2 R09: ffffed103edc5262 [ 44.181352][ T459] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 44.189167][ T459] R13: ffff8881d4bf0fc0 R14: dffffc0000000000 R15: ffff8881d4bf0fe0 [ 44.196979][ T459] FS: 00005555569b7480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 44.205744][ T459] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.212166][ T459] CR2: 00007fa0eb0cad58 CR3: 00000001ec926000 CR4: 00000000003426b0 [ 44.219988][ T459] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.227783][ T459] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.235592][ T459] Call Trace: [ 44.238727][ T459] ? __warn+0x162/0x250 [ 44.242719][ T459] ? report_bug+0x3a1/0x4e0 [ 44.247072][ T459] ? refcount_warn_saturate+0x132/0x1a0 [ 44.252441][ T459] ? refcount_warn_saturate+0x132/0x1a0 [ 44.257817][ T459] ? do_invalid_op+0x6e/0x110 [ 44.262335][ T459] ? invalid_op+0x1e/0x30 [ 44.266501][ T459] ? wake_up_klogd+0xb2/0xf0 [ 44.270927][ T459] ? refcount_warn_saturate+0x132/0x1a0 [ 44.276310][ T459] kthread_stop+0x1a5/0x4a0 [ 44.280645][ T459] ext4_put_super+0x790/0xbb0 [ 44.285160][ T459] ? ext4_drop_inode+0x1f0/0x1f0 [ 44.289932][ T459] generic_shutdown_super+0x120/0x2a0 [ 44.295147][ T459] kill_block_super+0x7a/0xe0 [ 44.299652][ T459] deactivate_locked_super+0xa8/0x110 [ 44.304859][ T459] deactivate_super+0x1e2/0x2a0 [ 44.309548][ T459] ? vfs_submount+0xb0/0xb0 [ 44.313884][ T459] ? deactivate_locked_super+0x110/0x110 [ 44.319359][ T459] ? fast_dput+0x7a/0x280 [ 44.323521][ T459] cleanup_mnt+0x44e/0x500 [ 44.327775][ T459] task_work_run+0x140/0x170 [ 44.332204][ T459] exit_to_usermode_loop+0x190/0x1a0 [ 44.337332][ T459] prepare_exit_to_usermode+0x199/0x200 [ 44.342705][ T459] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 44.348428][ T459] RIP: 0033:0x7f28351d01d7 [ 44.352688][ T459] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 44.372129][ T459] RSP: 002b:00007ffc221cc448 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 2024/06/15 23:10:47 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 44.380371][ T459] RAX: 0000000000000000 RBX: 0000000000000064 RCX: 00007f28351d01d7 [ 44.388180][ T459] RDX: 0000000000000200 RSI: 0000000000000009 RDI: 00007ffc221cd5f0 [ 44.395993][ T459] RBP: 00007f283522b636 R08: 0000000000000000 R09: 0000000000000000 [ 44.403830][ T459] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffc221cd5f0 [ 44.411625][ T459] R13: 00007f283522b636 R14: 00005555569b7430 R15: 0000000000000006 [ 44.419427][ T459] ---[ end trace e5dfd3f0123226af ]---