syzkaller login: [ 269.963329][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 270.037341][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 306.685113][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:21873' (ECDSA) to the list of known hosts. 1970/01/01 00:05:48 fuzzer started 1970/01/01 00:06:01 dialing manager at localhost:46307 [ 366.978433][ T2043] cgroup: Unknown subsys name 'net' [ 368.175422][ T2043] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:08 syscalls: 2918 1970/01/01 00:06:08 code coverage: enabled 1970/01/01 00:06:08 comparison tracing: enabled 1970/01/01 00:06:08 extra coverage: enabled 1970/01/01 00:06:08 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:08 setuid sandbox: enabled 1970/01/01 00:06:08 namespace sandbox: enabled 1970/01/01 00:06:08 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:08 fault injection: enabled 1970/01/01 00:06:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:08 net packet injection: enabled 1970/01/01 00:06:08 net device setup: enabled 1970/01/01 00:06:08 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:08 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:08 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:08 USB emulation: enabled 1970/01/01 00:06:08 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:08 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:08 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:08 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:12 fetching corpus: 50, signal 26370/29864 (executing program) 1970/01/01 00:06:20 fetching corpus: 100, signal 49517/54157 (executing program) 1970/01/01 00:06:23 fetching corpus: 149, signal 57854/63747 (executing program) 1970/01/01 00:06:27 fetching corpus: 199, signal 63609/70740 (executing program) 1970/01/01 00:06:29 fetching corpus: 249, signal 67615/75933 (executing program) 1970/01/01 00:06:32 fetching corpus: 299, signal 71638/81097 (executing program) 1970/01/01 00:06:35 fetching corpus: 349, signal 75256/85777 (executing program) 1970/01/01 00:06:38 fetching corpus: 399, signal 78360/89899 (executing program) 1970/01/01 00:06:40 fetching corpus: 449, signal 81600/94123 (executing program) 1970/01/01 00:06:43 fetching corpus: 498, signal 85686/99095 (executing program) 1970/01/01 00:06:46 fetching corpus: 547, signal 89327/103560 (executing program) 1970/01/01 00:06:48 fetching corpus: 596, signal 91699/106825 (executing program) 1970/01/01 00:06:51 fetching corpus: 645, signal 94112/110104 (executing program) 1970/01/01 00:06:54 fetching corpus: 694, signal 96987/113737 (executing program) 1970/01/01 00:06:56 fetching corpus: 744, signal 99318/116827 (executing program) 1970/01/01 00:06:58 fetching corpus: 793, signal 101139/119495 (executing program) 1970/01/01 00:07:00 fetching corpus: 843, signal 103959/122977 (executing program) 1970/01/01 00:07:02 fetching corpus: 892, signal 106076/125768 (executing program) 1970/01/01 00:07:11 fetching corpus: 942, signal 107647/128106 (executing program) 1970/01/01 00:07:13 fetching corpus: 990, signal 108653/129973 (executing program) 1970/01/01 00:07:17 fetching corpus: 1040, signal 112066/133693 (executing program) 1970/01/01 00:07:20 fetching corpus: 1089, signal 113799/136021 (executing program) 1970/01/01 00:07:22 fetching corpus: 1139, signal 114898/137876 (executing program) 1970/01/01 00:07:24 fetching corpus: 1189, signal 116681/140290 (executing program) 1970/01/01 00:07:26 fetching corpus: 1239, signal 118612/142680 (executing program) 1970/01/01 00:07:29 fetching corpus: 1289, signal 120558/145046 (executing program) 1970/01/01 00:07:31 fetching corpus: 1338, signal 122462/147359 (executing program) 1970/01/01 00:07:37 fetching corpus: 1388, signal 123601/149112 (executing program) 1970/01/01 00:07:40 fetching corpus: 1438, signal 124830/150878 (executing program) 1970/01/01 00:07:45 fetching corpus: 1486, signal 126024/152602 (executing program) 1970/01/01 00:07:50 fetching corpus: 1534, signal 127087/154234 (executing program) 1970/01/01 00:07:54 fetching corpus: 1584, signal 128368/155978 (executing program) 1970/01/01 00:07:57 fetching corpus: 1633, signal 129787/157803 (executing program) 1970/01/01 00:08:00 fetching corpus: 1683, signal 131227/159623 (executing program) 1970/01/01 00:08:02 fetching corpus: 1733, signal 132225/161177 (executing program) 1970/01/01 00:08:05 fetching corpus: 1782, signal 133388/162697 (executing program) 1970/01/01 00:08:08 fetching corpus: 1831, signal 134592/164251 (executing program) 1970/01/01 00:08:10 fetching corpus: 1881, signal 136395/166169 (executing program) 1970/01/01 00:08:13 fetching corpus: 1931, signal 137711/167754 (executing program) 1970/01/01 00:08:17 fetching corpus: 1981, signal 138952/169234 (executing program) 1970/01/01 00:08:19 fetching corpus: 2031, signal 139991/170644 (executing program) 1970/01/01 00:08:22 fetching corpus: 2081, signal 141340/172191 (executing program) 1970/01/01 00:08:24 fetching corpus: 2130, signal 142110/173362 (executing program) 1970/01/01 00:08:27 fetching corpus: 2180, signal 143066/174646 (executing program) 1970/01/01 00:08:29 fetching corpus: 2230, signal 143803/175793 (executing program) 1970/01/01 00:08:32 fetching corpus: 2279, signal 144529/176922 (executing program) 1970/01/01 00:08:33 fetching corpus: 2329, signal 145537/178136 (executing program) 1970/01/01 00:08:35 fetching corpus: 2379, signal 146514/179358 (executing program) 1970/01/01 00:08:37 fetching corpus: 2429, signal 147330/180427 (executing program) 1970/01/01 00:08:40 fetching corpus: 2479, signal 148487/181705 (executing program) 1970/01/01 00:08:43 fetching corpus: 2529, signal 149819/183046 (executing program) 1970/01/01 00:08:45 fetching corpus: 2579, signal 150764/184220 (executing program) 1970/01/01 00:08:47 fetching corpus: 2629, signal 151987/185500 (executing program) 1970/01/01 00:08:51 fetching corpus: 2679, signal 153984/187192 (executing program) 1970/01/01 00:08:52 fetching corpus: 2728, signal 155369/188481 (executing program) 1970/01/01 00:08:54 fetching corpus: 2777, signal 156191/189454 (executing program) 1970/01/01 00:08:57 fetching corpus: 2826, signal 156969/190378 (executing program) 1970/01/01 00:08:59 fetching corpus: 2876, signal 157918/191387 (executing program) 1970/01/01 00:09:02 fetching corpus: 2926, signal 158959/192438 (executing program) 1970/01/01 00:09:05 fetching corpus: 2976, signal 159738/193347 (executing program) 1970/01/01 00:09:08 fetching corpus: 3024, signal 160715/194303 (executing program) 1970/01/01 00:09:11 fetching corpus: 3073, signal 161523/195194 (executing program) 1970/01/01 00:09:13 fetching corpus: 3123, signal 162992/196338 (executing program) 1970/01/01 00:09:54 fetching corpus: 3172, signal 164273/197411 (executing program) 1970/01/01 00:09:57 fetching corpus: 3215, signal 165160/198347 (executing program) 1970/01/01 00:10:00 fetching corpus: 3264, signal 166289/199289 (executing program) 1970/01/01 00:10:04 fetching corpus: 3313, signal 167074/200100 (executing program) 1970/01/01 00:10:09 fetching corpus: 3363, signal 167796/200847 (executing program) 1970/01/01 00:10:11 fetching corpus: 3410, signal 168501/201536 (executing program) 1970/01/01 00:10:13 fetching corpus: 3460, signal 169518/202372 (executing program) 1970/01/01 00:10:16 fetching corpus: 3510, signal 170263/203118 (executing program) 1970/01/01 00:10:18 fetching corpus: 3560, signal 171017/203820 (executing program) 1970/01/01 00:10:21 fetching corpus: 3608, signal 171737/204524 (executing program) 1970/01/01 00:10:22 fetching corpus: 3658, signal 172330/205169 (executing program) 1970/01/01 00:10:25 fetching corpus: 3708, signal 173129/205839 (executing program) 1970/01/01 00:10:27 fetching corpus: 3756, signal 173636/206411 (executing program) 1970/01/01 00:10:30 fetching corpus: 3806, signal 174792/207161 (executing program) 1970/01/01 00:10:32 fetching corpus: 3855, signal 176733/208092 (executing program) 1970/01/01 00:10:35 fetching corpus: 3903, signal 177350/208644 (executing program) 1970/01/01 00:10:38 fetching corpus: 3952, signal 178246/209265 (executing program) 1970/01/01 00:10:41 fetching corpus: 4002, signal 178845/209804 (executing program) 1970/01/01 00:10:43 fetching corpus: 4052, signal 179379/210297 (executing program) 1970/01/01 00:10:46 fetching corpus: 4102, signal 180047/210831 (executing program) 1970/01/01 00:10:50 fetching corpus: 4152, signal 180572/211292 (executing program) 1970/01/01 00:10:52 fetching corpus: 4201, signal 181271/211798 (executing program) 1970/01/01 00:10:55 fetching corpus: 4251, signal 182089/212297 (executing program) 1970/01/01 00:10:58 fetching corpus: 4301, signal 183075/212862 (executing program) 1970/01/01 00:11:00 fetching corpus: 4351, signal 183601/213314 (executing program) 1970/01/01 00:11:02 fetching corpus: 4401, signal 184277/213773 (executing program) 1970/01/01 00:11:05 fetching corpus: 4450, signal 185170/214267 (executing program) 1970/01/01 00:11:07 fetching corpus: 4500, signal 185758/214683 (executing program) 1970/01/01 00:11:09 fetching corpus: 4549, signal 186336/215134 (executing program) 1970/01/01 00:11:12 fetching corpus: 4598, signal 186896/215554 (executing program) 1970/01/01 00:11:16 fetching corpus: 4647, signal 187728/215972 (executing program) 1970/01/01 00:11:19 fetching corpus: 4697, signal 188271/216343 (executing program) 1970/01/01 00:11:22 fetching corpus: 4746, signal 189125/216758 (executing program) 1970/01/01 00:11:24 fetching corpus: 4795, signal 189873/217143 (executing program) 1970/01/01 00:11:27 fetching corpus: 4844, signal 190538/217506 (executing program) 1970/01/01 00:11:29 fetching corpus: 4894, signal 191000/217844 (executing program) 1970/01/01 00:11:31 fetching corpus: 4944, signal 191530/218163 (executing program) 1970/01/01 00:11:34 fetching corpus: 4994, signal 192042/218456 (executing program) 1970/01/01 00:11:37 fetching corpus: 5044, signal 192679/218738 (executing program) 1970/01/01 00:11:39 fetching corpus: 5094, signal 193819/219055 (executing program) 1970/01/01 00:11:42 fetching corpus: 5143, signal 194424/219315 (executing program) 1970/01/01 00:11:45 fetching corpus: 5192, signal 194888/219599 (executing program) 1970/01/01 00:11:46 fetching corpus: 5242, signal 195305/219861 (executing program) 1970/01/01 00:11:48 fetching corpus: 5292, signal 195704/220143 (executing program) 1970/01/01 00:11:50 fetching corpus: 5342, signal 196216/220359 (executing program) 1970/01/01 00:11:52 fetching corpus: 5391, signal 196675/220601 (executing program) 1970/01/01 00:11:54 fetching corpus: 5441, signal 197130/220682 (executing program) 1970/01/01 00:11:56 fetching corpus: 5490, signal 197672/220696 (executing program) 1970/01/01 00:11:59 fetching corpus: 5540, signal 198239/220703 (executing program) 1970/01/01 00:12:01 fetching corpus: 5590, signal 198880/220703 (executing program) 1970/01/01 00:12:04 fetching corpus: 5639, signal 199387/220703 (executing program) 1970/01/01 00:12:07 fetching corpus: 5689, signal 199827/220717 (executing program) 1970/01/01 00:12:10 fetching corpus: 5739, signal 200413/220732 (executing program) 1970/01/01 00:12:12 fetching corpus: 5788, signal 201081/220766 (executing program) 1970/01/01 00:12:14 fetching corpus: 5837, signal 201452/220766 (executing program) 1970/01/01 00:12:18 fetching corpus: 5887, signal 201852/220769 (executing program) 1970/01/01 00:12:23 fetching corpus: 5936, signal 202369/220769 (executing program) 1970/01/01 00:12:26 fetching corpus: 5984, signal 202903/220779 (executing program) 1970/01/01 00:12:29 fetching corpus: 6034, signal 203199/220781 (executing program) 1970/01/01 00:12:31 fetching corpus: 6084, signal 203791/220781 (executing program) 1970/01/01 00:12:34 fetching corpus: 6133, signal 204228/220781 (executing program) 1970/01/01 00:12:36 fetching corpus: 6182, signal 204658/220781 (executing program) 1970/01/01 00:12:38 fetching corpus: 6232, signal 205188/220784 (executing program) 1970/01/01 00:12:42 fetching corpus: 6282, signal 205638/220784 (executing program) 1970/01/01 00:12:44 fetching corpus: 6332, signal 206051/220840 (executing program) 1970/01/01 00:12:46 fetching corpus: 6381, signal 206423/220843 (executing program) 1970/01/01 00:12:48 fetching corpus: 6430, signal 206806/220843 (executing program) 1970/01/01 00:12:50 fetching corpus: 6480, signal 207151/220843 (executing program) 1970/01/01 00:12:52 fetching corpus: 6529, signal 207566/220845 (executing program) 1970/01/01 00:12:55 fetching corpus: 6578, signal 208007/220870 (executing program) 1970/01/01 00:13:36 fetching corpus: 6628, signal 208475/220870 (executing program) 1970/01/01 00:13:38 fetching corpus: 6669, signal 208886/220980 (executing program) 1970/01/01 00:13:40 fetching corpus: 6719, signal 209379/221000 (executing program) 1970/01/01 00:13:44 fetching corpus: 6769, signal 210010/221000 (executing program) 1970/01/01 00:13:48 fetching corpus: 6819, signal 210445/221000 (executing program) 1970/01/01 00:13:54 fetching corpus: 6868, signal 210809/221038 (executing program) 1970/01/01 00:13:59 fetching corpus: 6918, signal 211496/221039 (executing program) 1970/01/01 00:14:01 fetching corpus: 6967, signal 212090/221047 (executing program) 1970/01/01 00:14:04 fetching corpus: 7017, signal 212612/221063 (executing program) 1970/01/01 00:14:06 fetching corpus: 7067, signal 213358/221063 (executing program) 1970/01/01 00:14:11 fetching corpus: 7116, signal 213721/221092 (executing program) 1970/01/01 00:14:14 fetching corpus: 7165, signal 214301/221092 (executing program) 1970/01/01 00:14:16 fetching corpus: 7214, signal 214761/221093 (executing program) 1970/01/01 00:14:19 fetching corpus: 7264, signal 215149/221101 (executing program) 1970/01/01 00:14:21 fetching corpus: 7311, signal 215562/221101 (executing program) 1970/01/01 00:14:23 fetching corpus: 7360, signal 216208/221101 (executing program) 1970/01/01 00:14:27 fetching corpus: 7409, signal 216555/221115 (executing program) 1970/01/01 00:14:32 fetching corpus: 7459, signal 217223/221115 (executing program) 1970/01/01 00:14:35 fetching corpus: 7509, signal 217599/221118 (executing program) 1970/01/01 00:14:38 fetching corpus: 7558, signal 218081/221119 (executing program) 1970/01/01 00:14:42 fetching corpus: 7608, signal 218437/221119 (executing program) 1970/01/01 00:14:43 fetching corpus: 7656, signal 218886/221143 (executing program) 1970/01/01 00:14:45 fetching corpus: 7676, signal 219079/221143 (executing program) 1970/01/01 00:14:45 fetching corpus: 7676, signal 219081/221143 (executing program) 1970/01/01 00:14:45 fetching corpus: 7676, signal 219081/221164 (executing program) 1970/01/01 00:14:45 fetching corpus: 7676, signal 219081/221164 (executing program) 1970/01/01 00:15:58 starting 2 fuzzer processes 00:15:58 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='pstore\x00', 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 00:15:58 executing program 1: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40002, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000013a00)) [ 988.125174][ T2062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 988.307320][ T2063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 988.394229][ T2062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 988.483874][ T2063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1000.454790][ T2062] device hsr_slave_0 entered promiscuous mode [ 1000.527948][ T2062] device hsr_slave_1 entered promiscuous mode [ 1002.477956][ T2063] device hsr_slave_0 entered promiscuous mode [ 1002.512577][ T2063] device hsr_slave_1 entered promiscuous mode [ 1002.603947][ T2063] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1002.622642][ T2063] Cannot create hsr debugfs directory [ 1010.964730][ T2062] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1011.182703][ T2062] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1011.316777][ T2062] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1012.042325][ T2062] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1013.516783][ T2063] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1013.898210][ T2063] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1014.086620][ T2063] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1014.242172][ T2063] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1026.925940][ T2062] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1027.331347][ T2063] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1027.901724][ T2293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1027.988339][ T2293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1029.035530][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1029.131426][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1036.966791][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1037.036764][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1037.178482][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1037.223964][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1037.594031][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1037.633239][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1037.654512][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1037.708548][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1038.146500][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1038.248116][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1038.582468][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1038.616664][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1039.743916][ T2127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1039.795310][ T2127] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1040.018583][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1040.056768][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1040.298493][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1040.341452][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1040.787184][ T2063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1040.941864][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1040.994953][ T2670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1041.308315][ T2062] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1047.874292][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1047.877736][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1048.248110][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1048.256021][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1071.852631][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1071.968395][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1073.928170][ T2127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1074.003629][ T2127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1084.596326][ T2127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1084.667004][ T2127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1084.793631][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1084.832756][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1085.081638][ T2062] device veth0_vlan entered promiscuous mode [ 1085.458539][ T2704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1085.662308][ T2704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1085.858205][ T2704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1085.905875][ T2704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1086.222042][ T2062] device veth1_vlan entered promiscuous mode [ 1086.341975][ T2063] device veth0_vlan entered promiscuous mode [ 1087.188287][ T2063] device veth1_vlan entered promiscuous mode [ 1088.145769][ T2749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1088.216144][ T2749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1088.516125][ T2062] device veth0_macvtap entered promiscuous mode [ 1088.985448][ T2062] device veth1_macvtap entered promiscuous mode [ 1089.365042][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1089.443073][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1089.463997][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1089.874507][ T2063] device veth0_macvtap entered promiscuous mode [ 1090.314845][ T2063] device veth1_macvtap entered promiscuous mode [ 1090.510229][ T2704] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1090.563568][ T2704] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1090.593682][ T2704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1090.835609][ T2704] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1090.884099][ T2704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1091.229903][ T2062] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1091.233416][ T2062] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1091.235048][ T2062] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1091.236634][ T2062] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1092.246371][ T2749] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1092.285872][ T2749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1092.728186][ T2749] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1092.778251][ T2749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1093.328438][ T2063] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1093.333086][ T2063] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1093.336598][ T2063] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1093.354881][ T2063] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:18:20 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='pstore\x00', 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 00:18:22 executing program 1: getpid() capset(0x0, &(0x7f0000000140)={0x0, 0x0, 0x5, 0x1000, 0xfffffffe, 0xd0}) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x100000, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) r0 = getpid() r1 = getpid() tgkill(r1, r0, 0x20) pidfd_open(0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/if_inet6\x00') sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000001000)=ANY=[@ANYBLOB], 0x438}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) 00:18:24 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='pstore\x00', 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 00:18:26 executing program 1: getpid() capset(0x0, &(0x7f0000000140)={0x0, 0x0, 0x5, 0x1000, 0xfffffffe, 0xd0}) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x100000, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) r0 = getpid() r1 = getpid() tgkill(r1, r0, 0x20) pidfd_open(0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/if_inet6\x00') sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000001000)=ANY=[@ANYBLOB], 0x438}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) 00:18:28 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='pstore\x00', 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 00:18:30 executing program 1: getpid() capset(0x0, &(0x7f0000000140)={0x0, 0x0, 0x5, 0x1000, 0xfffffffe, 0xd0}) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x100000, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) r0 = getpid() r1 = getpid() tgkill(r1, r0, 0x20) pidfd_open(0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/if_inet6\x00') sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000001000)=ANY=[@ANYBLOB], 0x438}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) 00:18:37 executing program 1: getpid() capset(0x0, &(0x7f0000000140)={0x0, 0x0, 0x5, 0x1000, 0xfffffffe, 0xd0}) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x100000, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) r0 = getpid() r1 = getpid() tgkill(r1, r0, 0x20) pidfd_open(0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/if_inet6\x00') sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000001000)=ANY=[@ANYBLOB], 0x438}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) 00:18:37 executing program 0: getpid() capset(0x0, &(0x7f0000000140)={0x0, 0x0, 0x5, 0x1000, 0xfffffffe, 0xd0}) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x100000, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) r0 = getpid() r1 = getpid() tgkill(r1, r0, 0x20) pidfd_open(0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/if_inet6\x00') sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000001000)=ANY=[@ANYBLOB], 0x438}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) 00:18:39 executing program 0: getpid() capset(0x0, &(0x7f0000000140)={0x0, 0x0, 0x5, 0x1000, 0xfffffffe, 0xd0}) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x100000, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) r0 = getpid() r1 = getpid() tgkill(r1, r0, 0x20) pidfd_open(0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/if_inet6\x00') sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000001000)=ANY=[@ANYBLOB], 0x438}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) 00:18:43 executing program 1: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000006640)='/proc/keys\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020) 00:18:45 executing program 0: getpid() capset(0x0, &(0x7f0000000140)={0x0, 0x0, 0x5, 0x1000, 0xfffffffe, 0xd0}) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x100000, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) r0 = getpid() r1 = getpid() tgkill(r1, r0, 0x20) pidfd_open(0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/if_inet6\x00') sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000001000)=ANY=[@ANYBLOB], 0x438}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) 00:18:47 executing program 1: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000006640)='/proc/keys\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020) 00:18:51 executing program 1: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000006640)='/proc/keys\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020) 00:18:53 executing program 0: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$packet(0x11, 0x2, 0x300) bind$packet(r1, &(0x7f0000000000)={0x11, 0x18, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) 00:18:55 executing program 1: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000006640)='/proc/keys\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020) 00:18:56 executing program 0: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$packet(0x11, 0x2, 0x300) bind$packet(r1, &(0x7f0000000000)={0x11, 0x18, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) 00:18:59 executing program 1: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$packet(0x11, 0x2, 0x300) bind$packet(r1, &(0x7f0000000000)={0x11, 0x18, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) 00:19:01 executing program 0: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$packet(0x11, 0x2, 0x300) bind$packet(r1, &(0x7f0000000000)={0x11, 0x18, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) 00:19:02 executing program 1: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$packet(0x11, 0x2, 0x300) bind$packet(r1, &(0x7f0000000000)={0x11, 0x18, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) 00:19:03 executing program 0: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$packet(0x11, 0x2, 0x300) bind$packet(r1, &(0x7f0000000000)={0x11, 0x18, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) 00:19:05 executing program 1: r0 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000) r1 = socket$packet(0x11, 0x2, 0x300) bind$packet(r1, &(0x7f0000000000)={0x11, 0x18, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) 00:19:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000001100), 0x0, 0x0) ioctl$TIOCGSOFTCAR(r0, 0x540f, &(0x7f00000010c0)) 00:19:11 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000001100), 0x0, 0x0) ioctl$TIOCGSOFTCAR(r0, 0x540f, &(0x7f00000010c0)) 00:19:11 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@call]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:19:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@call]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:19:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000001100), 0x0, 0x0) ioctl$TIOCGSOFTCAR(r0, 0x540f, &(0x7f00000010c0)) 00:19:16 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@call]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:19:19 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@call]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:19:19 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000001100), 0x0, 0x0) ioctl$TIOCGSOFTCAR(r0, 0x540f, &(0x7f00000010c0)) 00:19:25 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, 0x0, 0x0) 00:19:25 executing program 0: r0 = syz_io_uring_setup(0x76a9, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x119, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000280)=0x0, &(0x7f0000000080)=0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000140)=""/91, 0x5b}, 0x0) r4 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r4, &(0x7f0000000100)='mnt\x00') utimensat(r4, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000040)=[r4], 0x1) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) r5 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r5, &(0x7f0000000100)='mnt\x00') 00:19:28 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, 0x0, 0x0) 00:19:30 executing program 0: r0 = syz_io_uring_setup(0x76a9, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x119, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000280)=0x0, &(0x7f0000000080)=0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000140)=""/91, 0x5b}, 0x0) r4 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r4, &(0x7f0000000100)='mnt\x00') utimensat(r4, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000040)=[r4], 0x1) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) r5 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r5, &(0x7f0000000100)='mnt\x00') 00:19:33 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, 0x0, 0x0) 00:19:37 executing program 0: r0 = syz_io_uring_setup(0x76a9, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x119, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000280)=0x0, &(0x7f0000000080)=0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000140)=""/91, 0x5b}, 0x0) r4 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r4, &(0x7f0000000100)='mnt\x00') utimensat(r4, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000040)=[r4], 0x1) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) r5 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r5, &(0x7f0000000100)='mnt\x00') 00:19:40 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, 0x0, 0x0) 00:19:44 executing program 0: r0 = syz_io_uring_setup(0x76a9, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x119, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000280)=0x0, &(0x7f0000000080)=0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000140)=""/91, 0x5b}, 0x0) r4 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r4, &(0x7f0000000100)='mnt\x00') utimensat(r4, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000040)=[r4], 0x1) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) r5 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r5, &(0x7f0000000100)='mnt\x00') 00:19:45 executing program 1: r0 = syz_io_uring_setup(0x76a9, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x119, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000280)=0x0, &(0x7f0000000080)=0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000140)=""/91, 0x5b}, 0x0) r4 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r4, &(0x7f0000000100)='mnt\x00') utimensat(r4, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000040)=[r4], 0x1) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) r5 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r5, &(0x7f0000000100)='mnt\x00') 00:19:52 executing program 1: r0 = syz_io_uring_setup(0x76a9, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x119, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000280)=0x0, &(0x7f0000000080)=0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000140)=""/91, 0x5b}, 0x0) r4 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r4, &(0x7f0000000100)='mnt\x00') utimensat(r4, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000040)=[r4], 0x1) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) r5 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r5, &(0x7f0000000100)='mnt\x00') 00:19:53 executing program 0: r0 = syz_io_uring_setup(0x76a9, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x119, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000280)=0x0, &(0x7f0000000080)=0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000140)=""/91, 0x5b}, 0x0) r4 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r4, &(0x7f0000000100)='mnt\x00') utimensat(r4, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000040)=[r4], 0x1) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) r5 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r5, &(0x7f0000000100)='mnt\x00') 00:19:56 executing program 0: r0 = syz_io_uring_setup(0x76a9, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x119, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000280)=0x0, &(0x7f0000000080)=0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000140)=""/91, 0x5b}, 0x0) r4 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r4, &(0x7f0000000100)='mnt\x00') utimensat(r4, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000040)=[r4], 0x1) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) r5 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r5, &(0x7f0000000100)='mnt\x00') 00:19:57 executing program 1: r0 = syz_io_uring_setup(0x76a9, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x119, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000280)=0x0, &(0x7f0000000080)=0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000140)=""/91, 0x5b}, 0x0) r4 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r4, &(0x7f0000000100)='mnt\x00') utimensat(r4, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000040)=[r4], 0x1) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) r5 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r5, &(0x7f0000000100)='mnt\x00') 00:20:01 executing program 0: r0 = syz_io_uring_setup(0x76a9, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x119, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000280)=0x0, &(0x7f0000000080)=0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4002, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r3, 0x0, &(0x7f0000000140)=""/91, 0x5b}, 0x0) r4 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r4, &(0x7f0000000100)='mnt\x00') utimensat(r4, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000040)=[r4], 0x1) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) r5 = syz_mount_image$tmpfs(&(0x7f0000000280), &(0x7f0000000640)='mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]) symlinkat(&(0x7f00000000c0)='.\x00', r5, &(0x7f0000000100)='mnt\x00') 00:20:02 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, 0x0, 0x0) 00:20:05 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, 0x0, 0x0) 00:20:07 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpid() process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:20:08 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, 0x0, 0x0) 00:20:09 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpid() process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:20:12 executing program 1: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) 00:20:13 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpid() process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:20:15 executing program 1: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) 00:20:16 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpid() process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:20:18 executing program 1: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) 00:20:19 executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) 00:20:21 executing program 1: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) 00:20:23 executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) 00:20:26 executing program 1: setuid(0xee00) setresgid(0x0, 0xee01, 0x0) 00:20:26 executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) 00:20:29 executing program 1: setuid(0xee00) setresgid(0x0, 0xee01, 0x0) 00:20:32 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000200)='u', 0x34000, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) shutdown(r0, 0x1) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/96, 0xff04}], 0x1) 00:20:32 executing program 1: setuid(0xee00) setresgid(0x0, 0xee01, 0x0) 00:20:36 executing program 1: setuid(0xee00) setresgid(0x0, 0xee01, 0x0) 00:20:37 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000200)='u', 0x34000, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) shutdown(r0, 0x1) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/96, 0xff04}], 0x1) 00:20:40 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000200)='u', 0x34000, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) shutdown(r0, 0x1) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/96, 0xff04}], 0x1) 00:20:41 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000200)='u', 0x34000, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) shutdown(r0, 0x1) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/96, 0xff04}], 0x1) 00:20:44 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000200)='u', 0x34000, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) shutdown(r0, 0x1) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/96, 0xff04}], 0x1) 00:20:45 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000200)='u', 0x34000, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) shutdown(r0, 0x1) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/96, 0xff04}], 0x1) 00:20:48 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000200)='u', 0x34000, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) shutdown(r0, 0x1) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/96, 0xff04}], 0x1) 00:20:49 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000200)='u', 0x34000, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) shutdown(r0, 0x1) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/96, 0xff04}], 0x1) 00:20:52 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000200)='u', 0x34000, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) shutdown(r0, 0x1) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/96, 0xff04}], 0x1) 00:20:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x70, 0x0, 0x9, 0x201, 0x0, 0x0, {}, [@NFCTH_PRIV_DATA_LEN={0x8}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast1}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}]}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8}}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x70}}, 0x0) [ 1256.803087][ T2904] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 1256.806628][ T2904] netlink: 'syz-executor.1': attribute type 1 has an invalid length. 00:20:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x70, 0x0, 0x9, 0x201, 0x0, 0x0, {}, [@NFCTH_PRIV_DATA_LEN={0x8}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast1}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}]}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8}}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x70}}, 0x0) 00:20:58 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000200)='u', 0x34000, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) shutdown(r0, 0x1) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/96, 0xff04}], 0x1) [ 1259.565413][ T2907] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 1259.566969][ T2907] netlink: 'syz-executor.1': attribute type 1 has an invalid length. 00:20:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x70, 0x0, 0x9, 0x201, 0x0, 0x0, {}, [@NFCTH_PRIV_DATA_LEN={0x8}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast1}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}]}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8}}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x70}}, 0x0) [ 1263.093108][ T2912] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 1263.094586][ T2912] netlink: 'syz-executor.1': attribute type 1 has an invalid length. 00:21:03 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x70, 0x0, 0x9, 0x201, 0x0, 0x0, {}, [@NFCTH_PRIV_DATA_LEN={0x8}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast1}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}]}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8}}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x70}}, 0x0) [ 1267.744029][ T2914] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 1267.745304][ T2914] netlink: 'syz-executor.1': attribute type 1 has an invalid length. 00:21:06 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, 0x3, 0x7, 0x801}, 0x14}}, 0x0) 00:21:09 executing program 1: sigaltstack(&(0x7f00000024c0)={0x0, 0x0, 0xfffffffffffffe97}, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) 00:21:10 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, 0x3, 0x7, 0x801}, 0x14}}, 0x0) 00:21:11 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet_sctp(r0, &(0x7f0000002cc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@init={0x18, 0x84, 0x2}], 0x18}], 0x1, 0x0) 00:21:12 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, 0x3, 0x7, 0x801}, 0x14}}, 0x0) 00:21:15 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet_sctp(r0, &(0x7f0000002cc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@init={0x18, 0x84, 0x2}], 0x18}], 0x1, 0x0) 00:21:15 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, 0x3, 0x7, 0x801}, 0x14}}, 0x0) 00:21:19 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x9) sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f0000001440)={0x14, 0xa, 0xa, 0x5}, 0x14}}, 0x0) 00:21:19 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet_sctp(r0, &(0x7f0000002cc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@init={0x18, 0x84, 0x2}], 0x18}], 0x1, 0x0) 00:21:21 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x9) sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f0000001440)={0x14, 0xa, 0xa, 0x5}, 0x14}}, 0x0) 00:21:23 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet_sctp(r0, &(0x7f0000002cc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@init={0x18, 0x84, 0x2}], 0x18}], 0x1, 0x0) 00:21:25 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x9) sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f0000001440)={0x14, 0xa, 0xa, 0x5}, 0x14}}, 0x0) 00:21:27 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000700)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}, &(0x7f0000000740)=0x18) 00:21:28 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x9) sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={&(0x7f0000001440)={0x14, 0xa, 0xa, 0x5}, 0x14}}, 0x0) 00:21:30 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000700)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}, &(0x7f0000000740)=0x18) 00:21:32 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) 00:21:33 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000700)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}, &(0x7f0000000740)=0x18) 00:21:37 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) 00:21:39 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000700)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}, &(0x7f0000000740)=0x18) 00:21:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) 00:21:45 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 00:21:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) 00:21:51 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-256\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) recvfrom$l2tp(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 00:21:55 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@ipv6_getroute={0x2c, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8}, @RTA_UID={0x4, 0x19, 0xee01}]}, 0x2c}}, 0x0) 00:21:56 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-256\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) recvfrom$l2tp(r1, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1317.887577][ T2962] netlink: 'syz-executor.0': attribute type 25 has an invalid length. 00:21:58 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@ipv6_getroute={0x2c, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8}, @RTA_UID={0x4, 0x19, 0xee01}]}, 0x2c}}, 0x0) [ 1320.994451][ T2966] netlink: 'syz-executor.0': attribute type 25 has an invalid length. 00:21:59 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-256\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) recvfrom$l2tp(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 00:22:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@ipv6_getroute={0x2c, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8}, @RTA_UID={0x4, 0x19, 0xee01}]}, 0x2c}}, 0x0) 00:22:03 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-256\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) recvfrom$l2tp(r1, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1325.325090][ T2970] netlink: 'syz-executor.0': attribute type 25 has an invalid length. 00:22:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@ipv6_getroute={0x2c, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8}, @RTA_UID={0x4, 0x19, 0xee01}]}, 0x2c}}, 0x0) 00:22:07 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-256\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) recvfrom$l2tp(r1, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1329.971827][ T2974] netlink: 'syz-executor.0': attribute type 25 has an invalid length. 00:22:11 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-256\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) recvfrom$l2tp(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 00:22:11 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/xfrm_stat\x00') read$FUSE(r0, &(0x7f0000000240)={0x2020}, 0x2020) 00:22:14 executing program 0: prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000ffb000/0x3000)=nil) 00:22:15 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-256\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) recvfrom$l2tp(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 00:22:17 executing program 0: prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000ffb000/0x3000)=nil) 00:22:19 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x4, &(0x7f0000000640)=@framed={{}, [@alu={0x5, 0x0, 0x7}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:22:20 executing program 0: prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000ffb000/0x3000)=nil) 00:22:22 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x4, &(0x7f0000000640)=@framed={{}, [@alu={0x5, 0x0, 0x7}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:22:24 executing program 0: prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000ffb000/0x3000)=nil) 00:22:26 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x4, &(0x7f0000000640)=@framed={{}, [@alu={0x5, 0x0, 0x7}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:22:28 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x541b, 0x0) 00:22:29 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x4, &(0x7f0000000640)=@framed={{}, [@alu={0x5, 0x0, 0x7}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:22:32 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x541b, 0x0) 00:22:33 executing program 1: syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount_setattr(0xffffffffffffffff, &(0x7f00000008c0)='./file0\x00', 0xb000, &(0x7f0000000900)={0x0, 0x72, 0x80000}, 0x20) mount(0x0, &(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000000)='binfmt_misc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x4d0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) ftruncate(r1, 0x4d0) r2 = syz_genetlink_get_family_id$fou(&(0x7f00000002c0), r0) sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000a00)=ANY=[@ANYBLOB="a70209008ae910cc949e255fa78a19b321af3fff33f00124e9c47967b59d55383e48c12e6fc66e27a955118cb9f74214bb26b689d957bee74c215c73979af06e5e37da8cb9d849f62d02330996b952d246cfba686a8eda9d262809da81c86104c2af771323b1f04ec365a0781ab10ad7a30852b8d9de10fa46f098a803a6d4ee527d54cd25891e96156457dcf1ccd0ac3edef0d82ef5d1bad079ed7dd7f2c5d2a2c8e594dd06a4e289cc6358b3c895e2", @ANYRES16=r2, @ANYBLOB="00082bbd7000fddbdf250100000014000900fe8000000000000000000000000000bb04000500060001004e2000000400050008000600ac1414bb"], 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x1) mount$bpf(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000940)={[{@mode={'mode', 0x3d, 0x3}}, {@mode={'mode', 0x3d, 0x9}}, {@mode={'mode', 0x3d, 0x8}}], [{@subj_type={'subj_type', 0x3d, '*/]'}}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x34, 0x64, 0x30, 0x61, 0x63, 0x11, 0x35], 0x2d, [0x39, 0x39, 0x38, 0x62], 0x2d, [0x62, 0x62, 0x33, 0x36], 0x2d, [0x66, 0x63, 0x63, 0x39], 0x2d, [0x63, 0x2, 0x61, 0x37, 0x64, 0x62, 0x37, 0x34]}}}]}) statx(r0, &(0x7f0000000280)='./file0/../file0\x00', 0x4000, 0x400, &(0x7f0000000180)) pivot_root(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0\x00') execve(&(0x7f00000004c0)='./file0/../file0\x00', &(0x7f0000000680)=[&(0x7f0000000500)='\x94{@[(^[', &(0x7f0000000540)='):-#.\x00', &(0x7f0000000580)='.)){[\x00', &(0x7f00000005c0)='(!\x00', &(0x7f0000000600)='[\\#]^,\x00', &(0x7f0000000640)='!.%(\x00'], &(0x7f0000000880)=[&(0x7f00000006c0)='*/]', &(0x7f0000000700)=':\x00', &(0x7f0000000740)=')[,+]-\x00', &(0x7f0000000780)='{@y![/*}%^%#,\x00', &(0x7f00000007c0)='\x00', &(0x7f0000000800)='\x00', &(0x7f0000000840)='!\x00']) 00:22:36 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x541b, 0x0) 00:22:38 executing program 1: syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount_setattr(0xffffffffffffffff, &(0x7f00000008c0)='./file0\x00', 0xb000, &(0x7f0000000900)={0x0, 0x72, 0x80000}, 0x20) mount(0x0, &(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000000)='binfmt_misc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x4d0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) ftruncate(r1, 0x4d0) r2 = syz_genetlink_get_family_id$fou(&(0x7f00000002c0), r0) sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000a00)=ANY=[@ANYBLOB="a70209008ae910cc949e255fa78a19b321af3fff33f00124e9c47967b59d55383e48c12e6fc66e27a955118cb9f74214bb26b689d957bee74c215c73979af06e5e37da8cb9d849f62d02330996b952d246cfba686a8eda9d262809da81c86104c2af771323b1f04ec365a0781ab10ad7a30852b8d9de10fa46f098a803a6d4ee527d54cd25891e96156457dcf1ccd0ac3edef0d82ef5d1bad079ed7dd7f2c5d2a2c8e594dd06a4e289cc6358b3c895e2", @ANYRES16=r2, @ANYBLOB="00082bbd7000fddbdf250100000014000900fe8000000000000000000000000000bb04000500060001004e2000000400050008000600ac1414bb"], 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x1) mount$bpf(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000940)={[{@mode={'mode', 0x3d, 0x3}}, {@mode={'mode', 0x3d, 0x9}}, {@mode={'mode', 0x3d, 0x8}}], [{@subj_type={'subj_type', 0x3d, '*/]'}}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x34, 0x64, 0x30, 0x61, 0x63, 0x11, 0x35], 0x2d, [0x39, 0x39, 0x38, 0x62], 0x2d, [0x62, 0x62, 0x33, 0x36], 0x2d, [0x66, 0x63, 0x63, 0x39], 0x2d, [0x63, 0x2, 0x61, 0x37, 0x64, 0x62, 0x37, 0x34]}}}]}) statx(r0, &(0x7f0000000280)='./file0/../file0\x00', 0x4000, 0x400, &(0x7f0000000180)) pivot_root(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0\x00') execve(&(0x7f00000004c0)='./file0/../file0\x00', &(0x7f0000000680)=[&(0x7f0000000500)='\x94{@[(^[', &(0x7f0000000540)='):-#.\x00', &(0x7f0000000580)='.)){[\x00', &(0x7f00000005c0)='(!\x00', &(0x7f0000000600)='[\\#]^,\x00', &(0x7f0000000640)='!.%(\x00'], &(0x7f0000000880)=[&(0x7f00000006c0)='*/]', &(0x7f0000000700)=':\x00', &(0x7f0000000740)=')[,+]-\x00', &(0x7f0000000780)='{@y![/*}%^%#,\x00', &(0x7f00000007c0)='\x00', &(0x7f0000000800)='\x00', &(0x7f0000000840)='!\x00']) 00:22:39 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x541b, 0x0) 00:22:43 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount_setattr(0xffffffffffffffff, &(0x7f00000008c0)='./file0\x00', 0xb000, &(0x7f0000000900)={0x0, 0x72, 0x80000}, 0x20) mount(0x0, &(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000000)='binfmt_misc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x4d0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) ftruncate(r1, 0x4d0) r2 = syz_genetlink_get_family_id$fou(&(0x7f00000002c0), r0) sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000a00)=ANY=[@ANYBLOB="a70209008ae910cc949e255fa78a19b321af3fff33f00124e9c47967b59d55383e48c12e6fc66e27a955118cb9f74214bb26b689d957bee74c215c73979af06e5e37da8cb9d849f62d02330996b952d246cfba686a8eda9d262809da81c86104c2af771323b1f04ec365a0781ab10ad7a30852b8d9de10fa46f098a803a6d4ee527d54cd25891e96156457dcf1ccd0ac3edef0d82ef5d1bad079ed7dd7f2c5d2a2c8e594dd06a4e289cc6358b3c895e2", @ANYRES16=r2, @ANYBLOB="00082bbd7000fddbdf250100000014000900fe8000000000000000000000000000bb04000500060001004e2000000400050008000600ac1414bb"], 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x1) mount$bpf(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000940)={[{@mode={'mode', 0x3d, 0x3}}, {@mode={'mode', 0x3d, 0x9}}, {@mode={'mode', 0x3d, 0x8}}], [{@subj_type={'subj_type', 0x3d, '*/]'}}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x34, 0x64, 0x30, 0x61, 0x63, 0x11, 0x35], 0x2d, [0x39, 0x39, 0x38, 0x62], 0x2d, [0x62, 0x62, 0x33, 0x36], 0x2d, [0x66, 0x63, 0x63, 0x39], 0x2d, [0x63, 0x2, 0x61, 0x37, 0x64, 0x62, 0x37, 0x34]}}}]}) statx(r0, &(0x7f0000000280)='./file0/../file0\x00', 0x4000, 0x400, &(0x7f0000000180)) pivot_root(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0\x00') execve(&(0x7f00000004c0)='./file0/../file0\x00', &(0x7f0000000680)=[&(0x7f0000000500)='\x94{@[(^[', &(0x7f0000000540)='):-#.\x00', &(0x7f0000000580)='.)){[\x00', &(0x7f00000005c0)='(!\x00', &(0x7f0000000600)='[\\#]^,\x00', &(0x7f0000000640)='!.%(\x00'], &(0x7f0000000880)=[&(0x7f00000006c0)='*/]', &(0x7f0000000700)=':\x00', &(0x7f0000000740)=')[,+]-\x00', &(0x7f0000000780)='{@y![/*}%^%#,\x00', &(0x7f00000007c0)='\x00', &(0x7f0000000800)='\x00', &(0x7f0000000840)='!\x00']) 00:22:43 executing program 1: syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount_setattr(0xffffffffffffffff, &(0x7f00000008c0)='./file0\x00', 0xb000, &(0x7f0000000900)={0x0, 0x72, 0x80000}, 0x20) mount(0x0, &(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000000)='binfmt_misc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x4d0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) ftruncate(r1, 0x4d0) r2 = syz_genetlink_get_family_id$fou(&(0x7f00000002c0), r0) sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000a00)=ANY=[@ANYBLOB="a70209008ae910cc949e255fa78a19b321af3fff33f00124e9c47967b59d55383e48c12e6fc66e27a955118cb9f74214bb26b689d957bee74c215c73979af06e5e37da8cb9d849f62d02330996b952d246cfba686a8eda9d262809da81c86104c2af771323b1f04ec365a0781ab10ad7a30852b8d9de10fa46f098a803a6d4ee527d54cd25891e96156457dcf1ccd0ac3edef0d82ef5d1bad079ed7dd7f2c5d2a2c8e594dd06a4e289cc6358b3c895e2", @ANYRES16=r2, @ANYBLOB="00082bbd7000fddbdf250100000014000900fe8000000000000000000000000000bb04000500060001004e2000000400050008000600ac1414bb"], 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x1) mount$bpf(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000940)={[{@mode={'mode', 0x3d, 0x3}}, {@mode={'mode', 0x3d, 0x9}}, {@mode={'mode', 0x3d, 0x8}}], [{@subj_type={'subj_type', 0x3d, '*/]'}}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x34, 0x64, 0x30, 0x61, 0x63, 0x11, 0x35], 0x2d, [0x39, 0x39, 0x38, 0x62], 0x2d, [0x62, 0x62, 0x33, 0x36], 0x2d, [0x66, 0x63, 0x63, 0x39], 0x2d, [0x63, 0x2, 0x61, 0x37, 0x64, 0x62, 0x37, 0x34]}}}]}) statx(r0, &(0x7f0000000280)='./file0/../file0\x00', 0x4000, 0x400, &(0x7f0000000180)) pivot_root(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0\x00') execve(&(0x7f00000004c0)='./file0/../file0\x00', &(0x7f0000000680)=[&(0x7f0000000500)='\x94{@[(^[', &(0x7f0000000540)='):-#.\x00', &(0x7f0000000580)='.)){[\x00', &(0x7f00000005c0)='(!\x00', &(0x7f0000000600)='[\\#]^,\x00', &(0x7f0000000640)='!.%(\x00'], &(0x7f0000000880)=[&(0x7f00000006c0)='*/]', &(0x7f0000000700)=':\x00', &(0x7f0000000740)=')[,+]-\x00', &(0x7f0000000780)='{@y![/*}%^%#,\x00', &(0x7f00000007c0)='\x00', &(0x7f0000000800)='\x00', &(0x7f0000000840)='!\x00']) 00:22:51 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount_setattr(0xffffffffffffffff, &(0x7f00000008c0)='./file0\x00', 0xb000, &(0x7f0000000900)={0x0, 0x72, 0x80000}, 0x20) mount(0x0, &(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000000)='binfmt_misc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x4d0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) ftruncate(r1, 0x4d0) r2 = syz_genetlink_get_family_id$fou(&(0x7f00000002c0), r0) sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000a00)=ANY=[@ANYBLOB="a70209008ae910cc949e255fa78a19b321af3fff33f00124e9c47967b59d55383e48c12e6fc66e27a955118cb9f74214bb26b689d957bee74c215c73979af06e5e37da8cb9d849f62d02330996b952d246cfba686a8eda9d262809da81c86104c2af771323b1f04ec365a0781ab10ad7a30852b8d9de10fa46f098a803a6d4ee527d54cd25891e96156457dcf1ccd0ac3edef0d82ef5d1bad079ed7dd7f2c5d2a2c8e594dd06a4e289cc6358b3c895e2", @ANYRES16=r2, @ANYBLOB="00082bbd7000fddbdf250100000014000900fe8000000000000000000000000000bb04000500060001004e2000000400050008000600ac1414bb"], 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x1) mount$bpf(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000940)={[{@mode={'mode', 0x3d, 0x3}}, {@mode={'mode', 0x3d, 0x9}}, {@mode={'mode', 0x3d, 0x8}}], [{@subj_type={'subj_type', 0x3d, '*/]'}}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x34, 0x64, 0x30, 0x61, 0x63, 0x11, 0x35], 0x2d, [0x39, 0x39, 0x38, 0x62], 0x2d, [0x62, 0x62, 0x33, 0x36], 0x2d, [0x66, 0x63, 0x63, 0x39], 0x2d, [0x63, 0x2, 0x61, 0x37, 0x64, 0x62, 0x37, 0x34]}}}]}) statx(r0, &(0x7f0000000280)='./file0/../file0\x00', 0x4000, 0x400, &(0x7f0000000180)) pivot_root(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0\x00') execve(&(0x7f00000004c0)='./file0/../file0\x00', &(0x7f0000000680)=[&(0x7f0000000500)='\x94{@[(^[', &(0x7f0000000540)='):-#.\x00', &(0x7f0000000580)='.)){[\x00', &(0x7f00000005c0)='(!\x00', &(0x7f0000000600)='[\\#]^,\x00', &(0x7f0000000640)='!.%(\x00'], &(0x7f0000000880)=[&(0x7f00000006c0)='*/]', &(0x7f0000000700)=':\x00', &(0x7f0000000740)=')[,+]-\x00', &(0x7f0000000780)='{@y![/*}%^%#,\x00', &(0x7f00000007c0)='\x00', &(0x7f0000000800)='\x00', &(0x7f0000000840)='!\x00']) 00:22:52 executing program 1: syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount_setattr(0xffffffffffffffff, &(0x7f00000008c0)='./file0\x00', 0xb000, &(0x7f0000000900)={0x0, 0x72, 0x80000}, 0x20) mount(0x0, &(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000000)='binfmt_misc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x4d0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) ftruncate(r1, 0x4d0) r2 = syz_genetlink_get_family_id$fou(&(0x7f00000002c0), r0) sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000a00)=ANY=[@ANYBLOB="a70209008ae910cc949e255fa78a19b321af3fff33f00124e9c47967b59d55383e48c12e6fc66e27a955118cb9f74214bb26b689d957bee74c215c73979af06e5e37da8cb9d849f62d02330996b952d246cfba686a8eda9d262809da81c86104c2af771323b1f04ec365a0781ab10ad7a30852b8d9de10fa46f098a803a6d4ee527d54cd25891e96156457dcf1ccd0ac3edef0d82ef5d1bad079ed7dd7f2c5d2a2c8e594dd06a4e289cc6358b3c895e2", @ANYRES16=r2, @ANYBLOB="00082bbd7000fddbdf250100000014000900fe8000000000000000000000000000bb04000500060001004e2000000400050008000600ac1414bb"], 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x1) mount$bpf(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000940)={[{@mode={'mode', 0x3d, 0x3}}, {@mode={'mode', 0x3d, 0x9}}, {@mode={'mode', 0x3d, 0x8}}], [{@subj_type={'subj_type', 0x3d, '*/]'}}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x34, 0x64, 0x30, 0x61, 0x63, 0x11, 0x35], 0x2d, [0x39, 0x39, 0x38, 0x62], 0x2d, [0x62, 0x62, 0x33, 0x36], 0x2d, [0x66, 0x63, 0x63, 0x39], 0x2d, [0x63, 0x2, 0x61, 0x37, 0x64, 0x62, 0x37, 0x34]}}}]}) statx(r0, &(0x7f0000000280)='./file0/../file0\x00', 0x4000, 0x400, &(0x7f0000000180)) pivot_root(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0\x00') execve(&(0x7f00000004c0)='./file0/../file0\x00', &(0x7f0000000680)=[&(0x7f0000000500)='\x94{@[(^[', &(0x7f0000000540)='):-#.\x00', &(0x7f0000000580)='.)){[\x00', &(0x7f00000005c0)='(!\x00', &(0x7f0000000600)='[\\#]^,\x00', &(0x7f0000000640)='!.%(\x00'], &(0x7f0000000880)=[&(0x7f00000006c0)='*/]', &(0x7f0000000700)=':\x00', &(0x7f0000000740)=')[,+]-\x00', &(0x7f0000000780)='{@y![/*}%^%#,\x00', &(0x7f00000007c0)='\x00', &(0x7f0000000800)='\x00', &(0x7f0000000840)='!\x00']) 00:23:00 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount_setattr(0xffffffffffffffff, &(0x7f00000008c0)='./file0\x00', 0xb000, &(0x7f0000000900)={0x0, 0x72, 0x80000}, 0x20) mount(0x0, &(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000000)='binfmt_misc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) ftruncate(r0, 0x4d0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xe66e1, 0x0) ftruncate(r1, 0x4d0) r2 = syz_genetlink_get_family_id$fou(&(0x7f00000002c0), r0) sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000a00)=ANY=[@ANYBLOB="a70209008ae910cc949e255fa78a19b321af3fff33f00124e9c47967b59d55383e48c12e6fc66e27a955118cb9f74214bb26b689d957bee74c215c73979af06e5e37da8cb9d849f62d02330996b952d246cfba686a8eda9d262809da81c86104c2af771323b1f04ec365a0781ab10ad7a30852b8d9de10fa46f098a803a6d4ee527d54cd25891e96156457dcf1ccd0ac3edef0d82ef5d1bad079ed7dd7f2c5d2a2c8e594dd06a4e289cc6358b3c895e2", @ANYRES16=r2, @ANYBLOB="00082bbd7000fddbdf250100000014000900fe8000000000000000000000000000bb04000500060001004e2000000400050008000600ac1414bb"], 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x1) mount$bpf(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000940)={[{@mode={'mode', 0x3d, 0x3}}, {@mode={'mode', 0x3d, 0x9}}, {@mode={'mode', 0x3d, 0x8}}], [{@subj_type={'subj_type', 0x3d, '*/]'}}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x34, 0x64, 0x30, 0x61, 0x63, 0x11, 0x35], 0x2d, [0x39, 0x39, 0x38, 0x62], 0x2d, [0x62, 0x62, 0x33, 0x36], 0x2d, [0x66, 0x63, 0x63, 0x39], 0x2d, [0x63, 0x2, 0x61, 0x37, 0x64, 0x62, 0x37, 0x34]}}}]}) statx(r0, &(0x7f0000000280)='./file0/../file0\x00', 0x4000, 0x400, &(0x7f0000000180)) pivot_root(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0\x00') execve(&(0x7f00000004c0)='./file0/../file0\x00', &(0x7f0000000680)=[&(0x7f0000000500)='\x94{@[(^[', &(0x7f0000000540)='):-#.\x00', &(0x7f0000000580)='.)){[\x00', &(0x7f00000005c0)='(!\x00', &(0x7f0000000600)='[\\#]^,\x00', &(0x7f0000000640)='!.%(\x00'], &(0x7f0000000880)=[&(0x7f00000006c0)='*/]', &(0x7f0000000700)=':\x00', &(0x7f0000000740)=')[,+]-\x00', &(0x7f0000000780)='{@y![/*}%^%#,\x00', &(0x7f00000007c0)='\x00', &(0x7f0000000800)='\x00', &(0x7f0000000840)='!\x00']) [ 1381.402271][ T2069] ================================================================== [ 1381.405396][ T2069] BUG: KASAN: wild-memory-access in io_wq_worker_running+0x3e/0xda [ 1381.406612][ T2069] Read of size 4 at addr 4d019002494080eb by task kworker/u4:4/2069 [ 1381.407700][ T2069] [ 1381.408540][ T2069] CPU: 0 PID: 2069 Comm: kworker/u4:4 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1381.411436][ T2069] Hardware name: riscv-virtio,qemu (DT) [ 1381.413049][ T2069] Workqueue: 0x0 (events_unbound) [ 1381.414883][ T2069] Call Trace: [ 1381.415646][ T2069] [] dump_backtrace+0x2e/0x3c [ 1381.416774][ T2069] [] show_stack+0x34/0x40 [ 1381.417814][ T2069] [] dump_stack_lvl+0xe4/0x150 [ 1381.419213][ T2069] [] kasan_report+0x1de/0x1e0 [ 1381.420661][ T2069] [] __asan_load4+0x6e/0x96 [ 1381.421881][ T2069] [] io_wq_worker_running+0x3e/0xda [ 1381.423007][ T2069] [] schedule+0x100/0x14c [ 1381.424162][ T2069] [] worker_thread+0x478/0x8fa [ 1381.425242][ T2069] [] kthread+0x19e/0x1fa [ 1381.427534][ T2069] ================================================================== [ 1381.428649][ T2069] Disabling lock debugging due to kernel taint [ 1381.534037][ T2069] Unable to handle kernel paging request at virtual address 4d019002494080eb [ 1381.553899][ T2069] Oops [#1] [ 1381.556046][ T2069] Modules linked in: [ 1381.558336][ T2069] CPU: 1 PID: 2069 Comm: kworker/u4:4 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1381.563600][ T2069] Hardware name: riscv-virtio,qemu (DT) [ 1381.565940][ T2069] Workqueue: 0x0 (events_unbound) [ 1381.568103][ T2069] epc : io_wq_worker_running+0x3e/0xda [ 1381.569785][ T2069] ra : io_wq_worker_running+0x3e/0xda [ 1381.570807][ T2069] epc : ffffffff805d049e ra : ffffffff805d049e sp : ffffaf800bb37d80 [ 1381.571831][ T2069] gp : ffffffff85863ac0 tp : ffffaf800bf7e100 t0 : 00000000000001f8 [ 1381.573000][ T2069] t1 : fffff5ef0181524a t2 : 0000000000000008 s0 : ffffaf800bb37db0 [ 1381.574128][ T2069] s1 : 4d019002494080e7 a0 : 0000000000000001 a1 : 0000000000000007 [ 1381.575257][ T2069] a2 : 1ffff5f0017efc20 a3 : ffffffff831a6b2e a4 : 0000000000000000 [ 1381.576461][ T2069] a5 : ffffaf800bf7f100 a6 : 0000000000f00000 a7 : ffffaf800c0a9253 [ 1381.577598][ T2069] s2 : ffffaf800bf7e100 s3 : ffffaf800bf7e13c s4 : ffffaf800bf7f100 [ 1381.578839][ T2069] s5 : ffffaf8007229860 s6 : ffffffff84a0c540 s7 : ffffaf8007229858 [ 1381.580715][ T2069] s8 : ffffaf8007229850 s9 : ffffffff84c3efc0 s10: ffffaf8009eaaa40 [ 1381.581892][ T2069] s11: 0000000100012ed1 t3 : 00007fffb787228c t4 : fffff5ef0181524a [ 1381.583062][ T2069] t5 : fffff5ef0181524b t6 : 762d766373000000 [ 1381.584652][ T2069] status: 0000000000000120 badaddr: 4d019002494080eb cause: 000000000000000d [ 1381.586012][ T2069] [] schedule+0x100/0x14c [ 1381.587256][ T2069] [] worker_thread+0x478/0x8fa [ 1381.588375][ T2069] [] kthread+0x19e/0x1fa [ 1381.703480][ T2069] ---[ end trace 0000000000000000 ]--- [ 1381.704879][ T2069] Kernel panic - not syncing: Fatal exception [ 1381.705754][ T2069] SMP: stopping secondary CPUs [ 1381.707220][ T2069] Rebooting in 86400 seconds.. VM DIAGNOSIS: 09:25:05 Registers: info registers vcpu 0 pc ffffffff801229fc mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80c2dc4a sepc ffffffff800bdb3e mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff801229f8 x2/sp ffffaf800bb37820 x3/gp ffffffff85863ac0 x4/tp ffffaf800bf7e100 x5/t0 ffffffff86bdad48 x6/t1 fffff5ef01766f0c x7/t2 0000000000000000 x8/s0 ffffaf800bb378f0 x9/s1 ffffaf800bb379e0 x10/a0 0000000000000000 x11/a1 00000000000f0000 x12/a2 0000000000000002 x13/a3 ffffffff801229f8 x14/a4 ffffaf800bf7f100 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffaf800bb37867 x18/s2 0000000000000020 x19/s3 ffffaf800bb379e8 x20/s4 ffffffff85889780 x21/s5 1ffff5f001766f08 x22/s6 ffffffff84b3d6f0 x23/s7 00000000ffffe32e x24/s8 00000000ffffe32e x25/s9 1ffff5f001766f2c x26/s10 ffffffff85889780 x27/s11 ffffaf800bb379e0 x28/t3 0000000000000030 x29/t4 fffff5ef01766f0c x30/t5 fffff5ef01766f0d x31/t6 ffffffff86bdada6 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80115a04 mhartid 0000000000000001 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80111f56 sepc ffffffff831afd22 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff801159f6 x2/sp ffffaf800c0c7300 x3/gp ffffffff85863ac0 x4/tp ffffaf800c1e0000 x5/t0 0000000000046000 x6/t1 ee0e4b061962cc00 x7/t2 0000000059b532cd x8/s0 ffffaf800c0c7420 x9/s1 ffffffff8343c840 x10/a0 ffffaf800c1e0a1c x11/a1 0000000000000007 x12/a2 1ffff5f00183c143 x13/a3 ffffffff801159f6 x14/a4 0000000000000000 x15/a5 0000000000000120 x16/a6 0000000000f00000 x17/a7 ffffffff80b08bfe x18/s2 ffffaf800c0c73a0 x19/s3 ffffaf800c1e1000 x20/s4 ffffffff8586fd20 x21/s5 ffffaf800c1e0000 x22/s6 ffffffff86c1a620 x23/s7 0000000000001000 x24/s8 ffffffff85889780 x25/s9 1ffff5f001818e64 x26/s10 ffffffff86dfbe48 x27/s11 ffffffff80b08ce4 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001818e30 x31/t6 ffffaf8007d96026 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000