last executing test programs: 2.25813334s ago: executing program 1 (id=2): ioprio_set$pid(0x3, 0x0, 0x0) r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[], 0x2000011a) 2.197424572s ago: executing program 2 (id=3): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) syz_usb_connect(0x0, 0x2d, &(0x7f0000001340)=ANY=[@ANYBLOB="12010000024ece08f905ffffc09f0102030109021b0001000000000904"], 0x0) socket$can_bcm(0x1d, 0x2, 0x2) 2.135387905s ago: executing program 0 (id=8): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="a8"], 0xa8) write$FUSE_INIT(r2, &(0x7f0000000440)={0x50}, 0x50) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000640)={0x10}, 0x10) write$FUSE_BMAP(r2, &(0x7f00000000c0)={0x18}, 0x18) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x101400, 0x0) 2.051516119s ago: executing program 0 (id=10): memfd_create(0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100002b55ba40f71d002525c2010203010902120001000000000904"], 0x0) 2.02691176s ago: executing program 1 (id=12): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) syz_io_uring_setup(0x0, &(0x7f0000000240)={0x0, 0x0, 0x10500}, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={0x0}) 1.963464622s ago: executing program 1 (id=13): lchown(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000000e80)=[{{0x0, 0xfffffffffffffefa, 0x0, 0x0, 0x0, 0x1000000000002}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}}], 0x40000000000033a, 0x0, 0x0) 1.963259183s ago: executing program 1 (id=14): syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_connect$printer(0x0, 0x36, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r0, 0x0, 0x0) 1.339874521s ago: executing program 3 (id=48): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000000)={r0}) ioctl$sock_inet6_SIOCDIFADDR(r1, 0x8904, &(0x7f0000000200)={@remote}) 1.339669611s ago: executing program 3 (id=49): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r0, r1, 0x0) 1.33930671s ago: executing program 3 (id=50): gettid() timer_settime(0x0, 0x0, 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000340), 0xffffff46) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)=ANY=[], 0x10}], 0x1}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0x0, 0x0}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) r0 = socket(0x1, 0x3, 0x0) recvmsg$inet_nvme(r0, &(0x7f0000000180)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, 0x0, 0x0, 0x0, 0x62}, 0x0) close(r1) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x5450) 1.066236763s ago: executing program 4 (id=56): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x8, 0xfff, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000f00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 1.052305373s ago: executing program 4 (id=57): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x6, 0x7fe2, 0x5}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000006c0)={r0, &(0x7f0000000140), &(0x7f0000000080)=""/155}, 0x20) bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000180)={r0, &(0x7f0000000140)}, 0x20) 999.280655ms ago: executing program 4 (id=58): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d00)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0xc00d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0}, 0x90) socketpair(0x0, 0x1, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 999.068815ms ago: executing program 4 (id=59): ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x7, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x31, &(0x7f0000000200), 0x4) listen(r0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) 998.858616ms ago: executing program 4 (id=60): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0xa04254, &(0x7f0000000080)=ANY=[], 0x8, 0x2fd, &(0x7f0000000c40)="$eJzs3M9rE1sUwPGTNE2TlCZZPN7jPXj0ohvdDG10LQZpQQxY2kZsBWHaTjRkTEomVCJideVW/CNclC67K6j/QDfudOPGXTeCC4uII5kfbdKmqU5N0x/fD5S5mXPO9F4mLWdCZjZvv3hQKlhaQa9JOKYkJCKyJZKWsPhC3jbsjKPS7KlcHPzy/v+pmdkb2VxubFKp8ez0pYxSKjn8+uHjuJe2PiAb6bubnzOfNv7e+Hfzx/T9oqWKlipXakpXc5WPNX3ONNRC0SppSk2Yhm4Zqli2jKobr7jxgllZXKwrvbwwlFisGpal9HJdlYy6qlVUrVpX+j29WFaapqmhhOAg+ZXJST0bsHj+D08GQX2zbbtDuFrN6n0iEt8Tya90dV4AAOBY2t3/hxstfaD+X5JO/99I3un/V8+9rQ3eWkt6/f96tF3/f/mDe6yW/j8mIl3v//d2RCfe8u8kH6r/x/EwHN2zK9TyqtH/J7y/X8ezO6sjzoD+HwAAAAAAAAAAAAAAAAAAAACAk2DLtlO2baf8rf+zcwuB9xqn0n7nf0BEYo2zb3P+T7OpmVmJOTfuRZIi5vOl/FLe3XpxP3FEUvLdeT94GmP/ziPVkJY35rJXv7yU73Mi2YIUxRRDRiUl6d31tj1+PTc2qlyt9f2SaK7PSEr+al+faVsflQvnm+o1Scm7eamIKQvO+3qn/smoUtdu5nbVx508AAAAAABOA01ta3v9rmn7xd367evrtp8PuNfXI22vzyOp/yK9XTsAAAAAAGeFVX9U0k3TqHYYxOXgnOCDSLDy/k45fU0r/NUDRp3vu4h0b6UdBv4XKVpCMW9nsCP76+/OnMMSpGq4MR912N/uf2y0X45M9OAMOoN/Xr76Gqw85D21tzl0ZS12wEq7Nug/iv89AAAAAI6W3/THLX/P1d5OCAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAM+goHifW6zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8XPAAAA//+JzwPM") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000001400), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) 856.346582ms ago: executing program 4 (id=61): r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) wait4(r1, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x8, 0x0) 506.633918ms ago: executing program 3 (id=62): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000180)="0dee52ea30de2560929e8c56b702cec29c522716ebd11b9d958987ef461bece11ce5efedf4ae583a110307adba82da7d16d16921467378a3ba3a975de3b09bc61d0e7b57f268de297a8ff856c0242e4965119f353772f6686897a888c00c49990cdd1c4f670b411d29f135140daa3101d46bea0fe08a4e331ed14a05de23f71165d0f4a096bf633e6e0d5660d926ef375b576d0dda79b1805d9bc3553fa163d2fb52bb9ddc2651a5ded8f1c4fcb9d1bab6b4f32f06974058347072db523d5d443d32c7", 0xc3}], 0x1}}], 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x9e, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd608a35f200680600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22"], 0x0) 455.42836ms ago: executing program 2 (id=63): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000cc0)='./file0\x00', 0x800714, &(0x7f0000000c40)={[{@quota}]}, 0x1, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") r0 = open(&(0x7f0000000340)='./bus\x00', 0x145142, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef9cc093fce47d85272036dc78388e3dc177e9b496", "f28359738e229a4c668100000000000000e6bbc2ebce21aa45a7fea6180766bb"}) write$selinux_attr(r0, &(0x7f0000000040)='system_u:object_r:pam_var_run_t:s0\x00', 0x23) 455.14914ms ago: executing program 3 (id=64): getpid() syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x2010400, &(0x7f0000000400), 0x1, 0x4bf, &(0x7f00000013c0)="$eJzs3MtvG9UaAPBvJo82fdzk9vbeS6GAoSAiEEmb8uiCBUUgsUFCgkWR2IQkrUrdFjVBolUkUoTaJarEjgViBxJ/ASvYIGADEkhsYI8qVagbCisje2YS24ndPJy4xL+fZPscz/Gc+WbmTM6c4ziAnlWqPiUReyLil4gYzrKNBUrZy62b81N/3pyfSqJSeeX3pFbuj5vzU0XR4nO788xoGpG+nxQL+utXO3vx0pnJcnnmQp4fnzv71vjsxUuPnz47eWrm1My5iWPHnjh65OmnJp7cYIQ/156H89zBAy++du2lqRPX3vj286t7s7ijKY71SxtypSg17ss6D2+8sjvK3rp00t/FDWFN+vKGOVBr/8PRV9dMh+OF99p+eOcWbCCwaSqVSmVH68ULlUzsrADbTxL5a39Et7cF2ErFH/rq/W/x2KKuxx3hxvHsBqga9638kS3pX7ybH2i6v+2kUkScWPjr4+ojmschBjepUgCgp315PGIhTzf2/9L4X125f+VzKCMR8e+I2BcR/4mI/RHx36Golf1/RNy1xvpLTfm+mG8aVU6vrzmoNaj2/57J57Ya+395728wRvry3N5sqDw5ebo8czjfJ6MxUKrmj2Sl8+meonddmwmLr57/8YNW9df3/6qPav21vuBQUSK93t80QDc9OTfZsfgvZytfHn+yOBNQDepARNy90gqevX0dpx/97GCrZS3jX40OzDNVPol4JIt/IfL4s2730sxd0n5+cnxnlGcOjxdnxXLf/XDl5Vb1byj+DrhxOWJXi+OfGamlFudrZ7N3h9ZQx5Vfr07V1rewfNnt41/5/B9MXq2lB+ueqxtbbFfxzjuTc3MXJpY+W+Rrr0ey+EcPrdz+98XSnrgnIqon8b0RcV9E3J9v+wMR8WBEHGoT/zfPPfRmXXbZ9PqJJLp6/Kez479j5eMfI43Hf+2JvjNff9Gq/myGvO3x/+n1PDWav67i+lcqz1worg5tN3Cduw0AAAD+UdKI2BNJOraYTtOxsew7/PtjV1o+Pzv32Mnzb5+bzr4rPxIDaTHSlY0HDyTF+OdIXX6iKX80Hzf+sG+olh+bOl+e7nbw0ON2t2j/Vb/1dXvrgE3n/7Wgd2n/0Lu0f+hd/fFRu+8vAdvUu7cvMrAV2wF0RbrSm6u4LgDbgPt/6F3aP/Qu7R96V/v271uAsE3NVtb/f/3lYuCwxaLGd5KlMsWPNKyr0sZEuvKi4pq1gTWvO/Fp/luBW1rpKhKVzq4w0paLhpr3fNLt2JcSldUXTjtzinY6UZzbbcp8v4EqKnliq69EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAm+PvAAAA//+eUMjH") r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000100)='./file0\x00', 0x2) 455.02067ms ago: executing program 1 (id=65): syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000300)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$peeksig(0x4, r1, &(0x7f0000000000), 0x0) 418.068841ms ago: executing program 1 (id=66): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000640)='\x00', 0x1}], 0x1}}], 0x1, 0x0) sendmsg$inet(r0, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000000)="14fafa37bf25f04bda99eefbbdd8d76b8136ee6cfdee25bdb2d1873ce347c7b623dd3140cfb2326fa1bf9f1dc2375eeba25df45aefdb3c49a4e7ffab4ed7181180bde98af644d11f", 0x48}, {&(0x7f0000000240)="16a6fca1943502d7ac24a672321690c0215b73b201e67576ef51abd7cb2bcd21ebc41893e255eea9bba2639084f4dec0", 0x30}, {&(0x7f0000000980)="dfc56286b56ecc486c04bc14504d983be1f4ef618879be74e47bb41ea0ec8db85da5cfdb43e07b8cc7860bc152943651075c35a9e715afc516b3c84a77236602539578c21fa41ba1a52740bba9", 0x4d}], 0x3}, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x53d, &(0x7f0000000a80)="$eJzs3c9vHFcdAPDvjH82TesEeoAKSIBCQFF2400bVb20uYBQVQlRcUAcUmNvLJNdr/GuS20s4f4NIIHECf4EDkgckHriwI0jEgeEVA5IASxQjATSopkdO1t7TZbsepd6Px9pMvPmzcz3vWxm39u3m3kBTKyrEbEXEbMR8VZELBT7k2KJ1zpLdtzD/d3lg/3d5STa7Tf/muT52b7oOifzdHHN+Yj42pcjvpWcjNvc3rm/VKtVN4t0uVXfKDe3d26s1ZdWq6vV9Url9uLtmy/feqkytLpeqf/8wZfWXv/6r375yfd/u/fF72XFuljkdddjmDpVnzmKk5mOiNfPItgYTBXr2TGXgyeTRsRHIuIz+f2/EFP5v04A4DxrtxeivdCdBgDOuzQfA0vSUkSkadEJKHXG8J6LC2mt0Wxdv9fYWl/pjJVdipn03lqtevPy3O+/kx88k2TpxTwvz8/TlWPpWxFxOSJ+OPdUni4tN2or4+nyAMDEe7q7/Y+If8ylaanU16k9vtUDAD405sddAABg5LT/ADB5tP8AMHn6aP+LL/v3zrwsAMBo+PwPAJNH+w8Ak0f7DwAT5atvvJEt7YPi+dcrb29v3W+8fWOl2rxfqm8tl5Ybmxul1UZjNX9mT/1x16s1GhuLL8bWO+VWtdkqN7d37tYbW+utu/lzve9WZ0ZSKwDgv7l85b3fJRGx98pT+RJdczloq+F8S8ddAGBspgY5WQcBPtTM9gWTq68mPO8k/ObMywKMR8+Hec/33PygH/8PQfzOCP6vXPt4/+P/5niG88X4P0yuJxv/f3Xo5QBGz/g/TK52Ozk+5//sURYAcC4N8BO+9veH1QkBxupxk3kP5ft/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOGcuRsS3I0lL+VzgafZnWipFPBMRl2ImubdWq96MiGfjSkTMzGXpxXEXGgAYUPrnpJj/69rCCxeP584m/5zL1xHx3Z+8+aN3llqtzcVs/9+O9s8dTh9WeXTeAPMKAgBDlrfflWLd9UH+4f7u8uEyyvI8uBP/LqYiXj7Y382XTs50ZDsj5vO+xIW/JzFdnDMfEc9HxNQQ4u+9GxEf61X/JB8buVTMfNodP4rYz4w0fvqB+Gme11lnna+PDqEsMGneuxMRr/W6/9K4mq973//z+TvU4B7c6Vzs8L3voCv+dBFpqkf87J6/2m+MF3/9lRM72wudvHcjnp/uFT85ip+cEv+FPuP/4ROf+sGrp+S1fxpxLXrH745VbtU3ys3tnRtr9aXV6mp1vVK5vXj75su3XqqU8zHq8uFI9Ul/eeX6s6eVLav/hVPiz/es/+zRuZ/rs/4/+9db3/z0o+Tc8fhf+Gzv1/+5nvE7sjbx833GX7rwi1On787ir5xS/8e9/tf7jP/+n3ZW+jwUABiB5vbO/aVarbo50Eb2KXQY1zmxkRWxv4MPu4uDBf1jnEUtnnBj5qz+Vs98Y/qorzjcK38ju+KIq5MOvRYDbTwcVazxvScBo/Hoph93SQAAAAAAAAAAAAAAgNOM4r8ujbuOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CQAA//+zi8zo") sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 319.622316ms ago: executing program 0 (id=67): r0 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)) fsconfig$FSCONFIG_SET_PATH(r0, 0x4, &(0x7f00000000c0)='\x00', &(0x7f0000000100)='./file0\x00', r1) 247.953969ms ago: executing program 2 (id=68): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x1008c54, &(0x7f00000002c0)=ANY=[@ANYBLOB="757466383d302c74696d655f6f66667365743d3078666666666666666666666666376661612c6e6f6e756d7461696c3d302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e39352c6e6f6e756d7461696c3d302c696f636861727365743d69736f383835392d362c646f733178666c6f7070792c726f6469722c73686f72746e616d653d77696e6e742c756d61736b3d30303030303030303030303030303030303030303030362c757466383d302c756e695f786c6174653d312c756e6979786c6174653d302c726f6469722c6e66732c0060ea548dcd4f35f1b2ea2859869bb24cf0509444"], 0x1, 0x2f5, &(0x7f0000002300)="$eJzs3c9rG0cUwPG3+mFJdl3pUEopLQwulJbixRL01oNNsaFU0GJbhbpQWNfrRmgtGa0wKIRYh0CuOefgQ44hEAK55RJCrr7kL8ivmy++xRCTCavdlWVJVqQk/hV/Pwfred+8nZF2ZctjaXbnlxtrpVXXfK21iNY6Ni0N2TMkIxGJiq8hPz7eevbtwqPP/O+VmptZzOaUiojIP1fuTDysjf11//MHCdnO/Luzm3u5/c2iyJvFS0VXFV1V1lpZarlSqRle8UrRLZlK/enYlmurYtm1q7Ugby07tlp1KuvrdWWVV8ZH16u26yqrXFclu65qFVWr1pX1v1UsK9M01fioQEQyrSjSlTNEkkcWFm7vaS27WmudaHiH3+hu0wiDeHCb+ODx4szoOP5923adHNHjHBlOwp6ODXz88enxn//Pb3L8L6aFv5d+n8nnZ+eVSoqsXd8obBT8Wz//dEyK4ogtW/M/Le03XyIGxPC+zv2Wn51STRn5fm0zqN/cKPi/HGZWg/qspL3XKW31EtZn/Xp1uD4uo+31OUnLF73rc2G9RNrqR+SH79rqTUnLk/+kIo6siFd7UH81q9Svf+Q7+k812wEAAAAAAAAAcB6ZquVg/t44+FevaSaa7/ho5VPeVq+dn2/Nr09JWvZ7z89P9Zzfj8nXsdO73wAAAAAAXCRu/XLJchy7ejxB9FaqTxdxEfECkWsT3mD67vDLYMSD9T4iIt2paP8uDgWpn/3+7s4HA5PjfKA+UhB+WKNkOffCVEp6NY4MdQJMjvR85JMnegdlkMbhp12G7SIx8KnVGRj74ZaverbRxrv3oy0nPlzv00M9HY4Mkrpjy+QLf79Onx8ar1pTfAAAAADOkbY/nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwCl5r8XDwnX7D6ckuER895JsndeJZ91/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGfQ2wAAAP//ULm9IQ==") 243.250819ms ago: executing program 0 (id=69): r0 = syz_open_procfs(0x0, &(0x7f00000006c0)='pagemap\x00') unshare(0x20000600) lseek(r0, 0xfffffffffffffffe, 0x0) r1 = memfd_create(&(0x7f00000004c0)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf9\xff\x90\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x0) sendfile(r0, r1, 0x0, 0x0) 118.689305ms ago: executing program 0 (id=70): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_int(r0, 0x1, 0x22, &(0x7f0000000000), 0x4) 31.496719ms ago: executing program 2 (id=71): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r3], 0x90}}, 0x0) 26.002359ms ago: executing program 3 (id=72): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000080)={{{@in=@multicast2, @in6=@private2}}, {{@in=@local}, 0x0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ac0b2be}}, 0xe8) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 0s ago: executing program 0 (id=73): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/profiling', 0x101a82, 0x0) sendfile(r1, r0, 0x0, 0x5) kernel console output (not intermixed with test programs): [ 7.269020][ T23] audit: type=1400 audit(1719775466.700:56): avc: denied { read } for pid=214 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=9732 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 7.276117][ T23] audit: type=1400 audit(1719775466.700:57): avc: denied { open } for pid=214 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=9732 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 7.473972][ T23] audit: type=1400 audit(1719775466.900:58): avc: denied { use } for pid=243 comm="ssh-keygen" path="/dev/null" dev="devtmpfs" ino=26 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:system_r:kernel_t tclass=fd permissive=1 [ 7.536815][ T23] audit: type=1400 audit(1719775466.960:59): avc: denied { search } for pid=243 comm="ssh-keygen" name="/" dev="tmpfs" ino=9352 scontext=system_u:system_r:ssh_keygen_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 7.552917][ T23] audit: type=1400 audit(1719775466.980:60): avc: denied { use } for pid=249 comm="sshd" path="/dev/null" dev="devtmpfs" ino=26 scontext=system_u:system_r:sshd_t tcontext=system_u:system_r:kernel_t tclass=fd permissive=1 [ 13.428880][ T23] audit: type=1400 audit(1719775472.860:61): avc: denied { transition } for pid=284 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.436812][ T23] audit: type=1400 audit(1719775472.860:62): avc: denied { noatsecure } for pid=284 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.443348][ T23] audit: type=1400 audit(1719775472.860:63): avc: denied { write } for pid=284 comm="sh" path="pipe:[9806]" dev="pipefs" ino=9806 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 13.454418][ T23] audit: type=1400 audit(1719775472.860:64): avc: denied { rlimitinh } for pid=284 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.472825][ T23] audit: type=1400 audit(1719775472.860:65): avc: denied { siginh } for pid=284 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.88' (ED25519) to the list of known hosts. [ 19.971454][ T23] audit: type=1400 audit(1719775479.400:66): avc: denied { mounton } for pid=340 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 19.973438][ T340] cgroup1: Unknown subsys name 'net' [ 19.993918][ T23] audit: type=1400 audit(1719775479.400:67): avc: denied { mount } for pid=340 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.000787][ T340] cgroup1: Unknown subsys name 'net_prio' [ 20.026580][ T340] cgroup1: Unknown subsys name 'devices' [ 20.033468][ T23] audit: type=1400 audit(1719775479.460:68): avc: denied { unmount } for pid=340 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.231389][ T340] cgroup1: Unknown subsys name 'hugetlb' [ 20.237060][ T340] cgroup1: Unknown subsys name 'rlimit' [ 20.433922][ T23] audit: type=1400 audit(1719775479.860:69): avc: denied { setattr } for pid=340 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.457882][ T23] audit: type=1400 audit(1719775479.860:70): avc: denied { mounton } for pid=340 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.482390][ T23] audit: type=1400 audit(1719775479.860:71): avc: denied { mount } for pid=340 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 20.490811][ T341] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 20.514094][ T23] audit: type=1400 audit(1719775479.940:72): avc: denied { relabelto } for pid=341 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.539488][ T23] audit: type=1400 audit(1719775479.940:73): avc: denied { write } for pid=341 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.571729][ T23] audit: type=1400 audit(1719775480.000:74): avc: denied { read } for pid=340 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.597028][ T23] audit: type=1400 audit(1719775480.000:75): avc: denied { open } for pid=340 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.622944][ T340] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.120587][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.127443][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.135117][ T352] device bridge_slave_0 entered promiscuous mode [ 21.150102][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.156931][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.164362][ T352] device bridge_slave_1 entered promiscuous mode [ 21.201034][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.207874][ T351] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.215369][ T351] device bridge_slave_0 entered promiscuous mode [ 21.223846][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.230759][ T351] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.238001][ T351] device bridge_slave_1 entered promiscuous mode [ 21.251175][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.258012][ T350] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.265632][ T350] device bridge_slave_0 entered promiscuous mode [ 21.272591][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.279452][ T350] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.286757][ T350] device bridge_slave_1 entered promiscuous mode [ 21.339438][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.346278][ T353] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.353704][ T353] device bridge_slave_0 entered promiscuous mode [ 21.376400][ T348] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.383439][ T348] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.390867][ T348] device bridge_slave_0 entered promiscuous mode [ 21.397364][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.404360][ T353] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.411720][ T353] device bridge_slave_1 entered promiscuous mode [ 21.440825][ T348] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.447975][ T348] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.455446][ T348] device bridge_slave_1 entered promiscuous mode [ 21.639944][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.646875][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.654022][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.660772][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.683031][ T348] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.689901][ T348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.697022][ T348] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.703808][ T348] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.728555][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.735530][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.742696][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.749526][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.758593][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.765431][ T350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.772553][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.779324][ T350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.795782][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.802642][ T351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.809789][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.816621][ T351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.886448][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.894929][ T370] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.902410][ T370] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.909410][ T370] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.916353][ T370] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.923330][ T370] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.930345][ T370] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.937290][ T370] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.944553][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.951959][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.960236][ T370] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.968048][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.975416][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.989783][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.997769][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.004623][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.030400][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.038622][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.045560][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.053684][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.061424][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.069143][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.077078][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.084549][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.091695][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.099916][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.106735][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.114131][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.140783][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.149258][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.157012][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.165253][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.173635][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.181701][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.188539][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.195679][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.203803][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.212014][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.218875][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.226091][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.233567][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.240830][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.248804][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.274935][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.284271][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.293971][ T370] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.300819][ T370] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.318137][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.326151][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.334810][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.342801][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.368435][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.376818][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.385201][ T370] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.392055][ T370] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.400607][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.408853][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.417475][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.425706][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.433835][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.442073][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.449915][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.457766][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.481460][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.489549][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.497424][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.506859][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.515826][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.524036][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.531933][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.539931][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.569687][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.577644][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.585840][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.593855][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.603344][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.611650][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.640691][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.649016][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.657152][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.666054][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.674850][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.683331][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.691630][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.699483][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.707130][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.715550][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.723943][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.753685][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.763226][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.786715][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.798522][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.806831][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.815168][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.823372][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.831841][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.840696][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.848816][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.867110][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.899698][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.908003][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.918110][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.926165][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.934675][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.943164][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.951567][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.960199][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.991504][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.000913][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.010074][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.018517][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.125965][ T375] syz.0.1 (375) used greatest stack depth: 21304 bytes left [ 23.358142][ T372] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 23.384884][ T407] tmpfs: Unsupported parameter 'mpol' [ 23.521358][ T421] netlink: 8 bytes leftover after parsing attributes in process `syz.3.23'. [ 23.548228][ T377] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 23.602579][ T372] usb 3-1: Using ep0 maxpacket: 8 [ 23.619263][ T371] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 23.718186][ T372] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 23.782840][ T460] [ 23.784995][ T460] ********************************************************** [ 23.798206][ T377] usb 2-1: Using ep0 maxpacket: 8 [ 23.812202][ T460] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 23.825989][ T460] ** ** [ 23.834156][ T460] ** trace_printk() being used. Allocating extra memory. ** [ 23.841834][ T460] ** ** [ 23.850242][ T460] ** This means that this is a DEBUG kernel and it is ** [ 23.864683][ T460] ** unsafe for production use. ** [ 23.878417][ T460] ** ** [ 23.887531][ T460] ** If you see this message and you are not debugging ** [ 23.895133][ T372] usb 3-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=9f.c0 [ 23.909519][ T372] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 23.917404][ T372] usb 3-1: Product: syz [ 23.927652][ T460] ** the kernel, report this immediately to your vendor! ** [ 23.935101][ T460] ** ** [ 23.935620][ T372] usb 3-1: Manufacturer: syz [ 23.946697][ T460] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 23.947048][ T377] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 23.955106][ T460] ********************************************************** [ 23.964745][ T372] usb 3-1: SerialNumber: syz [ 23.975762][ T377] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 23.985081][ T377] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 23.996438][ T372] usb 3-1: config 0 descriptor?? [ 24.001476][ T377] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 24.012571][ T377] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 24.021790][ T377] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.038802][ T372] usbserial_generic 3-1:0.0: The "generic" usb-serial driver is only for testing and one-off prototypes. [ 24.055028][ T372] usbserial_generic 3-1:0.0: Tell linux-usb@vger.kernel.org to add your device to a proper driver. [ 24.066213][ T372] usbserial_generic 3-1:0.0: device has no bulk endpoints [ 24.074384][ T377] hub 2-1:1.0: bad descriptor, ignoring hub [ 24.087783][ T377] hub: probe of 2-1:1.0 failed with error -5 [ 24.093959][ T377] cdc_wdm 2-1:1.0: skipping garbage [ 24.100541][ T377] cdc_wdm 2-1:1.0: skipping garbage [ 24.119503][ T377] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 24.130046][ T490] syz.4.54[490] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 24.130106][ T490] syz.4.54[490] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 24.148459][ T371] usb 1-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice=c2.25 [ 24.169418][ T371] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.177484][ T371] usb 1-1: Product: syz [ 24.181717][ T371] usb 1-1: Manufacturer: syz [ 24.186205][ T371] usb 1-1: SerialNumber: syz [ 24.193593][ T371] usb 1-1: config 0 descriptor?? [ 24.243293][ T371] usb 3-1: USB disconnect, device number 2 [ 24.288899][ T504] ====================================================== [ 24.288899][ T504] WARNING: the mand mount option is being deprecated and [ 24.288899][ T504] will be removed in v5.15! [ 24.288899][ T504] ====================================================== [ 24.398293][ T370] usb 2-1: USB disconnect, device number 2 [ 24.439858][ T377] usb 1-1: USB disconnect, device number 2 [ 24.834843][ T514] EXT4-fs (loop2): Unsupported blocksize for fs encryption [ 24.958564][ T520] EXT4-fs (loop3): Unsupported blocksize for fs encryption [ 24.982320][ T23] kauditd_printk_skb: 64 callbacks suppressed [ 24.982331][ T23] audit: type=1400 audit(1719775484.410:140): avc: denied { mount } for pid=523 comm="syz.0.67" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 24.982563][ T525] capability: warning: `syz.0.67' uses 32-bit capabilities (legacy support in use) [ 25.050327][ T524] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 25.060317][ T23] audit: type=1400 audit(1719775484.490:141): avc: denied { mount } for pid=522 comm="syz.1.66" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 25.060346][ T524] ext4 filesystem being mounted at /root/syzkaller.5uOE30/5/file0 supports timestamps until 2038 (0x7fffffff) [ 25.254430][ T535] netlink: 28 bytes leftover after parsing attributes in process `syz.2.71'. [ 25.269390][ T23] audit: type=1400 audit(1719775484.700:142): avc: denied { name_bind } for pid=538 comm="syz.3.72" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 25.303394][ T541] kernel profiling enabled (shift: 1) [ 25.318072][ C0] ================================================================== [ 25.325980][ C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 25.332902][ C0] Read of size 8 at addr ffff8881e95e79a0 by task syz-executor/543 [ 25.340617][ C0] [ 25.342803][ C0] CPU: 0 PID: 543 Comm: syz-executor Not tainted 5.4.276-syzkaller-00020-g4275fce9fe94 #0 [ 25.352510][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 25.362402][ C0] Call Trace: [ 25.365526][ C0] [ 25.368234][ C0] dump_stack+0x1d8/0x241 [ 25.372408][ C0] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 25.378039][ C0] ? printk+0xd1/0x111 [ 25.381939][ C0] ? profile_pc+0xa4/0xe0 [ 25.385082][ T549] syz.4.77 (549) used greatest stack depth: 20984 bytes left [ 25.386103][ C0] ? wake_up_klogd+0xb2/0xf0 [ 25.386112][ C0] ? profile_pc+0xa4/0xe0 [ 25.386126][ C0] print_address_description+0x8c/0x600 [ 25.407309][ C0] ? panic+0x89d/0x89d [ 25.411224][ C0] ? profile_pc+0xa4/0xe0 [ 25.415352][ C0] __kasan_report+0xf3/0x120 [ 25.419795][ C0] ? profile_pc+0xa4/0xe0 [ 25.423945][ C0] ? _raw_spin_lock+0xc0/0x1b0 [ 25.428543][ C0] kasan_report+0x30/0x60 [ 25.432711][ C0] profile_pc+0xa4/0xe0 [ 25.436707][ C0] profile_tick+0xb9/0x100 [ 25.440960][ C0] tick_sched_timer+0x237/0x3c0 [ 25.445642][ C0] ? tick_setup_sched_timer+0x460/0x460 [ 25.451024][ C0] __hrtimer_run_queues+0x3e9/0xb90 [ 25.456063][ C0] ? hrtimer_interrupt+0x890/0x890 [ 25.461092][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 25.466127][ C0] ? sched_clock+0x36/0x40 [ 25.470377][ C0] ? ktime_get+0xf9/0x130 [ 25.474555][ C0] ? ktime_get_update_offsets_now+0x26c/0x280 [ 25.480450][ C0] hrtimer_interrupt+0x38a/0x890 [ 25.485235][ C0] smp_apic_timer_interrupt+0x110/0x460 [ 25.490603][ C0] apic_timer_interrupt+0xf/0x20 [ 25.495370][ C0] [ 25.498165][ C0] RIP: 0010:_raw_spin_lock+0xc0/0x1b0 [ 25.503372][ C0] Code: fd 4c 89 ff be 04 00 00 00 e8 2c dc 42 fd 43 0f b6 04 26 84 c0 0f 85 aa 00 00 00 8b 44 24 20 b9 01 00 00 00 f0 41 0f b1 4d 00 <75> 33 48 c7 04 24 0e 36 e0 45 49 c7 04 1c 00 00 00 00 65 48 8b 04 [ 25.522800][ C0] RSP: 0000:ffff8881e95e79a0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 25.531045][ C0] RAX: 0000000000000000 RBX: 1ffff1103d2bcf34 RCX: 0000000000000001 [ 25.538856][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8881e95e79c0 [ 25.546668][ C0] RBP: ffff8881e95e7a38 R08: dffffc0000000000 R09: 0000000000000003 [ 25.554483][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000 [ 25.562419][ C0] R13: ffffea0007bdd4e8 R14: 1ffff1103d2bcf38 R15: ffff8881e95e79c0 [ 25.570249][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 25.575445][ C0] ? xas_load+0x4f8/0x560 [ 25.579610][ C0] alloc_set_pte+0x836/0x1170 [ 25.584125][ C0] filemap_map_pages+0x9d8/0xdd0 [ 25.588899][ C0] ? maybe_unlock_mmap_for_io+0x120/0x120 [ 25.594451][ C0] handle_mm_fault+0x25cd/0x4990 [ 25.599227][ C0] ? finish_fault+0x230/0x230 [ 25.603733][ C0] ? down_write_trylock+0x130/0x130 [ 25.608770][ C0] ? down_read_trylock+0x179/0x1d0 [ 25.613719][ C0] __do_page_fault+0x509/0xbb0 [ 25.618327][ C0] page_fault+0x2f/0x40 [ 25.622306][ C0] RIP: 0033:0x7f368dd6f493 [ 25.626560][ C0] Code: Bad RIP value. [ 25.630460][ C0] RSP: 002b:00007ffcc01b8db8 EFLAGS: 00010246 [ 25.636365][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f368dd6f493 [ 25.644176][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 25.651992][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 25.659799][ C0] R10: 00005555574f97d0 R11: 0000000000000246 R12: 0000000000000001 [ 25.667608][ C0] R13: 0000000000001388 R14: 0000000000000001 R15: 00007ffcc01b8f70 [ 25.675426][ C0] [ 25.677596][ C0] The buggy address belongs to the page: [ 25.683279][ C0] page:ffffea0007a579c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 25.692209][ C0] flags: 0x8000000000000000() [ 25.696714][ C0] raw: 8000000000000000 0000000000000000 ffffea0007a579c8 0000000000000000 [ 25.705146][ C0] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 25.713547][ C0] page dumped because: kasan: bad access detected [ 25.719810][ C0] page_owner tracks the page as allocated [ 25.725353][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT) [ 25.736906][ C0] prep_new_page+0x18f/0x370 [ 25.741325][ C0] get_page_from_freelist+0x2d13/0x2d90 [ 25.746791][ C0] __alloc_pages_nodemask+0x393/0x840 [ 25.752000][ C0] dup_task_struct+0x85/0x600 [ 25.756524][ C0] copy_process+0x56d/0x3230 [ 25.760939][ C0] _do_fork+0x197/0x900 [ 25.764930][ C0] __x64_sys_clone+0x26b/0x2c0 [ 25.769724][ C0] do_syscall_64+0xca/0x1c0 [ 25.774048][ C0] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 25.779767][ C0] page last free stack trace: [ 25.784291][ C0] __free_pages_ok+0x847/0x950 [ 25.788896][ C0] __free_pages+0x91/0x140 [ 25.793145][ C0] __free_slab+0x221/0x2e0 [ 25.793822][ T23] audit: type=1400 audit(1719775485.220:143): avc: denied { unmount } for pid=350 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 25.797396][ C0] unfreeze_partials+0x14e/0x180 [ 25.797405][ C0] put_cpu_partial+0x44/0x180 [ 25.797413][ C0] __slab_free+0x297/0x360 [ 25.797427][ C0] qlist_free_all+0x43/0xb0 [ 25.834543][ C0] quarantine_reduce+0x1d9/0x210 [ 25.839311][ C0] __kasan_kmalloc+0x41/0x210 [ 25.843908][ C0] kmem_cache_alloc+0xd9/0x250 [ 25.848510][ C0] getname_flags+0xb8/0x4e0 [ 25.852848][ C0] user_path_at_empty+0x28/0x50 [ 25.857537][ C0] vfs_statx+0x115/0x210 [ 25.861683][ C0] __se_sys_newfstatat+0xce/0x770 [ 25.866565][ C0] do_syscall_64+0xca/0x1c0 [ 25.870914][ C0] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 25.876638][ C0] [ 25.878804][ C0] addr ffff8881e95e79a0 is located in stack of task syz-executor/543 at offset 0 in frame: [ 25.888729][ C0] _raw_spin_lock+0x0/0x1b0 [ 25.893085][ C0] [ 25.895229][ C0] this frame has 1 object: [ 25.899523][ C0] [32, 36) 'val.i.i.i' [ 25.899525][ C0] [ 25.905649][ C0] Memory state around the buggy address: [ 25.911122][ C0] ffff8881e95e7880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.919063][ C0] ffff8881e95e7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.926921][ C0] >ffff8881e95e7980: 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 [ 25.934815][ C0] ^ [ 25.939762][ C0] ffff8881e95e7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.947678][ C0] ffff8881e95e7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.955678][ C0] ================================================================== [ 25.963677][ C0] Disabling lock debugging due to kernel taint [ 26.028499][ T23] audit: type=1400 audit(1719775485.460:144): avc: denied { create } for pid=556 comm="syz.1.79" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 26.051632][ T23] audit: type=1400 audit(1719775485.480:145): avc: denied { setopt } for pid=556 comm="syz.1.79" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 26.072219][ T23] audit: type=1400 audit(1719775485.500:146): avc: denied { name_bind } for pid=556 comm="syz.1.79" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1