[ 123.244758][T11569] sshd (11569) used greatest stack depth: 3352 bytes left [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 123.890043][ T32] kauditd_printk_skb: 4 callbacks suppressed [ 123.890090][ T32] audit: type=1800 audit(1583991213.950:39): pid=11502 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 123.940318][ T32] audit: type=1800 audit(1583991213.990:40): pid=11502 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 128.493662][ T32] audit: type=1400 audit(1583991218.560:41): avc: denied { map } for pid=11676 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.231' (ECDSA) to the list of known hosts. 2020/03/12 05:33:51 fuzzer started [ 141.200567][ T32] audit: type=1400 audit(1583991231.260:42): avc: denied { map } for pid=11685 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2020/03/12 05:33:56 dialing manager at 10.128.0.26:39595 2020/03/12 05:33:56 syscalls: 2967 2020/03/12 05:33:56 code coverage: enabled 2020/03/12 05:33:56 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2020/03/12 05:33:56 extra coverage: enabled 2020/03/12 05:33:56 setuid sandbox: enabled 2020/03/12 05:33:56 namespace sandbox: enabled 2020/03/12 05:33:56 Android sandbox: /sys/fs/selinux/policy does not exist 2020/03/12 05:33:56 fault injection: enabled 2020/03/12 05:33:56 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/03/12 05:33:56 net packet injection: enabled 2020/03/12 05:33:56 net device setup: enabled 2020/03/12 05:33:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/03/12 05:33:56 devlink PCI setup: PCI device 0000:00:10.0 is not available [ 146.786051][ T32] audit: type=1400 audit(1583991236.850:43): avc: denied { integrity } for pid=11700 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 05:37:12 executing program 0: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0xfffffff5) socket$kcm(0x2, 0x3, 0x2) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000140081f87059ae08060c040002ff0f02000000000000018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a03000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0) [ 342.541407][ T32] audit: type=1400 audit(1583991432.600:44): avc: denied { map } for pid=11703 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=73 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 343.032112][T11704] IPVS: ftp: loaded support on port[0] = 21 [ 343.253219][T11704] chnl_net:caif_netlink_parms(): no params data found [ 343.414636][T11704] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.421881][T11704] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.431431][T11704] device bridge_slave_0 entered promiscuous mode [ 343.447440][T11704] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.455359][T11704] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.464742][T11704] device bridge_slave_1 entered promiscuous mode [ 343.518935][T11704] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 343.538742][T11704] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 343.589046][T11704] team0: Port device team_slave_0 added [ 343.603936][T11704] team0: Port device team_slave_1 added [ 343.651479][T11704] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 343.659000][T11704] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 343.685695][T11704] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 343.704908][T11704] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 343.712240][T11704] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 343.739667][T11704] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 344.030899][T11704] device hsr_slave_0 entered promiscuous mode [ 344.283991][T11704] device hsr_slave_1 entered promiscuous mode [ 344.687516][ T32] audit: type=1400 audit(1583991434.750:45): avc: denied { create } for pid=11704 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 344.692384][T11704] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 344.712757][ T32] audit: type=1400 audit(1583991434.750:46): avc: denied { write } for pid=11704 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 344.712847][ T32] audit: type=1400 audit(1583991434.750:47): avc: denied { read } for pid=11704 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 344.808406][T11704] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 344.883248][T11704] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 345.073142][T11704] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 345.408825][T11704] 8021q: adding VLAN 0 to HW filter on device bond0 [ 345.447552][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 345.457068][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 345.480555][T11704] 8021q: adding VLAN 0 to HW filter on device team0 [ 345.504477][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 345.515578][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 345.525091][ T30] bridge0: port 1(bridge_slave_0) entered blocking state [ 345.532393][ T30] bridge0: port 1(bridge_slave_0) entered forwarding state [ 345.573591][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 345.583143][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 345.593344][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 345.602783][ T30] bridge0: port 2(bridge_slave_1) entered blocking state [ 345.609977][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state [ 345.619221][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 345.656658][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 345.675552][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 345.685433][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 345.724159][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 345.734920][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 345.746129][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 345.757318][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 345.767225][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 345.803358][T11704] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 345.816658][T11704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 345.837781][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 345.847650][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 345.900871][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 345.909076][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 345.953528][T11704] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 346.013847][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 346.024402][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 346.098858][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 346.108750][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 346.136536][T11704] device veth0_vlan entered promiscuous mode [ 346.145561][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 346.155932][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 346.199087][T11704] device veth1_vlan entered promiscuous mode [ 346.294062][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 346.304434][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 346.314382][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 346.324723][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 346.356475][T11704] device veth0_macvtap entered promiscuous mode [ 346.379959][T11704] device veth1_macvtap entered promiscuous mode [ 346.447762][T11704] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 346.457008][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 346.466510][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 346.476117][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 346.486783][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 346.514685][T11704] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 346.534721][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 346.545210][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 347.007909][ T32] audit: type=1400 audit(1583991437.070:48): avc: denied { associate } for pid=11704 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 347.225160][ T32] audit: type=1400 audit(1583991437.290:49): avc: denied { open } for pid=11731 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 05:37:17 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) socket$kcm(0x2b, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x15, 0x10, 0x3}, 0x3c) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x17, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18100000", @ANYRES32=r1, @ANYBLOB="000000000000000018100000", @ANYRES32, @ANYBLOB="f2fff8ffffffffff"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 347.416759][ T32] audit: type=1400 audit(1583991437.480:50): avc: denied { map_create } for pid=11735 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 347.440631][ T32] audit: type=1400 audit(1583991437.480:51): avc: denied { map_read map_write } for pid=11735 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 347.466582][ T32] audit: type=1400 audit(1583991437.480:52): avc: denied { prog_load } for pid=11735 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 05:37:17 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820004, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c) [ 347.726350][ T32] audit: type=1400 audit(1583991437.790:53): avc: denied { kernel } for pid=11739 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 347.750399][ T32] audit: type=1400 audit(1583991437.790:54): avc: denied { confidentiality } for pid=11739 comm="syz-executor.0" lockdown_reason="unsafe use of perf" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 05:37:18 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0xfffffff5) write$cgroup_pid(r2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, 0x3}, 0x3c) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.swap.current\x00', 0x0, 0x0) socket$kcm(0x10, 0x0, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100d00, 0x500001c) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0x87, 0x95, &(0x7f0000000280)="a950abaff512aacb9fa1c898e6d3c2cb9be3f402675fe4bdce5de9d4741d6006087d9fc231647eebe62b7bcae67ca380af839821739d2c3eede0297b64a8258e8f7b58c7d37b8b0a81f99504e81eee37868c0807178745138ac0b2a5f6a6e1a999a4402dd76ac889a453fd23e0dc199a00e8cc01c7ff2eca04cf31843c78a46727123ffb382074", &(0x7f0000000340)=""/149, 0xd2, 0x0, 0x90, 0x55, &(0x7f0000000400)="0f098fa1b59446581f25fd07bd2263db2161f8c60330b9b61468556d474ba4f16dd478e8ee39a4756787da82b405d34ebea3e0298336c0a100fc5a80b6cbe83f944ba239c5e051dfd3f40c729d874c19bb12c550e3b4354e6fdad4b9213d0de65595b91c237cb30abd1e9b65bd09f911149d02ae2fc1024201d34d937808ab26359a8e29c8e0046033910e17921d3fe3", &(0x7f00000004c0)="3023cbefb33c93da9d594cac195f762aa192eebb6a04d33ffb34a62d55b3e71d4e2925fcbaec8cc2aadc4231c85208a88fad2d953ca936dd201a070ed02ac843b20904a3c16814a20fb6c02f3ba361571a8252d861"}, 0x40) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) socket$kcm(0x2, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x400c00) openat$cgroup_ro(r4, &(0x7f0000000040)='cpuacct.stat\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r5 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000000)={0xa, 0x1ff, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x10) socket$kcm(0x29, 0x5, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r5, 0x0, &(0x7f0000000400)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000c88000)={r5, &(0x7f0000847f95), &(0x7f000089b000)}, 0x20) [ 348.098187][ C0] hrtimer: interrupt took 64611 ns [ 348.201861][ T32] audit: type=1804 audit(1583991438.260:55): pid=11745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir519201690/syzkaller.2m7nK6/3/memory.events" dev="sda1" ino=16500 res=1 05:37:18 executing program 1: bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) gettid() perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000040), 0x12) [ 348.417972][ T32] audit: type=1804 audit(1583991438.480:56): pid=11750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir519201690/syzkaller.2m7nK6/3/memory.events" dev="sda1" ino=16500 res=1 [ 348.542179][ T32] audit: type=1800 audit(1583991438.560:57): pid=11745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="memory.events" dev="sda1" ino=16500 res=0 [ 348.695309][ T32] audit: type=1804 audit(1583991438.760:58): pid=11745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir519201690/syzkaller.2m7nK6/3/memory.events" dev="sda1" ino=16500 res=1 [ 348.790681][ T32] audit: type=1804 audit(1583991438.850:59): pid=11746 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir519201690/syzkaller.2m7nK6/3/memory.events" dev="sda1" ino=16500 res=1 [ 348.835776][ T32] audit: type=1804 audit(1583991438.890:60): pid=11745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir519201690/syzkaller.2m7nK6/3/memory.events" dev="sda1" ino=16500 res=1 [ 348.863831][ T32] audit: type=1800 audit(1583991438.890:61): pid=11746 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="memory.events" dev="sda1" ino=16500 res=0 [ 348.933023][ T32] audit: type=1804 audit(1583991438.970:62): pid=11752 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir519201690/syzkaller.2m7nK6/3/memory.events" dev="sda1" ino=16500 res=1 05:37:19 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0xfffffff5) write$cgroup_pid(r2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, 0x3}, 0x3c) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.swap.current\x00', 0x0, 0x0) socket$kcm(0x10, 0x0, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100d00, 0x500001c) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0x87, 0x95, &(0x7f0000000280)="a950abaff512aacb9fa1c898e6d3c2cb9be3f402675fe4bdce5de9d4741d6006087d9fc231647eebe62b7bcae67ca380af839821739d2c3eede0297b64a8258e8f7b58c7d37b8b0a81f99504e81eee37868c0807178745138ac0b2a5f6a6e1a999a4402dd76ac889a453fd23e0dc199a00e8cc01c7ff2eca04cf31843c78a46727123ffb382074", &(0x7f0000000340)=""/149, 0xd2, 0x0, 0x90, 0x55, &(0x7f0000000400)="0f098fa1b59446581f25fd07bd2263db2161f8c60330b9b61468556d474ba4f16dd478e8ee39a4756787da82b405d34ebea3e0298336c0a100fc5a80b6cbe83f944ba239c5e051dfd3f40c729d874c19bb12c550e3b4354e6fdad4b9213d0de65595b91c237cb30abd1e9b65bd09f911149d02ae2fc1024201d34d937808ab26359a8e29c8e0046033910e17921d3fe3", &(0x7f00000004c0)="3023cbefb33c93da9d594cac195f762aa192eebb6a04d33ffb34a62d55b3e71d4e2925fcbaec8cc2aadc4231c85208a88fad2d953ca936dd201a070ed02ac843b20904a3c16814a20fb6c02f3ba361571a8252d861"}, 0x40) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) socket$kcm(0x2, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x400c00) openat$cgroup_ro(r4, &(0x7f0000000040)='cpuacct.stat\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r5 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000000)={0xa, 0x1ff, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x10) socket$kcm(0x29, 0x5, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r5, 0x0, &(0x7f0000000400)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000c88000)={r5, &(0x7f0000847f95), &(0x7f000089b000)}, 0x20) [ 349.298228][T11757] IPVS: ftp: loaded support on port[0] = 21 [ 349.538515][T11757] chnl_net:caif_netlink_parms(): no params data found 05:37:20 executing program 0: gettid() r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0xfffffff5) write$cgroup_pid(r2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, 0x3}, 0x3c) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.swap.current\x00', 0x0, 0x0) socket$kcm(0x10, 0x0, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xda00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events\x00', 0x2da8020000100d00, 0x500001c) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0x87, 0x95, &(0x7f0000000280)="a950abaff512aacb9fa1c898e6d3c2cb9be3f402675fe4bdce5de9d4741d6006087d9fc231647eebe62b7bcae67ca380af839821739d2c3eede0297b64a8258e8f7b58c7d37b8b0a81f99504e81eee37868c0807178745138ac0b2a5f6a6e1a999a4402dd76ac889a453fd23e0dc199a00e8cc01c7ff2eca04cf31843c78a46727123ffb382074", &(0x7f0000000340)=""/149, 0xd2, 0x0, 0x90, 0x55, &(0x7f0000000400)="0f098fa1b59446581f25fd07bd2263db2161f8c60330b9b61468556d474ba4f16dd478e8ee39a4756787da82b405d34ebea3e0298336c0a100fc5a80b6cbe83f944ba239c5e051dfd3f40c729d874c19bb12c550e3b4354e6fdad4b9213d0de65595b91c237cb30abd1e9b65bd09f911149d02ae2fc1024201d34d937808ab26359a8e29c8e0046033910e17921d3fe3", &(0x7f00000004c0)="3023cbefb33c93da9d594cac195f762aa192eebb6a04d33ffb34a62d55b3e71d4e2925fcbaec8cc2aadc4231c85208a88fad2d953ca936dd201a070ed02ac843b20904a3c16814a20fb6c02f3ba361571a8252d861"}, 0x40) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7fff}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r3, &(0x7f0000000200), 0x43400) socket$kcm(0x2, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000200), 0x400c00) openat$cgroup_ro(r4, &(0x7f0000000040)='cpuacct.stat\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r5 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000000)={0xa, 0x1ff, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x10) socket$kcm(0x29, 0x5, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r5, 0x0, &(0x7f0000000400)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000c88000)={r5, &(0x7f0000847f95), &(0x7f000089b000)}, 0x20) [ 349.920012][T11757] bridge0: port 1(bridge_slave_0) entered blocking state [ 349.927910][T11757] bridge0: port 1(bridge_slave_0) entered disabled state [ 349.937591][T11757] device bridge_slave_0 entered promiscuous mode [ 349.997612][T11757] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.005086][T11757] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.014756][T11757] device bridge_slave_1 entered promiscuous mode [ 350.121455][T11757] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 350.141716][T11757] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 350.193780][T11757] team0: Port device team_slave_0 added [ 350.211077][T11757] team0: Port device team_slave_1 added [ 350.326199][T11757] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 350.333440][T11757] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 350.360046][T11757] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 350.402798][T11757] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 350.409960][T11757] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 350.436292][T11757] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 05:37:20 executing program 0: gettid() getpid() gettid() perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="2e0000003a000507d25a80648c6354c00224fcd20600aaba31d221136ee90016000a000000053582c135fdea0000", 0x2e}], 0x1}, 0x0) [ 350.589891][T11757] device hsr_slave_0 entered promiscuous mode [ 350.623910][T11757] device hsr_slave_1 entered promiscuous mode [ 350.652646][T11757] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 350.660292][T11757] Cannot create hsr debugfs directory 05:37:20 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040)={0x1}, 0x8) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x140, 0x0) r2 = socket$inet6(0xa, 0x400000000001, 0x0) close(r2) r3 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r2, r3, 0x0, 0x200fff) ioctl$DRM_IOCTL_RES_CTX(r3, 0xc0086426, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x0}]}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r1, 0xc008641d, &(0x7f0000000200)={r4, &(0x7f0000000100)=""/230}) close(r0) [ 350.894424][T11782] QAT: Invalid ioctl [ 350.939164][T11784] QAT: Invalid ioctl [ 351.034302][T11757] netdevsim netdevsim1 netdevsim0: renamed from eth0 05:37:21 executing program 0: r0 = socket$can_raw(0x1d, 0x3, 0x1) socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x121, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468000000e1801fed9e7ff2420048ea908e", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @broadcast}, 0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) r6 = dup(r0) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000680)={'vcan0\x00', r5}) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r7}, 0x10) write(r0, &(0x7f0000000300)='\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00', 0x10) r8 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x541002, 0x0) connect$l2tp6(r8, &(0x7f0000000080)={0xa, 0x0, 0x2, @ipv4={[], [], @loopback}, 0x6, 0x3}, 0x20) [ 351.085826][T11757] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 351.145100][T11757] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 351.192216][T11757] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 351.271280][T11789] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 351.541453][T11757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 351.587243][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 351.597156][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 351.621084][T11757] 8021q: adding VLAN 0 to HW filter on device team0 [ 351.651054][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 351.662808][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 351.672440][T11711] bridge0: port 1(bridge_slave_0) entered blocking state [ 351.679679][T11711] bridge0: port 1(bridge_slave_0) entered forwarding state [ 351.736370][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 351.746307][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 351.756316][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 351.766008][T11711] bridge0: port 2(bridge_slave_1) entered blocking state [ 351.773348][T11711] bridge0: port 2(bridge_slave_1) entered forwarding state [ 351.782937][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 351.794529][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 351.818809][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 351.829833][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 351.876975][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 351.887673][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 351.898254][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 351.909213][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 351.919638][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 351.953504][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 351.965551][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 351.992778][T11757] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 352.036838][T11791] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 352.080203][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 352.089063][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 352.136081][T11757] 8021q: adding VLAN 0 to HW filter on device batadv0 05:37:22 executing program 0: r0 = socket$can_raw(0x1d, 0x3, 0x1) socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r1, &(0x7f0000000300), 0x121, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468000000e1801fed9e7ff2420048ea908e", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @broadcast}, 0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) r6 = dup(r0) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000680)={'vcan0\x00', r5}) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r7}, 0x10) write(r0, &(0x7f0000000300)='\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00', 0x10) r8 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x541002, 0x0) connect$l2tp6(r8, &(0x7f0000000080)={0xa, 0x0, 0x2, @ipv4={[], [], @loopback}, 0x6, 0x3}, 0x20) [ 352.225116][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 352.238198][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 352.371309][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 352.381423][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 352.408679][T11757] device veth0_vlan entered promiscuous mode [ 352.424269][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 352.435363][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 352.484608][T11757] device veth1_vlan entered promiscuous mode [ 352.505105][T11796] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 352.595928][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 352.605881][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 352.615390][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 352.625476][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 352.657055][T11757] device veth0_macvtap entered promiscuous mode [ 352.681535][T11757] device veth1_macvtap entered promiscuous mode [ 352.744676][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 352.754378][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 352.774137][T11757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 352.785590][T11757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 352.799131][T11757] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 352.810309][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 352.820948][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 352.860544][T11757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 352.871280][T11757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 352.884556][T11757] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 352.898064][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 352.908462][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 05:37:23 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r0, r1, 0x0, 0x200fff) syz_mount_image$f2fs(&(0x7f0000000240)='f2fs\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="1020f5f20100070009000000030000000c0000000900000001000000020000000000000000300000000000000e00000016000000020000000200000012000000020000000e000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f0000000040)=0x2) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) fcntl$F_SET_FILE_RW_HINT(r2, 0x40e, &(0x7f0000000100)=0x5) write$cgroup_type(r2, &(0x7f0000000000)='threaded\x00', 0x248800) [ 353.476199][T11815] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 353.484315][T11815] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 353.494340][T11815] F2FS-fs (loop0): Wrong NAT boundary, start(3072) end(4096) blocks(9216) [ 353.503472][T11815] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 353.657564][T11815] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 353.665764][T11815] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 353.674499][T11815] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x2) [ 353.683278][T11815] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock 05:37:23 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r0, r1, 0x0, 0x200fff) syz_mount_image$f2fs(&(0x7f0000000240)='f2fs\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="1020f5f20100070009000000030000000c0000000900000001000000020000000000000000300000000000000e00000016000000020000000200000012000000020000000e000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f0000000040)=0x2) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) fcntl$F_SET_FILE_RW_HINT(r2, 0x40e, &(0x7f0000000100)=0x5) write$cgroup_type(r2, &(0x7f0000000000)='threaded\x00', 0x248800) [ 354.093135][T11834] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 354.101096][T11834] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 354.110896][T11834] F2FS-fs (loop0): Wrong NAT boundary, start(3072) end(4096) blocks(9216) [ 354.119814][T11834] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock 05:37:24 executing program 1: r0 = memfd_create(&(0x7f0000000140)='\x00\x04\x00\x00', 0x0) write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYRESOCT=0x0], 0x17) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 05:37:24 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x3, 0x84800) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') r3 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r3, &(0x7f0000000300), 0x121, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240)='/dev/hwrng\x00', 0x800, 0x0) setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000000340)={0x5, &(0x7f0000000280)=[{0x2, 0x0, 0x8, 0x5}, {0x7031, 0x71, 0x8, 0x5}, {0xba8, 0x6, 0xbe, 0x4}, {0x2, 0x84, 0xae, 0x2}, {0x7, 0x4, 0x80, 0x9}]}, 0x8) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468000000e1801fed9e7ff2420048ea908e", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) bind$packet(r3, &(0x7f0000000000)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @broadcast}, 0x14) sendmsg$NL80211_CMD_DEL_INTERFACE(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r2, 0x200, 0x70bd29, 0x25dfdbfc, {}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x7, 0x3}}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x3, 0x3}}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24000000}, 0x40) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000300)={0x0, 0x700, &(0x7f0000000040)={&(0x7f0000001680)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x6}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) 05:37:24 executing program 1: r0 = memfd_create(&(0x7f0000000140)='\x00\x04\x00\x00', 0x0) write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYRESOCT=0x0], 0x17) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) [ 354.477860][ T32] kauditd_printk_skb: 8 callbacks suppressed [ 354.477942][ T32] audit: type=1400 audit(1583991444.540:71): avc: denied { create } for pid=11843 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 354.597490][T11846] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 05:37:24 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x91082, 0x0) ioctl$VIDIOC_G_AUDOUT(r1, 0x80345631, &(0x7f0000000040)) sendmmsg(r0, &(0x7f0000005280)=[{{&(0x7f0000000080)=@hci={0x1f, 0x0, 0x4}, 0x80, 0x0}}, {{&(0x7f0000000800)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, 0x0}}], 0x2, 0x0) r2 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r2, 0x800) lseek(r2, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r2, r3, 0x0, 0xf7fffff7) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') sendmsg$L2TP_CMD_TUNNEL_GET(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, r4, 0x608, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_OFFSET={0x6, 0x3, 0xfff8}, @L2TP_ATTR_COOKIE={0xc}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000003}, 0xc091) [ 354.694436][ T32] audit: type=1400 audit(1583991444.750:72): avc: denied { write } for pid=11843 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 354.824240][ T32] audit: type=1800 audit(1583991444.890:73): pid=11852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16513 res=0 05:37:25 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r0, r1, 0x0, 0x200fff) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, &(0x7f0000000000)) r2 = creat(&(0x7f0000000680)='./bus\x00', 0x2c) ftruncate(r2, 0x800) lseek(r2, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r2, r3, 0x0, 0xf7fffff7) syz_emit_ethernet(0x6, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaa0a11eba88000000001000000408000000000aaff0200100000000000d55d71a059fd36c10000907800000000000000000000000000000000006a9f6e504d75a28334f4931189073be0af6e596799a8404ed1cd8f6b7520bee69984bf79ce8eb33eb0b36e7abb7194e2c47024fa02c6e7821d0547cb7fc6100414795550f525e29e09446b850d88d7e3e9235265ca74078c15f8978399a97dcd33875ab9a0176c5baca3ebf1cf890c4cd360aa469dbac4e797dbf10ff206f546db65d685e1375a0c20bcbd03bc05ea834528a86317984d2436a3a9147f028a227f7ddd637a1a4ad4e42e93948afb02c51e779b19f2b2253520d0ba7e290aa474c27338cd27386689f1cd0a9f98996787982d5c759ca2684e16ad03fb6a4c4d4405b2a4b2f98243839474a648dcd42cb0848842155c1d14eb", @ANYPTR64=&(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYBLOB="d18efc6893ebc0935b7e735ed739011a9fd360e2e077558a176e8054867ac7b4d252f5cae644c98164acaa4b71feba3c2940864be8e66d72ea9e6c1445c41e0aa70b99f2ebb7d1a898a195de9dc86515d4147a94712f1e8b5d8a15fb0ca214a8a106af9c188a33cabc36744ef8f832b8518e0ba02bb52495450f3d22045724daa8a721f456c479be6f90cf0a98fec23de9d52ba554b8d729b766e6c33d89c6f01da77c691d1c5193a83f52a48cb995e33691210ac1c26289be1c0a752d8789605643e487dbb0a81f3347905e63f66abfc3db2cdb7401ee554eb664b3770e", @ANYRES64], @ANYBLOB="d72bf9daa98a4871ad3cf69c6c5176d4ef9cb69f8de78c955162d4fd0cf3ace9e62a3fbd60604db8ca6d4f41cd5efc9cf2b49706b6d3eec82c2f41eac732d733a15b82575dd8e43d605ce85ade4bafe56211702069bd4a993a0effc5cec726fb2e7cdae2de9db601b45cc521d68bba051a62bcad4df84220ff74a3ad2a01a95799688a1e504e5afde1b74a9a6e4fe4811f0e0fe1a3c6ccf3bc852b702b68532f221f9a9ec3deb1745d1aa43e4b24e594dbae323fe56b87d3981ab3d5d5234cb446fc9e9c383d2f4f74745ad461", @ANYBLOB="18ecc6651bab221d674f147c84e0aaedc0e4a89d0c54f4fd154bde54374a3e4530a0e8e3838ac475a3547780b6f9d1343c93878eb08f4b856b996cfca60f22c51b25a5f897ab419bdd893515633de7a552508e11483fa1797e63d5a1ced45cc97f178586e591ac7da84b546a5f362d80a8d31f7fcf52a80df102e756f67dea64bad4a1a615b18a91b8a2e5b8703b0d3e79fe678cb5e3af74c9f458d485d86c064f6dcdbcbd91c639e086eac28969777b9975e02f0b2431443a9f48038f0b79", @ANYPTR64, @ANYRES32=r2], 0x0) [ 355.708564][ T32] audit: type=1800 audit(1583991445.770:74): pid=11853 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=16513 res=0 05:37:26 executing program 1: r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3w\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) r1 = socket(0xa, 0x3, 0x9) ioctl$sock_bt_hci(r1, 0x400448dc, &(0x7f0000000080)) r2 = socket$inet6(0xa, 0x400000000001, 0x0) close(r2) r3 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r2, r3, 0x0, 0x200fff) ioctl$RTC_IRQP_SET(r3, 0x4004700c, 0x17ad) write(r0, &(0x7f0000000040)="06", 0x1) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) r6 = open(&(0x7f00000002c0)='./file0\x00', 0x141000, 0x19) openat$cgroup_procs(r6, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) r7 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r5, r7, 0x0, 0xf7fffff7) socket$inet6_sctp(0xa, 0x5, 0x84) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) r10 = syz_open_dev$audion(&(0x7f0000000400)='/dev/audio#\x00', 0xd1f, 0x40000) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r10, 0x84, 0x72, &(0x7f0000000280)={r9, 0x0, 0x10}, &(0x7f00000003c0)=0xc) r11 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r11, 0x800) lseek(r11, 0x0, 0x2) r12 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r11, r12, 0x0, 0xf7fffff7) getsockopt$inet_sctp_SCTP_CONTEXT(r12, 0x84, 0x11, &(0x7f0000000200)={0x0, 0x3ff}, &(0x7f0000000240)=0x8) sendmsg$inet_sctp(r7, &(0x7f0000000380)={&(0x7f0000000080)=@in6={0xa, 0x4e21, 0x0, @ipv4={[], [], @remote}, 0x2}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000140)="0a8039a068a690002724405623769ae85ff6e9011bdf4ec15de92726fcc2227e761c15953d6c5cf195e5036377327f4443dcb45b83d3a611acb95b874e3c3168ed7928567bb0ee487469a1c2d5ce72a03f0b6311a039c81961328bbe237b9ccb19616bdf130aa8d028109ee0e6e5a7c5f04aa23eaca43967f9950653460d6bc1852963ccc95d2226454b1784718053aa53ddf2bf54b67776b526f948853801", 0x9f}], 0x1, &(0x7f00000009c0)=ANY=[@ANYBLOB="1400000084000000050000001000000000000000000000008400000008000000fe8000001f000000000000000000001014000000840000000500000010000000080000001c00008400000002000000ff000200090000000200000000865ba84291cabbc2bdd23f9c3451419463a3a464bf293fc463cbfc735153427799e24ed3de762cbe061b9a93a9b3da2fd108041b07252da5883e7b87c175529d81f35fb99251d3aa82515f", @ANYRES32=r9, @ANYBLOB="100000008400000007000000ac14143b1c0000010400000000000000fe98bd53864e4e4659000000000100273084c209184dba982a0506d8cedd000001000000000000020002020251000000000000003f53429000000000b11ae823d9d84db7b9983658bafddace2de5d94d86904ecafab95d49bee6bd566f0b36a1c22da354e89d833d6f8766098b7ad3462d2972dead1e883c979d88d647867d4eaea9f0c852e7c4f0b732b44323ed4c1e0ecee61ae73694aa2f65663ceeedee44e2c058e8a1dfed8330458ad6ab517b0b0b5f0c40f00eecc3dc5ce81aae6d0ea06116b8b053d47c192d70eb0c6963a1b7f4a16f7100f0f0d37d67849673b0ca2e89972b491f42fac1b93cc8f9892938dcb4b4f484f985ea372ff4cad0291e283b56816c3935f56e204a17a5f0c4c793be0ec1a6e80cb7ade8a99f05c32ed170ed463cc54fa2dcaa4d77d2d3a775a0f139598570bded6dbaad1e839bc3cf5298d021e9ea0d6d58d52ad1e12d059c932fe8f7c6bdc22b18f174064967010e08c6b709531a1aa4b89ad80e150552cc3022cb8f912df12d23a0839356e3021d5d379b158f509a10d4b17dd3245f1a3eaca19b7b1b8f75e27176dc86fd7367aaba1a5863dbc89cdb2cadf8ccf56b4f89f344366a7d653b3d66a35eb52635382e25f9", @ANYRES32=r13, @ANYBLOB="100000008400000006000000008000001000000084000000070000007f0000020d00e29b9c92702d78924e24ed05d7176f755439327127e797effe3d24d5d212a90427f7679accf5e264fe9a1ac873e29cde5d90f219"], 0x24c, 0x800}, 0x20000050) r14 = fcntl$dupfd(r4, 0x0, r4) setsockopt$IP_VS_SO_SET_ADD(r14, 0x0, 0x482, &(0x7f0000000000)={0x0, @remote, 0x0, 0x0, 'wlc\x00'}, 0x2c) [ 356.021937][ T32] audit: type=1400 audit(1583991446.080:75): avc: denied { map } for pid=11862 comm="syz-executor.1" path=2F6D656D66643A0B656D31C1F8A68D4EC0A377E2CBA2BAE5F497AC232AFF202864656C6574656429 dev="tmpfs" ino=31112 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 [ 356.086951][T11863] IPVS: Scheduler module ip_vs_ not found 05:37:26 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') fchdir(r0) openat$cgroup_type(0xffffffffffffffff, &(0x7f00000002c0)='cgroup.type\x00', 0x2, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r1, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000300)={0x3, 0x0, [{0x7fff, 0x3, 0x0, 0x0, @irqchip={0xffff, 0x4}}, {0xe0, 0x3, 0x0, 0x0, @sint={0xbf, 0x800}}, {0x7, 0x1, 0x0, 0x0, @msi={0xc2, 0x4, 0x8, 0x9}}]}) getsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000000)={0x0, 0x3f}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000240)={r3, 0x4}, &(0x7f0000000280)=0x8) r4 = memfd_create(&(0x7f0000000140)='\xfd\xd6\x06A*\v\xf0\xc5\xf0\x81\xad\xca\xbf\xa6\xf0\x03\x94 \x98V4<\xf3\xd7\xbfYU \xb7\x17\x18\xdb\xd5\xdcjM\xd6\v\xa9\x8e\xc3\x9b <\x8aQaS\x98\x92\xda\x1b\xc6\xecS\xb0\x17\xb3\xe6\xcdt\xdb\xda_\xeal\x85o\xff6\xbcn\xb9\x1d\xe1l\xafn\xb0\t\xb9\xa3\xe3\x16\xf6&\xa7\xc2s\\\xdd\xb2\xae\xef\a\xdf\xf2\xaa\xeb\xceg\xc1\xb1\xab\xfd\xf9\xe8\x836Og\x0e\xfc|=\xf9\x92+\xfb\x97\x0e\x8d\xa1\xfc\xbeAO?-\xff-\xd8\x03\xd9\xc7\x11\x81\x01}\x10\xca\xc5\xbaQM\x7f-9\x15i\x06`', 0x0) write(r4, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000001000/0xf000)=nil, 0xf000, 0x1, 0x11, r4, 0x0) mknod(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) 05:37:26 executing program 1: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x50040, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={r1, 0x80000}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000500)=ANY=[@ANYBLOB="b702000003070000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d64050000000000650404000100000004040000f5067d60b70300000000ff006a0a00fe18000000850000002b000000b70000000000000095000000000000000d0b28073a4102e4aeb54e36633e27c279341bf489903cfdb4c05e96e3046f04e77969c306340ee6af0d499a0d063518598e7e290b39f2fc2a19415e019bc6b45684f002cf57bf887e83fbb2215b8a34e6bdc4dc1af6d3c6958da4bddac602e0048bec11e874602f060000002af21b753af0a0cc85ae281993bfa2139a3bb755c1f1abd1964007000000e27b2121a5f03dff9787dfd6e7608eb638e6fc4e0bc6bd5ff35928a5b5fa723028eb6bdd35ea79b92beeb52265a4b04ba50fd46a504116fb8ef84c2be021a6c9daf3f24ad7b965af8f522371c9a43c80ee6b397bea247e2d714090d43fe66bbf4f4ffe410bd701d035f867de2a20695033d91ee238c824e0b7a0aeffb9843947c3bc96e1f95c245168d2aeed2e00093d9c039bfdd58709e898c7ebad73fc48673c75c8b50db852621ad19c854622f7c7d79ec3ab4494353b458c718021442bbc6456bf0c9f6b822211eb1aa488fcaebb109382c7ab6db9c100f24e466494e7b8549cc139a74b5aaaf261f35e8347eaabe01afe21d7b7a958e9cd04b5bfa5cf78dd2fa958dbb605cd1a99613369185b2bcfe0bf0e31c83fdcb254da7cdbb68983d0798b455c8c5a5a8565d83d28437895929fa0896cf45eda77c4feae29d96568c487a74dd4f9e8465f09818c12dfc93fdb09a1d04a087d3bf219efab764d3cd676f101d3b6c9177c57340b245f15af472f1b837081969db2d58ceab0b432005a86e6c450ae4241c08a6469ac65af64737af961cc90132cd2ccb6d7adf63846af1554cfcaa4eb357142a5b525a18d9d88d42520c0903bc444dc0eec4d26e586eff7c432cd12be4c796f9ebe4481f971c52a8cc7b0edab7a06185bb7cd1fb78ff9e194e17c65acd8d015443a21815bf56f08f1d2293ced278899a97205638041a75e2c6578873ee16bb098c0ef5d362cde82509ead8932869d3d9b527c9e53c5c41f4d711c8b68a0a16c018ce2a24832cddb18bec414d78f886d1ebf7300384b13efefa03ad55fbaefc026eaa571d5deb4495ebd6fc7d457af008e7485558000000055c5a6819ad2b607dad73277ce2756e0ccfdd7403d13938b4bae98b98b621c309b18df38a1cd779bf479096c09851c1f2e1765212094ffb97ebf972e48871f76b5e0cdfda81df28e5f721f8a63c0fbd8ac992d7535452f7af68f5ae22020afd0a6036d51cda98fef44b69139315832d49fef81198f15ebe3a7548ba46451d93da03b99becd85851e7157d7e23b28060fc4fa989796900a9d76008d537275a8fb1d419408248ddc98113e884991726bf05401000000a5e0f6bc373e438df8508198cb61a4640684d02f9f97cedee66fb92098eaa9ee8dedc0003731c511efcfa620075518635230b3467b92bf76b271bdab823dc284323ab1afc92e8fe452351272730702208f63ebf791adae9111d09727ed1d6fa159ee87aed74e5bfc1c93da96da4f3d0d8c03273b474bd194d2579541f86370d3f5258941be9285191261a6139090e32cd51089d136548ccdabfe1d2cc8e151cc6ecc1b91551eabca418e41289498d659f2ab89bbe5d40ed966b5ff74b12db521c36ce6c1daaafd9dca802bac19ed4e70a64d2a99092098493764662cc153f57deaff4f68ae76f3451daf9b27a11744b9b69f6ce477d6ee279bba72df0f04e22eb2650df6cde761917dec765bb5fa0c71b8c2e25f001118fbc496a153a0d6e08a8f9117165e01044cb9fb0b02000000effb9490290541a3930b38705e05758b90f8cf42b4886d417da85e8ab3c9efb8ad688491ba005eb7a798e935f7308ddbd001e478ccb308bc6596ccae90f5037c4dc020cf21bacc3cfa51db4e4ab6f92a355d4382802fdd9d746a1495489de7c21e3c6055d8a2dae048c10942fa9fe7a02dabf2c563dc4b81afa9ff972705d72299776a348fe7cce33e4138e7b36ab7630d407b82ee3ef340fb5794faf22c63c309ce6d3f0f292bee2f1172674fe921ae2300af352d85541c901c0a9209d558642ef490017d4f37e21a501dd5e39a5b0cfc9cb1b638459b65a2b2d5a7a5b95c87434ef38b4e0905e6347eee4c8c88d370433bc227749e12870dd742d5"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r2, 0x703, 0xe, 0x4d2f, &(0x7f0000000080)="1c04ff01de6da9725f90c5a06d0f9f2400844d0044a98db225a47ecb10b429441dec77009050d9560e58f2e162226d4fe467a890b6c4c556c6894acf3d4cd49c4dd5a2d05d6ce642e3abc0e0cb0a7de568fb3f30013c74eb73383ebaf4257042ec5277fa18a9b201882996c7b8de5080c75756094ac8e258ff1673c27fb2f2bffc290edbc5dec9e44b6fab8d5fcbd12ae8339b04701b316bd5eccc3961ce80", 0x0, 0xf0, 0x0, 0x0, 0xfffffffffffffe19}, 0x28) 05:37:26 executing program 0: r0 = socket$kcm(0x10, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000200)="d800000018008100e00f80ecdb4cb904021d65ef0b007c06e87c55a1bc000900b8000699030007000500154007008178a800160040000100e5580000000002000000006f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee48100000000000000d9d322fe04000000730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d08fad95667e04adcdf634c1f215ce3bb53b409d5e1ca4e81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e9703", 0xd8}], 0x1}, 0x0) [ 356.679409][ T32] audit: type=1400 audit(1583991446.740:76): avc: denied { prog_run } for pid=11873 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 05:37:26 executing program 1: ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a45323, &(0x7f00000000c0)={{0x6, 0x7f}, 'port0\x00', 0x51, 0x41000, 0x4, 0x8, 0xfffff001, 0x9, 0x3, 0x0, 0x1, 0x2}) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f0000000000)) syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000080)="0300ff000000010000140000000000ffffffa50000000000000000000500000000004200000000000000000000000000000000000000000000000000000055aa", 0x40, 0x1c0}]) 05:37:26 executing program 0: unshare(0x2a000400) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) r0 = socket$inet6(0xa, 0x6, 0xfb) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={'bond0\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000000c0)={'bond0\x00', 0x800000000008a03}) [ 357.061264][T11887] ldm_validate_privheads(): Disk read failed. [ 357.067854][T11887] loop1: p2 [ 357.071320][T11887] loop1: partition table partially beyond EOD, truncated [ 357.079115][T11887] loop1: p2 size 327680 extends beyond EOD, truncated [ 357.196322][T11892] ldm_validate_privheads(): Disk read failed. [ 357.203327][T11892] loop1: p2 [ 357.206604][T11892] loop1: partition table partially beyond EOD, truncated [ 357.214708][T11892] loop1: p2 size 327680 extends beyond EOD, truncated 05:37:27 executing program 0: r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r0, r1, 0x0, 0xf7fffff7) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x44000, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) unshare(0x40000000) r3 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r3, r4, 0x0, 0xf7fffff7) ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000000100)={0x1, 0x0, "6e351b693f8f9f1993430d15156369b3c3f54f7ca7f84822362eec5317879ce342437eb01be219823bb6a04da6d8b33e160650d4b8ac390720466a86fbe8db26d41a124a1c8e790c3acacea218c308e63821bcf6afc81a7fffad9cdd41d15ef19ef32d3251149ff8bb3f295cf1be86ab87dc94aa4ee67f39535f3c496bb0c614fc07e703c1bec0047ae22090613e4e35dab71fd65823e2b4f6b275cf18de86a46f5d07d66907e0db51c3eea42ffe323c37e4e6fe277c0b3597f4989a900c8bc62154ad6a287110f8acbda345a0de28f06e5dd80423a6f43d5dd2a14c5981b9ee02879f33cbf13a6335ee848051c49b6a6f9c77f6744e47561c2af1abaa64811f"}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) getpid() r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=ANY=[@ANYBLOB="240000001800dd8d000000000000000002000000000000080000000008000400", @ANYRES32, @ANYBLOB="954204000000000000000a18d1b0"], 0x24}}, 0x0) r6 = socket$inet(0xa, 0x801, 0x84) getsockname$unix(r5, &(0x7f0000000000)=@abs, &(0x7f0000000080)=0x6e) connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) 05:37:27 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 357.525475][ T32] audit: type=1800 audit(1583991447.590:77): pid=11902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16525 res=0 [ 357.588645][T11905] IPVS: ftp: loaded support on port[0] = 21 [ 357.687857][T11908] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 357.728556][ T32] audit: type=1800 audit(1583991447.790:78): pid=11909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16525 res=0 [ 357.761178][T11908] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11908 comm=syz-executor.1 [ 357.788212][T11908] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11908 comm=syz-executor.1 [ 357.819457][T11908] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11908 comm=syz-executor.1 [ 357.873630][T11908] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11908 comm=syz-executor.1 [ 357.925755][T11908] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11908 comm=syz-executor.1 [ 357.962518][T11908] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11908 comm=syz-executor.1 [ 358.013940][T11908] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11908 comm=syz-executor.1 [ 358.045219][T11908] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11908 comm=syz-executor.1 [ 358.077749][T11908] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11908 comm=syz-executor.1 [ 358.103840][T11908] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11908 comm=syz-executor.1 05:37:28 executing program 2: r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000040)={'nat\x00', 0x88, "8d1eb31a9f0adfe0b1af769bf35af5744811775e00b8f41185a92f022f35ad2ac71e4f815a9072f4be8e257c93a1b446228fa9265fbf00030c5d3be86fbf7bb001e3b7d15d041ac6cde2dff7dac8b9e294c886a1dcae13de7974dc93d073701bd448addcf24a88ed444a4b09e3cf0d5490a6f2424a5785bb81f157c1691669cd4a62336695b02ca9"}, &(0x7f0000000100)=0xac) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x100) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0xc0) write$P9_RLINK(r2, &(0x7f00000001c0)={0x7, 0x47, 0x1}, 0x7) syz_extract_tcp_res$synack(&(0x7f0000000200), 0x1, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1080010}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x54, r3, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x40, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xba04}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfab3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x56a0}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000005}, 0x4800) prctl$PR_GET_FPEMU(0x9, &(0x7f00000003c0)) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0xfffffffe) getsockopt$inet6_dccp_int(r0, 0x21, 0x11, &(0x7f0000000400), &(0x7f0000000440)=0x4) write$selinux_create(0xffffffffffffffff, &(0x7f0000000480)=@objname={'system_u:object_r:watchdog_device_t:s0', 0x20, '/usr/sbin/cupsd', 0x20, 0x0, 0x20, './file0\x00'}, 0x54) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000500)='/dev/hwrng\x00', 0x525580, 0x0) getsockopt$inet_sctp_SCTP_AUTOCLOSE(r4, 0x84, 0x4, &(0x7f0000000540), &(0x7f0000000580)=0x4) r5 = syz_open_dev$vivid(&(0x7f00000005c0)='/dev/video#\x00', 0x1, 0x2) ioctl$VIDIOC_S_TUNER(r5, 0x4054561e, &(0x7f0000000600)={0x7f, "ccb4964ca2ad9fd4b329e2233a9794d0f291e9fb5706b794a4655c55ba1e014e", 0x0, 0x40, 0xc9, 0x6, 0x4, 0x2, 0x5, 0xfa9b}) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000680)='/dev/btrfs-control\x00', 0x200801, 0x0) epoll_wait(r6, &(0x7f00000006c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x9, 0x5) getsockopt$PNPIPE_IFINDEX(r4, 0x113, 0x2, &(0x7f0000000740), &(0x7f0000000780)=0x4) ioctl$RTC_UIE_ON(r2, 0x7003) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc044560f, &(0x7f00000007c0)={0xffffff1d, 0xc, 0x4, 0x70000, 0x2, {}, {0x4, 0xc, 0x7, 0x1, 0xff, 0x1f, "06d85655"}, 0xf2, 0x5, @userptr=0x7fd, 0x3, 0x0, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x2400, 0x1000) r8 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000840)='/dev/autofs\x00', 0xb2901, 0x0) ioctl$KVM_SET_FPU(r8, 0x41a0ae8d, &(0x7f0000000880)={[], 0x5, 0x0, 0x16, 0x0, 0x5, 0xd000, 0xd000, [], 0xf88e7743}) r9 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCOUTQ(r9, 0x5411, &(0x7f0000000a40)) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(0xffffffffffffffff, 0x28, 0x0, &(0x7f0000000a80)=0x3f, 0x8) syz_init_net_socket$x25(0x9, 0x5, 0x0) r10 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000ac0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) r11 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000b40)='l2tp\x00') sendmsg$L2TP_CMD_NOOP(r10, &(0x7f0000000c00)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b80)={0x1c, r11, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) 05:37:28 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 358.687554][T11917] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 358.997043][ T32] audit: type=1800 audit(1583991449.060:79): pid=11902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16525 res=0 [ 359.054103][T11909] IPVS: ftp: loaded support on port[0] = 21 [ 359.251207][T11922] IPVS: ftp: loaded support on port[0] = 21 [ 359.295198][ T32] audit: type=1800 audit(1583991449.360:80): pid=11902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16525 res=0 05:37:29 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 359.579412][T11922] chnl_net:caif_netlink_parms(): no params data found [ 359.661522][T11927] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 359.918267][T11922] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.926011][T11922] bridge0: port 1(bridge_slave_0) entered disabled state [ 359.935461][T11922] device bridge_slave_0 entered promiscuous mode [ 359.956434][T11922] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.964408][T11922] bridge0: port 2(bridge_slave_1) entered disabled state [ 359.974271][T11922] device bridge_slave_1 entered promiscuous mode [ 360.030826][T11922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 360.053310][T11922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 360.113111][T11922] team0: Port device team_slave_0 added [ 360.131525][T11922] team0: Port device team_slave_1 added [ 360.185306][T11922] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 360.192903][T11922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.219120][T11922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 360.241004][T11922] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 360.248337][T11922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.274622][T11922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 360.379022][T11922] device hsr_slave_0 entered promiscuous mode [ 360.397456][ T1480] tipc: TX() has been purged, node left! [ 360.425761][T11922] device hsr_slave_1 entered promiscuous mode [ 360.464261][T11922] debugfs: Directory 'hsr0' with parent 'hsr' already present! 05:37:30 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 360.472462][T11922] Cannot create hsr debugfs directory [ 360.661132][T11936] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 05:37:30 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='attr/current\x00') preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000040)=""/149, 0x95}], 0x1, 0x7ff) 05:37:31 executing program 0: r0 = socket(0x10, 0x3, 0x0) close(r0) socket$inet6(0xa, 0x800, 0x6b) sendmmsg$unix(r0, &(0x7f0000001a80)=[{&(0x7f00000005c0)=@abs, 0x6e, 0x0, 0x0, &(0x7f0000001a40)=[@rights={{0x10, 0x1, 0x25}}], 0x10}], 0x1, 0x0) [ 361.076007][T11922] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 361.172986][T11922] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 361.226673][T11922] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 361.307465][T11922] netdevsim netdevsim2 netdevsim3: renamed from eth3 05:37:31 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:37:31 executing program 0: perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x3, &(0x7f0000000140), 0x0) clone(0xd412c500, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x100000400000003a) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000000)=0x1, 0x4) sendmmsg(r0, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="82e7", 0x2}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x8000) r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r1, 0x800) lseek(r1, 0x0, 0x2) r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r1, r2, 0x0, 0xf7fffff7) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f00000000c0)={r5}, &(0x7f0000000100)=0xc) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f00000000c0)={r5, 0xffff, 0x4}, 0x8) [ 361.837070][ T32] audit: type=1400 audit(1583991451.900:81): avc: denied { sys_admin } for pid=11955 comm="syz-executor.0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 361.905943][T11956] IPVS: ftp: loaded support on port[0] = 21 [ 361.934989][T11922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 361.990119][ T32] audit: type=1800 audit(1583991452.050:82): pid=11958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16536 res=0 [ 362.041816][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 362.050851][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 362.091030][T11922] 8021q: adding VLAN 0 to HW filter on device team0 [ 362.408999][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 362.419204][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 362.428744][ T2717] bridge0: port 1(bridge_slave_0) entered blocking state [ 362.436068][ T2717] bridge0: port 1(bridge_slave_0) entered forwarding state [ 362.490562][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 362.515921][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 362.526129][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 362.535777][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.544140][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state 05:37:32 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 362.581828][ T32] audit: type=1400 audit(1583991452.640:83): avc: denied { net_raw } for pid=11960 comm="syz-executor.0" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 362.672703][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 362.683669][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 362.694183][ T32] audit: type=1400 audit(1583991452.680:84): avc: denied { dac_override } for pid=11960 comm="syz-executor.0" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 05:37:32 executing program 0: perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x3, &(0x7f0000000140), 0x0) clone(0xd412c500, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x100000400000003a) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000000)=0x1, 0x4) sendmmsg(r0, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="82e7", 0x2}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x8000) r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r1, 0x800) lseek(r1, 0x0, 0x2) r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r1, r2, 0x0, 0xf7fffff7) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f00000000c0)={r5}, &(0x7f0000000100)=0xc) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f00000000c0)={r5, 0xffff, 0x4}, 0x8) [ 362.694696][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 362.730985][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 362.741455][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 362.752188][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 362.920373][T11922] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 362.931761][T11922] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 362.949104][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 362.959291][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 362.969221][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 362.982470][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 362.992888][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 363.006362][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 363.028256][T11969] IPVS: ftp: loaded support on port[0] = 21 [ 363.170960][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 363.179321][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 363.220867][T11922] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 363.289301][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 363.299487][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 363.376125][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 363.386305][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 363.415326][T11922] device veth0_vlan entered promiscuous mode [ 363.428539][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 363.437772][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 363.482232][T11922] device veth1_vlan entered promiscuous mode 05:37:33 executing program 0: r0 = open(&(0x7f0000000040)='./file0\x00', 0x200c41, 0x13) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000080)={{{@in=@multicast2, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @broadcast}}, 0x0, @in=@remote}}, &(0x7f0000000180)=0xe4) r2 = getegid() syz_mount_image$hfs(&(0x7f0000000580)='hfs\x00', &(0x7f00000005c0)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="66696c655f756d61736b3d30303030303030303030303030303030303030303030362c6469725f756d61736b3d30303030303030303030303030303030303030303031312c696f636861727365743d69736f383835392d31342c6469725f756d61736b3d30303030303030303030303030303030303030303030352c756d61736b3d30303030303030303030303030303030303030303035362c63726561746f723dd65a95b32c636f6465706167653d63703836322c6769643d", @ANYRESHEX=r2]) write$P9_RGETATTR(r0, &(0x7f00000001c0)={0xa0, 0x19, 0x1, {0x30, {0x0, 0x1}, 0x1, r1, r2, 0x6, 0x80, 0x3ce, 0x101, 0x3ff, 0x4, 0x0, 0x400, 0x20, 0x9, 0x8, 0x400, 0x55a1, 0x5, 0x2}}, 0xa0) syz_read_part_table(0x0, 0x22e, &(0x7f0000003800)=[{&(0x7f0000001540)="992c8d4232d9b614ada07fa21c3b253cba17d6250e2d63685add51f8446c5491f0d14587d1e99c407265a7c05380b02ea91e12e490217497defb01dbd8491924300180c8494fbf4d300a166a7da0e73224ef663e414e058e6b5ff9cc949d628d453dc8347b12ceefb431a99be4ba975a74a5d1271bb074b108f2d308c8f92d149d4641455cfa4107ec2f806d86e482ffcc853c46467af9c88e69e0560d010af3baf2c42b6f0a603fb8eba1f5556ddd34220ebfd9e3773264db26d495c94e393611300b6b4cc0690862054fd497be3af29cd2b905cb7e65bdd71102421fea64892ed53bb8249b8dee83d379f8fceeb766e104afdf6c32e430dd443b5c36a98ecf51eeac04144a3a38041530e6066cd287b7f511334c3a8b133a987e2236f892df08f936c175583deca23e32e8cd2a84608db4c45a2015bf293111e261e6b3786c5926dc1bcc2fd30ef5c72539f8f911106ad23c62d89d48f75eb379a3c3bcf8b3d67efce65eceeca9c078121fdd64f35c71f3f319357546fa939ddb776db7a8cf7547611ee6531a1093e4c95c872b66a899b7fa9674c1fcbf06488d78d3258ed5d14ffdef01b41e55e290ff38fecdfe9269e098b221e1c0c7ff04fd4401a58f824584415dfed0c8c5bdd5ee5199973bcd5588c5c70ca43c53d0547372a03cdc5c7f28a376ccad213f95cbbe2e59b7358b6e4526c0b29d019d2b0f2106e0463c99d0ac20a2310d7667f5e32ec9a5e9191dcf1135ae17f07cfff12d09fdf1f964f1622b42265f2db2a3165d0fcb3fa6994bc59dfab2498fb1084bd3a7d701f32c16e8d71cecd63c19b05ec9177553780310a18d545ef9ef170bddb5290977eb02ab3df7146f3c8fb2f597de5596dfe9f8b2caaca30a13c23746871271568b32f6e42eb77ac402d2b5b85f3b5d2ff71de651ee872bf23f5bebf90b94c0a1a6a15096a9197f43e5340f2dc91db30a19ba57b3c5378d3f3d074289b5db5c93d6615a43cf321513c4efd174f8a9a0e1fe9800032817ab5c0d7281d0b890ddb74bc7abd81496cd22c14dac298350c2f956233ba9e1bc6feaf1c675afa97622cb3063abef7e327095ca12ddb988cd057774bd7b5ea88f86041a6372528dc979f817de202a4dda7c826e80f9de054002a0bb2cec00c41c310da4c5ea89b4199f2fb6a32fc82100551f4dd77d35dcc5cba3c5b85a0e1b97b6881ebb6df6f599264d1ee24755ff4e9169a833281b200e9b2f764972b9a04f2b61a9c7a2ec8e15018b8f72c900ac016d186350aed985bafa3f8010928398f2129bdac1fbe7c9429d43e2708a4078cba3f721126ae1c030ceb99ab7b1ba68e67c57e02e2c6de043c177c6116e2e31c11dec0e2ab10302c7fb3af8cabecc36c24b4b890aea6511d4200d99a667754a893592b0288214b581ec65e2b16f44900e2c42e3be0db37110c9951fe5f90df8dfab719e0f1c5840a8ae21982ff515d017e591778ad9dcbe8611061c0340c0e3e9ed84d4e2282f277c1b138f53ab75b213a18927abd4c93378b3a3dc97886c296792febbc60480557248f9e7eb2f9e0e48c007bc4f75a944fdcbabea01522aba3b3ae795952262da2363cb3737ff176735fca95925331949290b8d29da3bd5e5e2758a8e5c6bb9499de1403228be8e9ea7b4b7a81559faac2c91fc32ad277a5bb4dfe8d8f3725ab1e1b7f1bce6812ccdcc299ce7391e4796ea3a45a59d63efb27d56b9e69323c34c35d9a161bfc439dad4cc31ae45713915741e876deeaeec83b1874d1d3fc349a16e03182b80f856fd767c75ee9c218ea9752292063247195e10511277f2ebd6d0251be2507698bf45861ee878e099d2339d3c8482f373c547e62aa98149ffd2855e68109e1d0668d88e45faf755b2e1bf043367da3b2bbf0c7f3562d7d3d45719f57209c618406a28985283c43175aef6783d795c93dbadd17fde8b1a9a09fd764a753f696560faba413f544b07e7b02c531c7baa58614df1e4b76b295204385a4bcac6b915dbfff117ef1a5078e51fd3e9cd97e361f1df8ff3c6018f264a35c078cf57b58dbb4312113dfda345ea67f4d72fd6d3033b807a5f36d2d00f553f56321ab08f1856033eddde0081897fb1d94dc168132bbf713a48ed2f825d1ff6f310b39f97007246df954d610f19268d8c3fb2e689b6c070", 0x600, 0x800}]) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x5, 0x20}, 0xc) [ 363.594845][ T1480] tipc: TX() has been purged, node left! [ 363.682910][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 363.692602][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 363.721593][T11974] hfs: can't find a HFS filesystem on dev loop0 05:37:33 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 363.775229][T11922] device veth0_macvtap entered promiscuous mode [ 363.786766][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 363.796785][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 363.813655][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 363.846180][T11922] device veth1_macvtap entered promiscuous mode [ 363.989173][T11977] loop0: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 363.996631][T11977] loop0: partition table partially beyond EOD, truncated [ 364.005040][T11977] loop0: p1 size 3238031214 extends beyond EOD, truncated [ 364.032255][T11922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 364.042964][T11922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.053052][T11922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 364.063657][T11922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.077742][T11922] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 364.088233][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 364.098131][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 364.108242][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 364.130504][T11977] loop0: p2 start 257770150 is beyond EOD, truncated [ 364.196275][T11922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 364.207501][T11922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.217627][T11922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 364.228784][T11922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.243024][T11922] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 364.254743][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 364.265357][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 364.340178][T11974] hfs: can't find a HFS filesystem on dev loop0 [ 365.716332][ T32] audit: type=1804 audit(1583991455.780:85): pid=12016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir651265232/syzkaller.YoDVkI/0/file0" dev="sda1" ino=16544 res=1 [ 365.785771][ T32] audit: type=1804 audit(1583991455.850:86): pid=12016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir651265232/syzkaller.YoDVkI/0/file0" dev="sda1" ino=16544 res=1 05:37:35 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0xb0, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x7c, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1, 'vlan\x00'}, {0x6c, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc}, @IFLA_VLAN_INGRESS_QOS={0x4c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0x26}, @IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc}]}, @IFLA_VLAN_EGRESS_QOS={0x10, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc}]}]}}}, @IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}]}, 0xb0}}, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram\x00', 0x8002, 0x0) ioctl$BLKGETSIZE64(r1, 0x80041272, &(0x7f00000000c0)) 05:37:35 executing program 0: r0 = memfd_create(&(0x7f0000000100)='\\vmnet0?\'`@{,vmnet1em0user\x00', 0x0) ftruncate(r0, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket$pppoe(0x18, 0x1, 0x0) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0) sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x0, 0x200, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x90}, 0x2000040) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000000)=""/13, &(0x7f0000000080)=0xd) connect$pppoe(r2, &(0x7f00000001c0)={0x18, 0x0, {0x4, @dev={[], 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000040)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) r5 = gettid() sched_getaffinity(r5, 0x8, &(0x7f0000000340)) ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r4, 0x40044104, &(0x7f0000000300)=0x6) sendfile(r1, r0, &(0x7f00000000c0)=0xf18001, 0xeefffdef) 05:37:35 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r1, 0x0, 0x4ffe0, 0x0) 05:37:36 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x6403}) madvise(&(0x7f0000fee000/0x10000)=nil, 0x10000, 0xd) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(r0, &(0x7f0000002000)={@void, @val={0x0, 0x0, 0x0, 0x3ff, 0x0, 0x4}, @mpls={[{}], @ipv6=@gre_packet={0x0, 0x6, "09d31e", 0x44, 0x2f, 0x0, @mcast2, @ipv4={[], [], @broadcast}}}}, 0x7a) [ 366.106792][T12025] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 366.126267][T12025] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. 05:37:36 executing program 2: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000810500"/20, @ANYRES32=0x0, @ANYBLOB="ca00000000002c001c0012800b0001006d616373656300000c00028005000d0000000000"], 0x3c}}, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) close(r1) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r1, r2, 0x0, 0x200fff) r3 = signalfd4(r2, &(0x7f0000000080)={[0x7, 0x400]}, 0x8, 0x800) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f0000000180)={0x314c, 0x3, 0x0, 0x9, 0x2, [{0xfffffffeffffffff, 0x20, 0x1, [], 0x801}, {0x81, 0x9, 0x3ff, [], 0x1000}]}) sendmmsg$alg(r0, &(0x7f0000000140), 0x332, 0x0) 05:37:36 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0090ec0e255afaa800002000100000ffff00000000000a200000000000000000000005"], 0x24}}, 0x0) 05:37:36 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r1, 0x0, 0x4ffe0, 0x0) [ 366.834180][T12037] selinux_netlink_send: 50 callbacks suppressed [ 366.834236][T12037] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9486 sclass=netlink_route_socket pid=12037 comm=syz-executor.2 05:37:37 executing program 2: r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r1 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r0, r1, 0x0, 0xf7fffff7) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000000c0)=0x1, 0x4) syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000300)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000404090a0600000000f801d1fea03a3848a0251fcca2302de517064c224fc5f638f74c7d5d2759cbe1d2282799d0f2f04bebc596df9a9627fa9e49b3552158f8feb5a67bb8025c30f971eb66b777cecedb1f671dc6ad6ce0083f2adc1c76f79a381d1c1772fd9f3441a9579154243356abde", 0x7e}], 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="636f6465706167653d3433b72c00187b5c73d34c37ec73a14ef7dca2a3145ba3b679cf4848a305"]) 05:37:37 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000440)={'dummy0\x00', 0x0}) r2 = socket$inet6(0xa, 0x400000000001, 0x0) close(r2) r3 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r2, r3, 0x0, 0x200fff) open(&(0x7f00000000c0)='./bus\x00', 0x400081, 0x80) r4 = fcntl$getown(0xffffffffffffffff, 0x9) getpgrp(r4) pread64(r3, &(0x7f0000000040)=""/98, 0x62, 0x2000000) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@setlink={0x3c, 0x13, 0x32b, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc}]}, {0x0, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x0, 0xa, {0x0, 0xfffffffffffffff9}}, @IFLA_VF_VLAN_LIST={0x0, 0xc, 0x0, 0x1, [{0x0, 0x1, {0x1, 0x5b8, 0xf5ab, 0x8100}}, {0x0, 0x1, {0x7ff, 0xdf8, 0x3, 0x8100}}, {0x0, 0x1, {0x3, 0x516, 0x9c68, 0x8100}}, {0x0, 0x1, {0x101, 0x986, 0x8ebc, 0x8100}}, {0x0, 0x1, {0x3ff, 0x827, 0xfff, 0x8100}}, {0x0, 0x1, {0x3e, 0x467, 0xffff8000, 0x8100}}, {0x0, 0x1, {0x80, 0x1a9, 0x3, 0x88a8}}]}, @IFLA_VF_RATE={0x0, 0x6, {0x5, 0x3ee, 0x3}}, @IFLA_VF_SPOOFCHK={0x0, 0x4, {0x40, 0xbe}}]}, {0x0, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x0, 0xc, 0x0, 0x1, [{0x0, 0x1, {0x8, 0x4e0, 0x1}}, {0x0, 0x1, {0x2, 0x740, 0xffff, 0x88a8}}, {0x0, 0x1, {0x4, 0x5fd, 0x8, 0x88a8}}, {0x0, 0x1, {0x4, 0xbcc, 0x1f, 0x8100}}]}, @IFLA_VF_SPOOFCHK={0x0, 0x4, {0x2, 0x7ff}}, @IFLA_VF_VLAN_LIST={0x0, 0xc, 0x0, 0x1, [{0x0, 0x1, {0x40, 0x2f2, 0x8, 0x88a8}}, {0x0, 0x1, {0x40, 0x95e, 0xfff, 0x88a8}}, {0x0, 0x1, {0x81, 0x109, 0x6, 0x88a8}}]}, @IFLA_VF_VLAN={0x0, 0x2, {0x1, 0x82c, 0x4}}, @IFLA_VF_IB_PORT_GUID={0x0, 0xb, {0xe8, 0x101}}, @IFLA_VF_RATE={0x0, 0x6, {0x800, 0x401, 0x40}}, @IFLA_VF_SPOOFCHK={0x0, 0x4, {0x43e, 0x9}}]}]}, @IFLA_CARRIER={0x5}]}, 0xfffffffffffffefc}}, 0x0) [ 367.174537][ T32] audit: type=1800 audit(1583991457.240:87): pid=12043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16555 res=0 [ 367.270446][T12045] FAT-fs (loop2): Unrecognized mount option "codepage=43·" or missing value 05:37:38 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r1, 0x0, 0x4ffe0, 0x0) [ 368.007868][ T32] audit: type=1800 audit(1583991458.070:88): pid=12043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16555 res=0 [ 368.044437][T12054] FAT-fs (loop2): Unrecognized mount option "codepage=43·" or missing value 05:37:38 executing program 2: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xd5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/fscreate\x00') write$selinux_validatetrans(r0, 0x0, 0x0) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x505100, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r3 = socket$inet(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000480)={0x2, 0x1004e20, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10) sendto$inet(r3, &(0x7f0000000180)="731247f8bf09abec01cfd5d4dd6e92aa62aa7d935b7e32ca5c14d70409a996a1de1cf7f93a4586204c034bd8e4c941d69f646bd4ac7371509323d30170e4da386060", 0x42, 0x8800, &(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10) connect$inet(r3, &(0x7f00000004c0)={0x2, 0x4e20, @empty}, 0x10) write(r3, &(0x7f0000000040)="f57178", 0x3) recvmmsg(r3, &(0x7f0000005440)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000300)=""/228, 0xe4}], 0x1}}], 0x1, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f0000000280)={0x0, 0x4c, "cd1d71df7926021efc4612243380d7df81a93c7ed10f6758b2c6512c562f0cd49cd84583eb018fcc25b401f068a1759d0a89e04e3e05d508ca97c8ec3e808ce0a8bde24fe0739e5e4163ee15"}, &(0x7f0000000000)=0x54) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f00000000c0)={r4, 0xfffc}, 0x8) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="680000001000050700"/20, @ANYRES32=0x0, @ANYBLOB="000004004402bf0040001280080001007369740034000280060011004e23000006000f000100000006000e0003000000080003007f00000105000a00000000000000000008000a00982699481f3720e7f7ba287afe0da338aff080fcbfa51f71f2bdc313fe25e7df5ff81d6f814844bb2c98e1d4ec613d3ff580a9f6615aaf0919c2ea920231e1f5eb8b8aef00b288a3d190d6f48a53619ada528deb3e32ec08176fe353638955178718226e4f58614c771d8e2071ab794e3800000000", @ANYRES32=r5, @ANYBLOB], 0x68}}, 0x0) [ 368.465947][T12061] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 368.572289][T12061] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 368.582544][T12061] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 368.700148][T12063] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 368.710446][T12063] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 05:37:39 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 369.280934][T12068] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12068 comm=syz-executor.1 [ 369.328380][T12068] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12068 comm=syz-executor.1 [ 369.365658][T12068] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12068 comm=syz-executor.1 [ 369.422988][T12068] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12068 comm=syz-executor.1 [ 369.475045][T12068] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12068 comm=syz-executor.1 [ 369.513066][T12068] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12068 comm=syz-executor.1 [ 369.563484][T12068] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12068 comm=syz-executor.1 [ 369.605055][T12068] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12068 comm=syz-executor.1 [ 369.652840][T12068] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12068 comm=syz-executor.1 05:37:39 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x17, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x1}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xfd58, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000240)=0x14) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, [], 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000680)='/dev/dlm-control\x00', 0x20000, 0x0) r4 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r4, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) open(&(0x7f00000006c0)='./file0\x00', 0x2040, 0x1) r5 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r5, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) dup3(r5, r3, 0x0) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) r8 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r8, 0x800) lseek(r8, 0x0, 0x2) r9 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r8, r9, 0x0, 0xf7fffff7) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r9, 0x800442d3, &(0x7f0000000140)={0x7, 0xff80, 0xff16, @random="887aeb81e18a", 'batadv0\x00'}) sendfile(r6, r7, 0x0, 0xf7fffff7) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r7, 0xfffffc64, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xb) bpf$PROG_LOAD(0x5, &(0x7f0000001580)={0x1c, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000100)='GPL\x00', 0x5, 0xaa, &(0x7f0000001200)=""/170, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r10}, 0x70) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xc, 0x7, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000200000000000000070000001800000067070000000000000100000018150000", @ANYRES32=0x1, @ANYBLOB="0000000000000000bf6bf4ff00000000"], &(0x7f00000000c0)='syzkaller\x00', 0x6, 0xa, &(0x7f0000000100)=""/10, 0x41100, 0x0, [], r1, 0x15, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x3, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x2, 0xe, 0x5, 0x100}, 0x10, r10, r0}, 0x74) [ 370.084972][ T32] audit: type=1800 audit(1583991460.150:89): pid=12071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16561 res=0 05:37:40 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 370.175788][ T32] audit: type=1800 audit(1583991460.180:90): pid=12071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16561 res=0 [ 370.796086][ T32] audit: type=1800 audit(1583991460.860:91): pid=12076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16561 res=0 [ 370.866863][ T32] audit: type=1800 audit(1583991460.900:92): pid=12071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16561 res=0 05:37:41 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x17, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x1}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xfd58, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000240)=0x14) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, [], 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000680)='/dev/dlm-control\x00', 0x20000, 0x0) r4 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r4, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) open(&(0x7f00000006c0)='./file0\x00', 0x2040, 0x1) r5 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r5, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) dup3(r5, r3, 0x0) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) r8 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r8, 0x800) lseek(r8, 0x0, 0x2) r9 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r8, r9, 0x0, 0xf7fffff7) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r9, 0x800442d3, &(0x7f0000000140)={0x7, 0xff80, 0xff16, @random="887aeb81e18a", 'batadv0\x00'}) sendfile(r6, r7, 0x0, 0xf7fffff7) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r7, 0xfffffc64, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0xb) bpf$PROG_LOAD(0x5, &(0x7f0000001580)={0x1c, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000100)='GPL\x00', 0x5, 0xaa, &(0x7f0000001200)=""/170, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r10}, 0x70) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xc, 0x7, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000200000000000000070000001800000067070000000000000100000018150000", @ANYRES32=0x1, @ANYBLOB="0000000000000000bf6bf4ff00000000"], &(0x7f00000000c0)='syzkaller\x00', 0x6, 0xa, &(0x7f0000000100)=""/10, 0x41100, 0x0, [], r1, 0x15, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x3, 0x1}, 0x8, 0x10, &(0x7f00000002c0)={0x2, 0xe, 0x5, 0x100}, 0x10, r10, r0}, 0x74) 05:37:41 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 371.156896][ T32] audit: type=1800 audit(1583991461.220:93): pid=12081 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16561 res=0 [ 371.180729][ T32] audit: type=1800 audit(1583991461.220:94): pid=12081 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16561 res=0 05:37:41 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x711200, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)=0x6) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000440)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000400)={&(0x7f0000000100)={0x2f8, r1, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x2}]}, @TIPC_NLA_LINK={0x2c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @rand_addr=0xd2e}}, {0x14, 0x2, @in={0x2, 0x4e24, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'erspan0\x00'}}]}, @TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x400}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xffff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}]}, @TIPC_NLA_LINK={0xa0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x57}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}]}]}, @TIPC_NLA_MEDIA={0x24, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_LINK={0x54, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}]}, @TIPC_NLA_BEARER={0xcc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'ib', 0x3a, 'hsr0\x00'}}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'ip_vti0\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @remote}}, {0x14, 0x2, @in={0x2, 0x4e20, @loopback}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x10000, @mcast2, 0x6}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x2, @rand_addr="7de3f32749596b81671dc4edcdb305ef", 0xf1}}}}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffe01}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80000001}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x10001}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_NET={0x38, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xca}]}]}, 0x2f8}, 0x1, 0x0, 0x0, 0x18}, 0x20040000) getsockopt$inet6_dccp_int(0xffffffffffffffff, 0x21, 0x5, &(0x7f0000000480), &(0x7f00000004c0)=0x4) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000500)=[0x1, 0x2], 0x2) ioctl$DRM_IOCTL_MODE_GETENCODER(r0, 0xc01464a6, &(0x7f0000000540)={0x8001}) ioctl$KVM_GET_DEBUGREGS(0xffffffffffffffff, 0x8080aea1, &(0x7f0000000580)) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0xfff) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000600)={0xfffffe01, 0x7422c038, 0xd7c, 0x7fffffff, 0x50000}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000640)={0x0, 0x0}) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r3, 0x5, &(0x7f00000006c0)=""/132) socket$inet6(0xa, 0x4, 0x4) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000780)='/proc/capi/capi20\x00', 0x102, 0x0) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r4, 0x84, 0x7, &(0x7f00000007c0), 0x4) r5 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000800)='/selinux/avc/hash_stats\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000840)={0x0, 0x19ae}, &(0x7f0000000880)=0x8) getsockopt$inet_sctp_SCTP_CONTEXT(r5, 0x84, 0x11, &(0x7f00000008c0)={r6, 0x6}, &(0x7f0000000900)=0x8) r7 = syz_open_dev$media(&(0x7f0000000940)='/dev/media#\x00', 0x6, 0x399181) ioctl$KDGETMODE(r7, 0x4b3b, &(0x7f0000000980)) sendmsg$TIPC_NL_LINK_GET(r4, &(0x7f0000000bc0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000a00)={0x154, r1, 0x200, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xf8, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'eth', 0x3a, 'veth0_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1000}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x9, @empty, 0x7fffffff}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x100, @mcast2, 0x8}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5b154241}]}, @TIPC_NLA_BEARER_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x800}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_SOCK={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x10001}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x401}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7f}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}]}]}, 0x154}}, 0x4040000) r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000c40)='TIPC\x00') sendmsg$TIPC_CMD_GET_REMOTE_MNG(r0, &(0x7f0000000d00)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x1c, r8, 0x400, 0x70bd2d, 0x25dfdbff, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040800}, 0x810) set_thread_area(&(0x7f0000000d40)={0x8001, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1}) r9 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000d80)='/selinux/status\x00', 0x0, 0x0) ioctl$SG_GET_COMMAND_Q(r9, 0x2270, &(0x7f0000000dc0)) r10 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000e00)='/proc/capi/capi20ncci\x00', 0x8000, 0x0) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e80)='nl80211\x00') sendmsg$NL80211_CMD_SET_KEY(r10, &(0x7f0000000f40)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000f00)={&(0x7f0000000ec0)={0x20, r11, 0x300, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_MAC={0xa, 0x6, @multicast}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x80) r12 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000f80)='/dev/hwrng\x00', 0x201, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000005d00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000005d40)=0x14) sendmsg$nl_route(r12, &(0x7f0000005e40)={&(0x7f0000000fc0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000005e00)={&(0x7f0000005d80)=@ipv6_newaddr={0x54, 0x14, 0x1, 0x70bd25, 0x25dfdbff, {0xa, 0x38, 0x80, 0xff, r13}, [@IFA_LOCAL={0x14, 0x2, @mcast2}, @IFA_LOCAL={0x14, 0x2, @ipv4={[], [], @multicast1}}, @IFA_ADDRESS={0x14, 0x1, @rand_addr="5cc5f12a654852fe1ac5370828a38025"}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x8000) 05:37:42 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:37:42 executing program 0: r0 = memfd_create(&(0x7f0000000880)='#em1#+\x00', 0x0) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x0, 0x11, r0, 0x0) rt_sigtimedwait(&(0x7f00000000c0)={[0x8040003, 0x2]}, 0x0, 0x0, 0x8) [ 372.905781][T12098] IPVS: ftp: loaded support on port[0] = 21 05:37:43 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x400000000001, 0x0) close(r1) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r1, r2, 0x0, 0x200fff) r3 = socket$inet6(0xa, 0x400000000001, 0x0) close(r3) r4 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r3, r4, 0x0, 0x200fff) r5 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r5, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r6, r7, 0x0, 0xf7fffff7) r8 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r9 = openat$cgroup_procs(r8, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r9, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) r10 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r10, 0x800) lseek(r10, 0x0, 0x2) r11 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r10, r11, 0x0, 0xf7fffff7) r12 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r12, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) r13 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r14 = openat$cgroup_procs(r13, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r14, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) r15 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r16 = openat$cgroup_procs(r15, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r16, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) r17 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r18 = openat$cgroup_procs(r17, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r18, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) r19 = socket$inet6(0xa, 0x400000000001, 0x0) close(r19) r20 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r19, r20, 0x0, 0x200fff) r21 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r21, 0x800) lseek(r21, 0x0, 0x2) r22 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r21, r22, 0x0, 0xf7fffff7) r23 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r23, 0x800) lseek(r23, 0x0, 0x2) r24 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r23, r24, 0x0, 0xf7fffff7) r25 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r26 = openat$cgroup_procs(r25, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r26, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) r27 = socket$inet6(0xa, 0x400000000001, 0x0) close(r27) r28 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r27, r28, 0x0, 0x200fff) r29 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r29, 0x800) lseek(r29, 0x0, 0x2) r30 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r29, r30, 0x0, 0xf7fffff7) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYRES32=r2, @ANYRES16=r3, @ANYRESHEX=r2, @ANYPTR64=&(0x7f00000000c0)=ANY=[@ANYRES32=r1, @ANYRESOCT=r0, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYRES64=r5, @ANYPTR, @ANYRES32=r6, @ANYRESOCT=r3, @ANYRESOCT=r9, @ANYRESHEX=r10, @ANYRESOCT], @ANYRES32=r12], @ANYRES64=r14, @ANYBLOB="9cffbc1bb073df1dcd5726a8b988739f59acf607a81cd72ba8d6d5c9", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYRESOCT=0x0, @ANYRES32, @ANYRESHEX=r16, @ANYRES64=r18], @ANYPTR=&(0x7f0000000480)=ANY=[@ANYRESHEX=r20, @ANYRES32=r21, @ANYBLOB="f4366f69c3224049a538e844c1f0f2c33eb1ed345c3abee806afdf51301344380cf14c006e116b8410fcded1d909b02c414c0f956c4e48de891edd01892dba56616d9c960c7509b4b5298bd0a4bdefd8642785fa258bd5ea3ca064da875f9b92d0db40b537136f97f0beecfae0d94efa00204dc8b0ed35e318bf78589e89da24519c73031be3c7bff1092a20804160e8e11df1da331f4400a6a1934774649c1becb2a01835665c60338a596dde82aaf0e867b5adfe13e4ba16d2ebd5fb9fd69e1e4676", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRESOCT=r24, @ANYRES64=r7, @ANYPTR64], @ANYRESDEC=r26, @ANYRESOCT=r27, @ANYBLOB="622705803045284d6a6c06f0c3edee258431b637d9a2f1996376859d83c28c4047131f8f5583b5b9a2f83e60e7ccd90cb9f6bb5ea33022", @ANYPTR], @ANYPTR64=&(0x7f00000006c0)=ANY=[@ANYBLOB="81c452ae2682479626aea62356afb8b718b8198041f08d0e370b185eb152d9960d13ee1c6d925ef0d84042c6bdcc6378844cfa725d2d9326823b6fafe4b65e29c07f5b2522657af8e64cfadad4946dd385d1c78e6757c77f160a6e168e5a92db54c0c855cfef474205e18a9d396918bc41f72e3c1369572129efdd04a6ab77000d0e5508e8fc13cfbc4139237555f70beba384fb6ba354782ad7883ffd0e1bfce2d34a31490364c8c0bfcc131c80fd64c649f70321f541f97462a5bc85fba50ffdf5e1876ffc13a4f176ef6b1c2c5ddda7b3", @ANYRES16=r26, @ANYBLOB="cea4038f1a8d2c313d9f3168bc78e196eb5882d51c64b5f3dcf998e5d77565796e9c128d3791dec8b733485283f1439a1961ff2203194f1a286eb22384e65da577d043526d97df65f6dcc17f8d1a503f33040d0dfe7ef15aae04fdaede75b56d6bfd06d7be5c92b64566ac6064113ec839176fa7b4c01dd2a8d69d93153e3de2bf58c88ea5ef0d26450bde1044c8831f333e992f0a60df3af22d3e4809f3c8ef9a8e7f6328ae01109e4b1be96e346d22d3b50c11f9f4c53666aab06062b80b0094f44e11ec7775f02310a22e1c86452c6e6a1b5105b638", @ANYRES32=0x0, @ANYRES64, @ANYRES16=r30]], 0x54}}, 0x0) 05:37:43 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 373.407425][T12098] chnl_net:caif_netlink_parms(): no params data found 05:37:43 executing program 2: r0 = getegid() syz_mount_image$hfs(&(0x7f0000000580)='hfs\x00', &(0x7f00000005c0)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="66696c655f756d61736b3d30303030303030303030303030303030303030303030362c6469725f756d61736b3d30303030303030303030303030303030303030303031312c696f636861727365743d69736f383835392d31342c6469725f756d61736b3d30303030303030303030303030303030303030303030352c756d61736b3d30303030303030303030303030303030303030303035362c63726561746f723dd65a95b32c636f6465706167653d63703836322c6769643d", @ANYRESHEX=r0]) r1 = getegid() syz_mount_image$hfs(&(0x7f0000000580)='hfs\x00', &(0x7f00000005c0)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="66696c655f756d61736b3d30303030303030303030303030303030303030303030362c6469725f756d61736b3d30303030303030303030303030303030303030303031312c696f636861727365743d69736f383835392d31342c6469725f756d61736b3d30303030303030303030303030303030303030303030352c756d61736b3d30303030303030303030303030303030303030303035362c63726561746f723dd65a95b32c636f6465706167653d63703836322c6769643d", @ANYRESHEX=r1]) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r2, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r2, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x22000040}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x9c, r3, 0x100, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={[], [], @local}}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={[], [], @local}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x23}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast1}, @NLBL_UNLABEL_A_SECCTX={0x29, 0x7, 'system_u:object_r:iptables_exec_t:s0\x00'}]}, 0x9c}, 0x1, 0x0, 0x0, 0x14}, 0x4) r4 = getegid() syz_mount_image$hfs(&(0x7f0000000580)='hfs\x00', &(0x7f00000005c0)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="66696c655f756d61736b3d30303030303030303030303030303030303030303030362c6469725f756d61736b3d30303030303030303030303030303030303030303031312c696f636861727365743d69736f383835392d31342c6469725f756d61736b3d30303030303030303030303030303030303030303030352c756d61736b3d30303030303030303030303030303030303030303035362c63726561746f723dd65a95b32c636f6465706167653d63703836322c6769643d", @ANYRESHEX=r4]) r5 = getegid() syz_mount_image$hfs(&(0x7f0000000580)='hfs\x00', &(0x7f00000005c0)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="66696c655f756d61736b3d30303030303030303030303030303030303030303030362c6469725f756d61736b3d30303030303030303030303030303030303030303031312c696f636861727365743d69736f383835392d31342c6469725f756d61736b3d30303030303030303030303030303030303030303030352c756d61736b3d30303030303030303030303030303030303030303035362c63726561746f723dd65a95b32c636f6465706167653d63703836322c6769643d", @ANYRESHEX=r5]) r6 = getegid() syz_mount_image$hfs(&(0x7f0000000580)='hfs\x00', &(0x7f00000005c0)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="66696c655f756d61736b3d30303030303030303030303030303030303030303030362c6469725f756d61736b3d30303030303030303030303030303030303030303031312c696f636861727365743d69736f383835392d31342c6469725f756d61736b3d30303030303030303030303030303030303030303030352c756d61736b3d30303030303030303030303030303030303030303035362c63726561746f723dd65a95b32c636f6465706167653d63703836322c6769643d", @ANYRESHEX=r6]) getgroups(0x9, &(0x7f0000000080)=[0x0, r0, r1, r4, r5, r6, 0xee00, 0x0, 0xee01]) chown(&(0x7f0000000040)='./file0\x00', 0xee00, r7) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x9, &(0x7f00000000c0)=ANY=[@ANYBLOB="b40500000000000071101700000000006d050000000000009500000000000000783c338059db6639db079a54d77200445f736d4c1ff13128b746163970dff890c6e9b08f9f53da6253966a9a10"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x5}, 0x10}, 0x74) [ 373.644059][T12108] hfs: can't find a HFS filesystem on dev loop2 [ 373.749174][T12115] hfs: can't find a HFS filesystem on dev loop2 [ 373.865044][T12108] hfs: can't find a HFS filesystem on dev loop2 [ 373.900602][T12098] bridge0: port 1(bridge_slave_0) entered blocking state [ 373.909250][T12098] bridge0: port 1(bridge_slave_0) entered disabled state [ 373.920460][T12098] device bridge_slave_0 entered promiscuous mode [ 374.004626][T12115] hfs: can't find a HFS filesystem on dev loop2 [ 374.027569][T12098] bridge0: port 2(bridge_slave_1) entered blocking state [ 374.036420][T12098] bridge0: port 2(bridge_slave_1) entered disabled state [ 374.047033][T12098] device bridge_slave_1 entered promiscuous mode [ 374.148979][T12098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 374.191687][T12098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 374.248298][T12098] team0: Port device team_slave_0 added [ 374.267232][T12098] team0: Port device team_slave_1 added [ 374.276405][T12108] hfs: can't find a HFS filesystem on dev loop2 [ 374.316570][T12098] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 374.325193][T12098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 374.356452][T12098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 374.376685][T12098] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 374.384601][T12098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 374.414950][T12098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 05:37:44 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x400000000001, 0x0) close(r1) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r1, r2, 0x0, 0x200fff) r3 = socket$inet6(0xa, 0x400000000001, 0x0) close(r3) r4 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r3, r4, 0x0, 0x200fff) r5 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r5, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) r6 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r6, 0x800) lseek(r6, 0x0, 0x2) r7 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r6, r7, 0x0, 0xf7fffff7) r8 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r9 = openat$cgroup_procs(r8, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r9, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) r10 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r10, 0x800) lseek(r10, 0x0, 0x2) r11 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r10, r11, 0x0, 0xf7fffff7) r12 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r12, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) r13 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r14 = openat$cgroup_procs(r13, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r14, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) r15 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r16 = openat$cgroup_procs(r15, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r16, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) r17 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r18 = openat$cgroup_procs(r17, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r18, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) r19 = socket$inet6(0xa, 0x400000000001, 0x0) close(r19) r20 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r19, r20, 0x0, 0x200fff) r21 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r21, 0x800) lseek(r21, 0x0, 0x2) r22 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r21, r22, 0x0, 0xf7fffff7) r23 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r23, 0x800) lseek(r23, 0x0, 0x2) r24 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r23, r24, 0x0, 0xf7fffff7) r25 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r26 = openat$cgroup_procs(r25, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r26, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) r27 = socket$inet6(0xa, 0x400000000001, 0x0) close(r27) r28 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r27, r28, 0x0, 0x200fff) r29 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r29, 0x800) lseek(r29, 0x0, 0x2) r30 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r29, r30, 0x0, 0xf7fffff7) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYRES32=r2, @ANYRES16=r3, @ANYRESHEX=r2, @ANYPTR64=&(0x7f00000000c0)=ANY=[@ANYRES32=r1, @ANYRESOCT=r0, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYRES64=r5, @ANYPTR, @ANYRES32=r6, @ANYRESOCT=r3, @ANYRESOCT=r9, @ANYRESHEX=r10, @ANYRESOCT], @ANYRES32=r12], @ANYRES64=r14, @ANYBLOB="9cffbc1bb073df1dcd5726a8b988739f59acf607a81cd72ba8d6d5c9", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYRESOCT=0x0, @ANYRES32, @ANYRESHEX=r16, @ANYRES64=r18], @ANYPTR=&(0x7f0000000480)=ANY=[@ANYRESHEX=r20, @ANYRES32=r21, @ANYBLOB="f4366f69c3224049a538e844c1f0f2c33eb1ed345c3abee806afdf51301344380cf14c006e116b8410fcded1d909b02c414c0f956c4e48de891edd01892dba56616d9c960c7509b4b5298bd0a4bdefd8642785fa258bd5ea3ca064da875f9b92d0db40b537136f97f0beecfae0d94efa00204dc8b0ed35e318bf78589e89da24519c73031be3c7bff1092a20804160e8e11df1da331f4400a6a1934774649c1becb2a01835665c60338a596dde82aaf0e867b5adfe13e4ba16d2ebd5fb9fd69e1e4676", @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRESOCT=r24, @ANYRES64=r7, @ANYPTR64], @ANYRESDEC=r26, @ANYRESOCT=r27, @ANYBLOB="622705803045284d6a6c06f0c3edee258431b637d9a2f1996376859d83c28c4047131f8f5583b5b9a2f83e60e7ccd90cb9f6bb5ea33022", @ANYPTR], @ANYPTR64=&(0x7f00000006c0)=ANY=[@ANYBLOB="81c452ae2682479626aea62356afb8b718b8198041f08d0e370b185eb152d9960d13ee1c6d925ef0d84042c6bdcc6378844cfa725d2d9326823b6fafe4b65e29c07f5b2522657af8e64cfadad4946dd385d1c78e6757c77f160a6e168e5a92db54c0c855cfef474205e18a9d396918bc41f72e3c1369572129efdd04a6ab77000d0e5508e8fc13cfbc4139237555f70beba384fb6ba354782ad7883ffd0e1bfce2d34a31490364c8c0bfcc131c80fd64c649f70321f541f97462a5bc85fba50ffdf5e1876ffc13a4f176ef6b1c2c5ddda7b3", @ANYRES16=r26, @ANYBLOB="cea4038f1a8d2c313d9f3168bc78e196eb5882d51c64b5f3dcf998e5d77565796e9c128d3791dec8b733485283f1439a1961ff2203194f1a286eb22384e65da577d043526d97df65f6dcc17f8d1a503f33040d0dfe7ef15aae04fdaede75b56d6bfd06d7be5c92b64566ac6064113ec839176fa7b4c01dd2a8d69d93153e3de2bf58c88ea5ef0d26450bde1044c8831f333e992f0a60df3af22d3e4809f3c8ef9a8e7f6328ae01109e4b1be96e346d22d3b50c11f9f4c53666aab06062b80b0094f44e11ec7775f02310a22e1c86452c6e6a1b5105b638", @ANYRES32=0x0, @ANYRES64, @ANYRES16=r30]], 0x54}}, 0x0) 05:37:44 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:37:44 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[]}}, 0x0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x105) ftruncate(r1, 0x800) lseek(r1, 0x0, 0x2) r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r1, r2, 0x0, 0xf7fffff7) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r4, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) r6 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r5, r6, 0x0, 0xf7fffff7) mkdirat(r6, &(0x7f00000000c0)='./file0\x00', 0x20) ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f0000000000)={{r4}, 0x9, 0x1, 0x1}) [ 374.639404][T12098] device hsr_slave_0 entered promiscuous mode [ 374.693045][T12098] device hsr_slave_1 entered promiscuous mode [ 374.722657][T12098] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 374.730855][T12098] Cannot create hsr debugfs directory [ 374.978034][ T32] audit: type=1800 audit(1583991465.040:95): pid=12145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16573 res=0 [ 375.089512][ T32] audit: type=1800 audit(1583991465.120:96): pid=12146 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16573 res=0 [ 375.487161][T12098] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 375.547493][T12098] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 375.599312][T12098] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 375.676988][T12098] netdevsim netdevsim3 netdevsim3: renamed from eth3 05:37:45 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) [ 375.774888][ T32] audit: type=1800 audit(1583991465.840:97): pid=12148 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16573 res=0 05:37:46 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000dc00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400034801400350076657468315f746f5f62726964676500140035007465616d300000000000000000000000140035006970365f767469300000000000000000400019803c000200706f7369785f61636c5f616363657373757365726d696d655f7479706570726f6373797374656d6c6f776c616e30757365727b245d2c2400"], 0xa0}}, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x94000, 0x0) r2 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r2, 0x800) lseek(r2, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r2, r3, 0x0, 0xf7fffff7) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r2, 0x84, 0x74, &(0x7f00000001c0)=""/33, &(0x7f0000000200)=0x21) ioctl$ION_IOC_HEAP_QUERY(r1, 0xc0184908, &(0x7f0000000180)={0x34, 0x0, &(0x7f0000000140)}) 05:37:46 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="0affefff7f000000001e6ea64aa8e1c9", 0x10) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x4a0000, 0x0) ioctl$TCGETX(r1, 0x5432, &(0x7f0000000040)) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r2, &(0x7f0000000c40)=[{{0x0, 0x0, &(0x7f0000000100)}}], 0x1, 0x0) fgetxattr(r0, &(0x7f0000000140)=@known='com.apple.system.Security\x00', &(0x7f00000002c0)=""/154, 0x9a) [ 376.205353][T12165] selinux_netlink_send: 39 callbacks suppressed [ 376.205405][T12165] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12165 comm=syz-executor.0 [ 376.288933][ T32] audit: type=1800 audit(1583991466.350:98): pid=12165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16571 res=0 [ 376.486357][T12098] 8021q: adding VLAN 0 to HW filter on device bond0 [ 376.570236][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 376.580439][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 376.617540][T12098] 8021q: adding VLAN 0 to HW filter on device team0 [ 376.658712][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 376.669795][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 376.679435][ T3227] bridge0: port 1(bridge_slave_0) entered blocking state [ 376.687068][ T3227] bridge0: port 1(bridge_slave_0) entered forwarding state [ 376.762548][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 376.772871][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 376.784252][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 376.794203][ T3227] bridge0: port 2(bridge_slave_1) entered blocking state [ 376.802259][ T3227] bridge0: port 2(bridge_slave_1) entered forwarding state [ 376.908319][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 376.919963][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 376.934160][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 376.945617][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 377.013874][T12166] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12166 comm=syz-executor.0 [ 377.087556][T12098] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 377.099860][T12098] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 377.129200][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 377.139930][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 377.151755][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 377.164242][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 377.174492][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 377.185688][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 377.195513][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 377.219051][ T32] audit: type=1800 audit(1583991467.280:99): pid=12177 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16571 res=0 [ 377.255762][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 377.390748][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 377.399283][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 377.475592][T12098] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 377.578026][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 377.589213][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 377.671090][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 377.681930][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 377.708775][T12098] device veth0_vlan entered promiscuous mode [ 377.719123][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 377.731217][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 377.777167][T12098] device veth1_vlan entered promiscuous mode [ 377.866276][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 377.876552][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 377.886282][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 377.897039][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 377.924081][T12098] device veth0_macvtap entered promiscuous mode [ 377.949494][T12098] device veth1_macvtap entered promiscuous mode [ 378.015744][T12098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 378.027429][T12098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.039297][T12098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 378.052048][T12098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.064028][T12098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 378.076640][T12098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.091058][T12098] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 378.099779][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 378.109696][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 378.119561][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 378.130295][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 378.197263][T12098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 378.209322][T12098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.220211][T12098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 378.231536][T12098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.243502][T12098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 378.256811][T12098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 378.272656][T12098] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 378.297476][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 378.309878][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 05:37:49 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x18b120, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:37:49 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="0affefff7f000000001e6ea64aa8e1c9", 0x10) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x4a0000, 0x0) ioctl$TCGETX(r1, 0x5432, &(0x7f0000000040)) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r2, &(0x7f0000000c40)=[{{0x0, 0x0, &(0x7f0000000100)}}], 0x1, 0x0) fgetxattr(r0, &(0x7f0000000140)=@known='com.apple.system.Security\x00', &(0x7f00000002c0)=""/154, 0x9a) 05:37:49 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) 05:37:49 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:37:49 executing program 2: r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'ip_vti0\x00', 0x0}) bind$packet(r0, &(0x7f00000001c0)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @dev}, 0x14) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000000000008a01000000000000000000000000000000000000000000002d418bdc3b0b13ce570fd4ffd9e472c70cfc866dc512633e76b2e4f6c613a2c5b87e043651154f27226afa0060234a7c5af94ab79195870de40c094a7a51698aca9feda1d58f51ea4a98574991e9e2b604d27328548d4d6c7b7297"], 0x20) 05:37:49 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:37:50 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:37:50 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x4, 0x70, 0x0, 0x0, 0x81, 0x0, 0x0, 0xfffffffffffffffd, 0x1002, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1f, 0x10000}, 0x40000, 0x0, 0x0, 0x0, 0x20000002, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9ff, 0x0, @perf_bp={0x0}, 0x220, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, r0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f00000000c0)) ptrace(0x4206, r1) ptrace$setsig(0x4203, r1, 0x0, &(0x7f0000000000)) r2 = syz_open_procfs(r1, &(0x7f0000000080)='net/sockstat6\x00') setsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f00000000c0), 0x4) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x0, 0x2) r5 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r4, r5, 0x0, 0xf7fffff7) ioctl$BLKTRACESTART(r3, 0x1274, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000003100)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000030c0)={&(0x7f00000001c0)=@newtaction={0x2ee4, 0x30, 0x2, 0x70bd26, 0x25dfdbfe, {}, [{0x32c, 0x1, [@m_ctinfo={0xa0, 0x15, 0x0, 0x0, {{0xb, 0x1, 'ctinfo\x00'}, {0x34, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6, 0x4, 0x33c}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x7}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0x7ff}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x7}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x5}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x7}]}, {0x5a, 0x6, "95af44e2c4846eb508573abff3b4f5b233a74d1c5427a227f859ad935fcc7e0b7e3904c973249b1275901c5f7f056af60b3dfff4660a8c8e235477185add74363329a69032b37cbdaa46d39605c06628cdd2fb9e5550"}}}, @m_bpf={0x4c, 0x6, 0x0, 0x0, {{0x8, 0x1, 'bpf\x00'}, {0x30, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0xc517, 0xa84, 0x10000000, 0x7, 0x4}}, @TCA_ACT_BPF_FD={0x8, 0x5, r5}]}, {0x10, 0x6, "a865dcfe97ac43109ea1ca32"}}}, @m_ife={0xa4, 0x15, 0x0, 0x0, {{0x8, 0x1, 'ife\x00'}, {0x48, 0x2, 0x0, 0x1, [@TCA_IFE_SMAC={0xa, 0x4, @random="4036e7003dd6"}, @TCA_IFE_DMAC={0xa, 0x3, @dev={[], 0x34}}, @TCA_IFE_SMAC={0xa, 0x4, @multicast}, @TCA_IFE_METALST={0x8, 0x6, [@IFE_META_TCINDEX={0x4, 0x5, @void}]}, @TCA_IFE_METALST={0x18, 0x6, [@IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_PRIO={0x4, 0x3, @void}]}]}, {0x50, 0x6, "efde039d45c0cfc6b918cb62661bbb52a6657c8cfaf1cd72d57383d82c8c512b23dcb14497584215371a3c1aca00dba8404581528e98189c2b218d88aefe8e8576166073e98397fe84179e17"}}}, @m_gact={0x198, 0xd, 0x0, 0x0, {{0x9, 0x1, 'gact\x00'}, {0xac, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x400, 0x4, 0x0, 0x8000, 0x800}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1f6e, 0x4}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x44d, 0x3}}, @TCA_GACT_PARMS={0x18, 0x2, {0x7, 0x5, 0x3, 0x80, 0xb6b}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1c53, 0x4}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x116e, 0x10000000}}, @TCA_GACT_PROB={0xc, 0x3, {0x95a5c6257ae1fbaf, 0xf8d, 0x7}}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0x1b0f, 0x1}}, @TCA_GACT_PARMS={0x18, 0x2, {0xe12, 0x8, 0xc48840f3f2b974fb, 0x800, 0x100}}, @TCA_GACT_PARMS={0x18, 0x2, {0x5, 0x0, 0x6, 0x1, 0x3}}]}, {0xdc, 0x6, "e04d49dfdd78bca0347dddcb4e9fd55d13d15f287f7127f461ce66822bc72defe55383b260e7597d7c162f641314533ca44f553b69572212b791515bb7c1bfce1dd80da53a1173f75502546db81405db42c3fd2b5356370e60b8ab693fc0ba25bff79cf82b8603b5fd5f87e5a2ab9fb830373ec0c946e30680a288e484b7fa50bf21c41c83fb5bbfc3418164a8d07247703eaf01f6e3785dc10305f7cb722abf7fa09e89ccafe1a2d4d02ca6f772de2fe44293dd87b89c3d374bff2c351db2ed5d39fc94e6f113a63f2b8827e7ca43f16f265bc40ea140ff"}}}]}, {0x408, 0x1, [@m_sample={0x13c, 0xe, 0x0, 0x0, {{0xb, 0x1, 'sample\x00'}, {0x44, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x80}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x259}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x1000, 0x2, 0x6, 0x1, 0x80000001}}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x3, 0x0, 0x1, 0x3, 0x3}}]}, {0xe5, 0x6, "c21a65b5ae53daba113ba8ef73d72d9302f8b02a8e36af007173e94116418553f61cd3393497d3c67d17869ee77f0132868cdbe9532e67be2ae637b4950aa4b219db402ac25881e5151a4b0d7e7a3cefd470a57613b82968c9573922b9207ed89709d05e1d8528e74cfdc965082e981b6c1e6c30147d2c2b3ad0cac889f5d73bad9597da784dc9720a2367da5f5b89c70814e0f958f97144880209250780b0b896ebb288ad96154decb65fca93777e89792e9ab5eacf35e817d96c60ae406a8b44a4d86c0bf4c316f53ceb256784ae847a354e1f488e26e269f6693f554ba75d83"}}}, @m_bpf={0xa8, 0xe, 0x0, 0x0, {{0x8, 0x1, 'bpf\x00'}, {0x40, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0xfffffffb, 0xa9, 0x7, 0x7, 0x9}}, @TCA_ACT_BPF_OPS={0x24, 0x4, [{0x8, 0x9, 0x3f, 0x8001}, {0x1f, 0x45, 0x30, 0x3ff}, {0x6, 0x0, 0x61, 0x3ff}, {0xbe, 0x11, 0x0, 0x200}]}]}, {0x59, 0x6, "9388a0f8670825c3535813091797b718322a8bc2b66c7429ae0873eb5660205b534a159307eb925aac49e9cc3163f4b3b835860a67b1f679c720f646eca86c25f3d751f1ad2a3dbd36fe2a17b86665cb7109b9437f"}}}, @m_xt={0xc4, 0xa, 0x0, 0x0, {{0x7, 0x1, 'xt\x00'}, {0x30, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x1}]}, {0x88, 0x6, "decfa4ddf2ae2cee746590caba46d7c9720a17945be19d91b669aacc9721fc57a9e8ec600f58273b980d710edb3fe3d09aa329816276f3a5d3f9b5c6ab1bda95931244650cd4e9ee6eb0e2b40d1426cfd266b26a76c696cc7d8637a72c1e060d1f0f442b511fc68c0b17370cdbca09636725c5fd5c9f7c751f56e9dafcd04b52780ba416"}}}, @m_xt={0x15c, 0x0, 0x0, 0x0, {{0x7, 0x1, 'xt\x00'}, {0x110, 0x2, 0x0, 0x1, [@TCA_IPT_INDEX={0x8, 0x3, 0x1}, @TCA_IPT_TARG={0x40, 0x6, {0x1, 'nat\x00', 0x1, 0x5, "18b8a240696460a18665cf4980b98f43441b1d1b818d"}}, @TCA_IPT_HOOK={0x8}, @TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'security\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x4}, @TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}]}, {0x40, 0x6, "1dc9d0c87ccde179219e70212d83a0be67161725d1b951d40136677c3bf33f9ae24d3ff8074844bf066328f4e6c944f977fd1617ea372366a13016f4"}}}]}, {0x279c, 0x1, [@m_ipt={0x9c, 0x20, 0x0, 0x0, {{0x8, 0x1, 'ipt\x00'}, {0x38, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}, @TCA_IPT_INDEX={0x8, 0x3, 0x4d}, @TCA_IPT_HOOK={0x8}]}, {0x58, 0x6, "a5d40fb2056f03d0f4614d3caac6ac81777348948435e1b9d5193ab7b851f0bdc05a9cbca316d38a0ab1982a05aeefed1b0471308c40c8d155374822c279c648bbb1f53ad8fc63f60e7ce4242cc5187202abb75c"}}}, @m_simple={0x158, 0x6, 0x0, 0x0, {{0xb, 0x1, 'simple\x00'}, {0xb4, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x12, 0x3, 'net/sockstat6\x00'}, @TCA_DEF_DATA={0x12, 0x3, 'net/sockstat6\x00'}, @TCA_DEF_DATA={0x43, 0x3, 'securitycpuset.eth0wlan0&^trusted.vboxnet0/cpuset*vboxnet0(lo\\\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0xe202, 0x3, 0x2, 0x9, 0x8}}, @TCA_DEF_PARMS={0x18, 0x2, {0x2, 0xffffff8d, 0x4, 0x5, 0xffffffff}}, @TCA_DEF_DATA={0x12, 0x3, 'net/sockstat6\x00'}]}, {0x92, 0x6, "7db5cfacb5a1a2eec4fa2985dcab64f7b2fbe99ac7b5f2378a785cd20725cd4c0b35290ad604a8b30b56059310219ca5b3dee03ab367b1652d957269c1ee649f44aa6f6bbbc4d70a722112414edcf82409afd52def8cdf882f7c72802982fd1c9bf368571637388eb6cf941a1bfec7c5455cbf5bf49ca050d626c43d6d95f97c886d73860352ec8edbff2ee420f0"}}}, @m_xt={0x224, 0xb, 0x0, 0x0, {{0x7, 0x1, 'xt\x00'}, {0x1d0, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xc0, 0x6, {0x3ff, 'filter\x00', 0x7f, 0x1, "6b9e9270ac1a316ba9d05989961c82f06746e6f5ef9a82f1f6040fbef90d67af6f9face245d1538fe164051e8aae20b804ad824900bb946b766b57f01d3f2ab74f3b511494c4cf70e0ebbba004804ee8ac7569ea2e31d6391185c5e4320a9ff53b843c03f230ce216b6a5bdaf0cf630bae6934a09046092a8b6e7d212a0a2dfc530cdac9cbfa5170dbb5c46dca99e3f9489c7441e473"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x6}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_INDEX={0x8, 0x3, 0x5}, @TCA_IPT_HOOK={0x8}, @TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TARG={0xb8, 0x6, {0x40, 'security\x00', 0xaf, 0xfffb, "1c62731f575dbf6740f7b67527093521398fef9c2cc9f7accbeea2b1eb6b380965b7651f672c2b53250f25fceb078f4db650a2504d3c79f5e170c85b7c0aa0c85562e71f7707989759cd68b6e0e963fa1758cf835da7dbd05ebe7e817d8e98331d70c5dd3b723d73cb32c447a77fa61dc3734164e91f600576b7ede63a273dbd05da660710744432f8cdc9b0812b"}}, @TCA_IPT_HOOK={0x8, 0x2, 0x1}]}, {0x45, 0x6, "282568b1273709eb60968a33a0901cc9920e5dc61d4a8497d822cb59611b8e0b9817391287f14c1aa5d45dcbb05a590a0099c0240384aad766cbb320243274cfe5"}}}, @m_mpls={0x1040, 0xe, 0x0, 0x0, {{0x9, 0x1, 'mpls\x00'}, {0x2c, 0x2, 0x0, 0x1, [@TCA_MPLS_LABEL={0x8, 0x5, 0x315fe}, @TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_TC={0x5, 0x6, 0x2}]}, {0x1004, 0x6, "5ea1617cef9eae1efbbf6e410eecc230644fa8aaec42a123623e324e05c2d70478134f59b5d3ae5207c77c79be29c93eaa2da1f7d4a2403177667c002d04965b2f37273a2c3aac815819da664094dd969ef99c380aac027b900c20a82296b694b1d4d988cace4ef66a34cc7abec0b591ea6cb21f84a80932aa5985d33850799660b3d388692be58c3560511e9f16fc74bab04d887e6d85d5ab6de79ac942064aac9d9887fb3367b505d3053404c2df1eee32a3601a3f09e6db59fc81428f9dcfaad6b00df00dde008bf7de0f1e278de610aa8b7e8d6d8e1b7fa2221f8571255b39aaf61c5a5f678e65b5f3b9ca1377e29fab78db933ab7cbf8c24b770bf1999041d5b4d1be7cbc5f9032e07e1255ea25cd18b63b0a9a1fd0590035413225ee3e2e11ffc25fe37eaf9d9fd6f9c64c547e939476c2780c306eba48bf33eee632fe5fe4bd9093016c38dd43541eb21870ce6595ef8c599366d7d47d2800632c9c6de454493f8958e87b70717de8049ea1565d0636c0a842d6e78ec30235319eaa198b01c582a2e250e40308180355b6df12c97d239866a49e22ff009315664695a2927d238eec678de6db2224d58004694407b277ff8f0ba8ace8fea0cee586ee53c3a607dccaa0071d9b5b016b97d2d1c5f41387d744faf93e96162b7ea03af01ff56e71a9c81104673e4bfc843b147dbe7372bd7d0da67a0c62c381a313241d777c5fcf7b5f3d111d97ace26fa97fc17e71eab913458a6724f796257b9d7c446aa61da9d0bd4b50f6f82815ccb1c9f1ce9c6772168c7807502f809e5d26ded790958d6c9d0da1d7af4163d793e28818eb09ae0ed95eb85cb2a20b38c6be7f9fce70c612de2b08b1629743bf36ec255c00bc8dff36822a7b4bbaa2bf83abdba3196aac60ec935694deae0b3cc05efbdd54462df89925e313c74a7f094608eb110f4af0b750d21226f63cd967d4aa43dd339c2eb62e3befe21df3fbca476b37991b18e03b42cdde0212e0b5795f8e9a17d8c076c58c84d3d3b177202f3abb11693179c79bf10329862e9fe834cb949caeabd042f6ef174ee7afd426e5c5c6415e2a5b0cf9b8b1755c80df67f88666f3430caa20c0eabb6824ec77942e25fe464f6b5421f8aa21248bf21cd5a644a22b635515329b363d4c67d0991b479b3ed7252a799283cd75f4076d06223969709dc1763c0d68ffd7c46dcf728cdae3857b1959c1be80cc551b18ede4828a4a1ba8a46de726021c784ad90b62cc84f15cdb648b12bb4f5e1900da19eb909c86cfff5a37aee16fd8f9c4c54f266d3e2ba791f93d3903bd8c9a911cf10a9f9ebb5e78ba76a4397d11e439e9fa7464daca0047b0c188e66e3f86236a538f71e4cfe60d8ef6224fa0e384a4c590d6e2eaabfd38b4a3da85f8686ed5b8d6ba8f2484f09b2332ae9d600296a14c852f32fe9b122a3e4029f3d1e357a535c3d1f9fb66ca308665dcd20b89c45921447e8036dd0c554607b2b1fc8a8ac286c04878ffc5f7d00c437edcf83ca41a6221084853467e934b58c386dc644841b4a51b959f83afbb96989c37109073f000693187c64d8d8e143dd60c89c83de9e2047c55fb846246fa8a437bd1c656bd3f0f840afe28c760134b8a91f6bf68c941d133789836ba4da900f284d1dcd7215109998aedc264a790efc41a7e7c79d07406b2fe0121b4bf7c03ec47dd1c44f744befc43665c3afe472a3db618a819969b813d339bc6ef5d476c4e881cf06a026f24f54ff48fab8a26f9a3823c343a1982739b13a348a6db8dfad0d21f1d4b829c0356c3d52d7002aa6e2266ed3314bc98895e9607a9deef5edb6fdf220cd23ac329bf9c40679d634b9f451714d967c66c02f9f8dfc578242e067d773e815e5e74fde077b3bbd66101850b1acdfc662a48010a3d13e8e32d3f1b9ab976f3b330f188cb015b65c40de6f1a596efc105cf70e0d1290e2c41d19bbe5d97f6443162d55998aa7afacab1b24fab3b25f3eae2af5ce52b4fa0532ab5287e26c7340cd099daed7b13d60edf782392755247d0de8f572bd3f35e5f261eccfd2d195641e7a0e6938de1869dcd183ec16c1432375de52941868d8205df6b2f513fd390f3f2a1fe4dc224f7a153e859289de636f1441b5ab592d5c48f05c1d5da125a35f9ff68a9e1da3e4ad99f18c7fe8d5fbaaf6773a7a3f47f34a52a784ea7a077d26dfdb70ced386007f08fb1e7c1de1fa8303d8d529aa36b27742c5a6deee6fb997d2c5642e4e3a3ddfe2cc7088c76e0ad5716352e8d05fca356fa93b0226b1c639db3af773408d82513226e680f6c9dce99e9f3c382c76725954b72c3c4b020b41a2713ee6007071b8288d84e705a218007b7221ed2986f72cbd6f5302ba478c90d4c03b8a43972ce349f8278af5a8a0f76c075b56f8cfec292a478145aa305c537d048c0dff12181ed7463f5d886f6573f24ec1c3b8f1144cd98585cb993326bf0776c69343faf54e2182bf6c048ff3b5934c4d476e6f9df454b53dadef97abe57424eb5e5a3543a6b1ff586ef598ed4056d061ba7e3fcf30a56a3040edca9a3b1f32670ea0951ba33ed55b605bf489068097ff53f89ff4f6537fb006fdece8aaaa06283a28e3316b19b25fdef2a1b35b200a0f255882c49b88b2797dbab942c2ff31a8bf263326ca50168b616109f3020353c0e0d3bb1b71572fdde4831796f085c12b360c32e0589e0eab8dad88a877a86290de640cc803fb08e55c6aedc7fdf7bb50395855346d3cc5c004bf9a1dff3564e0ef6b82155fb73bb1d32264e3e40674941b6caf2c3cf78951dab4a640b95a7b119eaed1e62528933c18ccecb27b9157e85c7b589dcf67fe70497df861d4d9fd3529483e0027f9841a91d877c0c0cf30fb14f89bd07bfbd6fe64f31414a9de7997989d802b46089ebf2b409afd0bba65499a9896a99c122956470230ee100961c67f7788b569a9f1ca6f6d8503c830907cdb76480a1a34d91249e5614bfcfc6fa17167852c21c7270000f496014351ba982cd94d306e9d05326253a664393a39bbd807198d8961e5010568ee20c2ed7422a476d43a246c759bfbc67daa9ad96afac57cbeaa232e34ed89fd57208b4d1c90ef18a1dcaad07b91bcca65c339614a943089129aa41667d7f6c685d3e92a3cd8217cede35776adbca89cff4e727332bcb091ef0870e423b59cecbfe7f32a9961220f108a0ea2ad7a31bae4fd2dedb33501d362754b2ebb013a910a8946a5058788b065114a20111f103a897f2cc81a97f3d4d4c50ab37d2c98955f6781be5a7796baa59ef29c47ec379aa60eff4a7c38f28bacd3731197e4ff8a38eff586d0050a6a6cd6e6fc596dceef614aa7147dd7eb3b044c6edf727701e18156c021d7be0bb6ab2bee212f960599e1d65823b375165ca88dd5d8cd56202cfde1736ba1386c7d12bccc5ebd555d09f1f4b15aecc82b346bda8da42c8c89d8bf284490f1a513b8ae29b3e57e13d03bb0b250855c41f961dd3d556d49f94c760d28b27b1a09ba63afdceaba91d93900c997d74cfb1dbbec986f4a7744924fc023ffd443ae78b8f37247968f8fb1632585279065cb67d52ed71485179809d52f72e2e4e94dec9d6717dfa210febfc0c4aef9ceab85f4e30ad5b4c885d1e441751e6d75a16c360492f111cc841557d14ee618b20ccfe9166890dac785c850b9245d11a04722c8a45b296c3b7191e162e7fc0db9e2cbf94d386a94c07b06eb3646a02209e80f92d0871b803845cdd77a15f62b2539c9704b8bd1f1347cd04ad69096fd90cd6d4e0dad0634900f2f1468511b0dfae53210afe5327c66be291cb2d21dba2541d7b83e634e860f56b66661fb24bc14a442730c98e4dfe0eae58f18663d04040b2d792b46a24bca6a9fbc5cf2da3662ec26f200d3f1394edfcba73227218c854b7faf849016bccbb0033058bd6acec94f3e73e5779da565db6d19aeca460074bcf6aa7076fb81e4f0a954c43ae2bc443f8d7e75bff1bbe619e8e58646989823fb73b761d0fe2d2b76328a7130c390e0b85e1cc7e3ab71f5f049b2348136d9434b6de1f836f2af8d75000a1b9e118b0f538c349c16d0749ae672cc726d7132a2cf6a44b9a259b4b4d18a2725bfc5dcfa24700377b54c1643b562667cd98d87e98fb1502af12ac49d8c6917e57caf86380cf66fd9ba80795637f42e9e91310094cafa4c8b1ccc2968b02be80c242cb4dea329b2e342bfbd5581ddc847f341f4ddfc624e29b7c4d2f10070fb190a4c9527b78043d5c3c4882497b0bfe94ad45da20424937f1390bd880c2518b1341bd2d762039ae3f06a9450e83c9d1917e5bf5fbae4423c93a1518ad3ff4d556f8c9695c10ef01c5da450ff3ef9f5cad153a5276e3947e2159cec7687e321e64fde7fe52f093fa3fa3038947008725aa530a7d48f3117104a2b420175a1bcd7c9b8d73f0eb34310df4b87c7157ed5399e7106644d4029aba3e6828589a6338121673fde38b45d5f8f67123a96c5cb9c441d3b7e566a74a668c718aa590d33a562f24f84a978c7c8cbcbe25a55dd123c328e5fdd6ac59abaf326cbfaf81967068aaeeaf350c43784f5a18c947fab523ebc56269cde35fa3a0ed2e7f3236957ee4e2e773ea76cbdd9fbb9094fd15b578bbff7dd6295059df0ec08649753ac19010458cf42e424d478a19ff77bb118e7facefe4124bf1a420e228679fb175eae983dd40a63a22de0eb1173823c706307a3926380a1b34a2a36ce997ecb8efb46e8a507c6915e504a1bd35edbbc322f255917dc53bb54ce9dcfbaa70bf8a7b0613fc56409e702f3169eadff811d7e9f50872dda3d8435b923ba1c613088706a43102c4ac535e1cbb5d9ad6fcc9c7e6f3c8a29c98b3b51f0162e5dac92987d11470c6fd4fdf3dc73326841eabd08f40b41c4ec3c358af29b610ecb7b49675a6ff8a05dbd9da369af61a18b67c1b26db49bc477cd51aa6d957de9deaa566e2e96c101f489405b1ce1adaf861516ad5589d6217bc607f6eff797aef4c04685b8e940c43b363fea58f4df5871556e9c8b724aba4214ed9a3d20bfe144db08b79799250c1783cce44e620d94bdefdbfbc8dfa691da32b1f6d5f057a8aff46492bd6b7c01f0378b4821f72fee0b46be168c4ed481ccf2b9cab5e1cf6dbc80e6d7e15ae05964fab3b5ceffa28e3a4f07f43544c9892584c3b4cb552faa3fff7a651cbbe4b003c46ffe8325d5716e6d506f7276351473c162237f39addb6689e6548fa0558c58a9aeaa448194106e86410290ff6bec4d07b98d24f3837c8383fc32aaa0e30b8db37b444e35bc404a43426ee63fa987215421daf3834b15880dfd5b68a145cd3bb79b8a5ebaf4fd40f0d4ed23ea33152f3007a6b5818816769ebf6fba993f3913bb5ab16fb7b0537ae71aac62db2583528b139aafe3afc27f3d4056b5e278d5592d083e6e64a5a582d16f8852e9c7d1524e20ab2a38ac0c67a5d2ff5510cde4b04161596383ca4351b94445fe04f72c09dd9a105dcfe80be66fee01c2a55fe8da8c459dff8a6a70fda3fc97f0c945af47a61f62d010fdd504b43a1f42e3dd075d2fe865e2bc30411dc23bfac8146f771384762348ad6c941add38ef6ab95eda2c3a52b083b945712a42462883a4f96d58bc650378d2514ec76a8ef8c3023f314046eecc704b82316c14a16ac20b2810e5bb37a0fd61efc8a18acbb2d9294fc5c1e69a1396b95ce88554aa6bba952b7f86b6e2fd8a74e942a9d389520e6af6a2fa2d23e429e7f9ca012397b37afc6e1b7559464d4cd0b67bdec45e750c5b7b7"}}}, @m_ctinfo={0x58, 0x8, 0x0, 0x0, {{0xb, 0x1, 'ctinfo\x00'}, {0x24, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0x3}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x6}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x1}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x46c}]}, {0x23, 0x6, "db82672beaf6baf4c065b942115d56d23149a5dc4ddb5bbb4e0a002fee975a"}}}, @m_connmark={0x190, 0x18, 0x0, 0x0, {{0xd, 0x1, 'connmark\x00'}, {0x90, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x2, 0x800, 0x0, 0x3, 0x6c}, 0x3a}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x200, 0x5, 0x80000000, 0x8}, 0x8000}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xd0c, 0x9, 0x0, 0x3, 0xa7}, 0xbf44}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x2ca803a6, 0x7ff, 0x6, 0x0, 0x80000000}, 0x1f}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x1, 0x4, 0x1, 0x20, 0x4}, 0xb478}}]}, {0xe9, 0x6, "eb0e0ee0dc1c87455e50579a809014ebdb61e34a1c854c22bcd75c457c6b4ff97a6b1abb25bfce2b8cf05f684e76454ee70bb8ebe7df8f727ab43bfb49660ea1d5197e00523bcde35f89b688a42308da6a979c852ee6d70202d38bf2a68128481d7c8dab65a8e2825a812640492fcc414b60ea92af0b9035614776f4244e100753fd7dea1a80a93d874ae79ee6651d103746cd141c2862ddeb05b78f2784366fe2b6ee1550787e879fdf9e49dc292b5bf15c8843cdf157d6a307e38ea09d06d5ca257e3b92c70ab977a99701aa459eec091ef68284d8c7eed9706919ae672c1c28b9ad40c6"}}}, @m_tunnel_key={0x40, 0x19, 0x0, 0x0, {{0xf, 0x1, 'tunnel_key\x00'}, {0x28, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0xd}}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x5, 0xffffffff, 0x0, 0x1e6}, 0x2}}]}, {0x4}}}, @m_ct={0x68, 0x15, 0x0, 0x0, {{0x7, 0x1, 'ct\x00'}, {0x58, 0x2, 0x0, 0x1, [@TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e23}, @TCA_CT_MARK_MASK={0x8, 0x6, 0x3}, @TCA_CT_LABELS_MASK={0x14, 0x8, "ca975850f813ee876f7a1b79fd259d51"}, @TCA_CT_LABELS_MASK={0x14, 0x8, "4225eb3ba2025edce8522a40eac101b1"}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @rand_addr="ed5342ffaacc565efeadd8b1db1dde79"}, @TCA_CT_ZONE={0x6, 0x4, 0xff}]}, {0x4}}}, @m_tunnel_key={0x90, 0x7, 0x0, 0x0, {{0xf, 0x1, 'tunnel_key\x00'}, {0x58, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @multicast1}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e20}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x4, 0xb50, 0x1, 0xffff}, 0x2}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @rand_addr="1e47e6918c84f25b2bfd6e2791e109b3"}]}, {0x24, 0x6, "ba2ea4cbfc5bf99c04c3ea54947e6efe0af65d73de3939079395164eedf1812f"}}}, @m_ctinfo={0x1020, 0x1b, 0x0, 0x0, {{0xb, 0x1, 'ctinfo\x00'}, {0xc, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0xffffffff}]}, {0x1004, 0x6, "7d8e5bac432c5af638a3f5c63e36d582e3ce289470822a772968e5ba662ef2bd4537c9708fd1cdba9c010c337fdd18a1a637b950a180e5d45f50e9a5943aa794015bf10a661eb806e3c34a5062903053cb75ba5ff85830a91c58e9dcc784bd7b3f7a573a50e4ad6695ae0b0a443985cd5f4e71d05ef9be30a92b41bd9704a001564b9f39bad907c985d60150cd778bfac4349abc4b7ec56a5dae0850315a60ccd1b3d566c2f36b89c67fcc4e4795f67f3e4cc8b4b9d044c52123538fabd2d49470d2d77ff5bc7fc6510f87545ff92b97bd7a648815c4bd702a1a73c62946400ec391931114cfb1cf4bbdc69e8b89f30ef5867d6aede485c5062e241053eccc1fa96ca08f07a5fbc70f2bcb205be7b16c12e51a537e1b4da32a497832466ff694b3cb64e7970e0b917399a91492bc675a79ec4a27fadb4cd2547928a8889c8160b46fffa3805b3b31dbf456480d231eb55f99b341037a0d40765ddfc44e872e821010edc21e55c673ce08938cde2561a6ce6abb41fc5295c69339bb6e6eabe37220a14e1b9cb458bcdd82dd1cda757d56cf59d8535a23369c2dff368fad95505a34fbe4d67067f0b8ab57f2328c865a91f440c26fb23ff76a893f8ea48b9fff21a2ffa26e746b905687357ecfe5c58a3acd8b7b7940f12d399e3fff12daa22e39ae43560097910c1b00fcc52e4857ce17bafef89620155163aa422eb88d273a9f39a36a838835ca17518a217f3b515bf4b18a7553f0d67485769c9cecdb898b7d696ddeb6574105a137a9b8763c3ccc6972ed056c7a2d245a7f641bd96dedf6f3264221f77dd7752e0f757ae0f2a3deba95b888ad78bf24d65aff10a206c5099c44ba45f76e5d7145e46b231dfa230a125138a45e4549ccf0dbb3c2fabad1e2a6dd97db4a13c90c32c8a06d3a4b864d8aa9daf2ef9b8288b80cc6287257820a7fb1c1633e72132a1a5f784f981fdee81bd0ef5bdd2ea0100c109534bab74a019a0c4b7a125360a58d19954ad2dd106c5f6f13cf0067329c3a82c9f315d385c7e0866cc4365248bab3109f8fcd8a659df26d49ffa27e5dfc6ac9084cf689a823a0ca8f64bb898c9f17e27690764d84a779eb01582353ccfbec3aa41acc5210e5cbc6890a6b0f709dc594fdf1fbe5072149f7cdf6f37b14b130bbab70e1bc7c4b90fb06ff193b2cfc70184603a66260fcec7aa3ac0edb029d7b5d3485cecdbec3872735488f527386340126206c8ab8321b815f0dc312bb009b8f5c9e6a8cf0b7beddb6203c6c50db408985c755b7222c5b9327bfd526609b61acf048f5d6cce702faa87d724bd6b364ac620f369575376918650367b87f53a0773f3c9e204e60f82bbeb27a32f514df15a42113df18f0d005c88d7764e92639c7d403b87dc1838d01bd2e6cb4c0ee79bd5fe5ce8b51db973a5ec01f5989e4e7b2462f3c62dac0d1ee521f700a6e15a7c2bc3bd87de33a18e18dfe17fa81f72857711b1c154da549798e6fcc8fe4238221b974ff92dd4ab35642034b5c3caa3b049410cb9e1340cf8d4ecd8d85882fb22c80d9b8398b93058ef49c202f8d8fa7b247fe91ce9d003590e4263443a619ee067eb4c11f28b375129c883866c7f8fcd09d12fbf615369b895f156404185c384547d2daa7585a2aace3239a6a91ab5aa4a55e3543ae16529eb41f3cad9b8eabd627d13a99b5877cba8256f5326fac0e63bc0515fb9f117c235d5c71c429c5370b9b5c36c22a61b231d01cf7c3ffe6ef93d89fdce5c1bfce67e012a140711befd9340f4e3fcb4b2d67f3adcaee3d78fb40e5d13d5095d08d589d9c333283a3445f02de4e1b4bf590c149304e111b7b263df676f2227f7e47635b9f5277a00e10bda243f82d82ac155d488ed7ff2b1fa54b14ce48845abed0201b78559316f0badb93629a313c06ae198df14cea81f3f8bb787763615d2c5e94f2b026adcfa5721e43bd4c167517eb36e8077a013e935493204b06d205f479fe1c0898a9038c8dfac199f703185f2d697f539179b64818e3b6288f57f2e95530abfc5ec76701c3a1a84bc0963f9b90f64ac3fb3f4a16ebdf5cf59ff95c3daeb20212a868b8a3ae3483298fce2dbb93db31206e2cc5c55494aa05e82779e93f69510d89489e3f6f745b2d57ff111d52f627b53801dcd2c7df2129e61b27cd46d6e466f8a0a2a2245e4f1b67b288ffe9f25c0455b386241a839ca0fe9d7c44214f73c3624425fa91cb5e09550b134f830ff1d3043b9ed9d5e5c05bc1b9b00fadd38cb54397eea4dc0431e25a9960f1f82fe13ad1de77fea2010ad0c474f10df40138fdfbbb0028b5b4f651f4479c750dec930aaaa7a4f7fde4395fd399bcbf9079a6b5965f25c1b40d071fdde31db94bbb016764d5543f90220a8d380b44e7ec7c370dd91aa9687598bd6e621aebf7774acdcc2cec570eb40ba0391a5e96742b741c7f06a259391d69931e15c8acd24f4b3b3b796f61b5744c467f20a504c944f3f195258789fe0b9b6684ac4182a395228cec781af3f9e415d29070051564bb07156363d49087a9eeb15cc39ba2a487c82cda98684db106e163651707c40423464fcdc97f78be2fb6dfd36229fe2e76f26c6a87622a148e696a3bee17cbe2b66322921376578db209f50f9b8c04dd76a08156a48110e9e5c2d66e32f06aee4a96cb146d5581bb5ea4e059ec106a82cf3e31860f16372666ab2be97473c5e4d9698ce5814ab5b5b59f27318d5545d11dd9087db4c27eca0cc9dc4fa438a1edda663357fb7bc50e1b2484a4be7412f2007a6d83f75a0da123ed1021d0bf464a8c6afaf379fb91ca2cf8c8ec50907681ab147c97814535adcc3db49af01bbc26d16c53d3e47cfcefaf36e53e8338053233c447830fdbcfa1e1c1c4f5dc9e2ad8d4411feab3df1cb79a8d609327afa0a55a06ca11a3aeea7b6705e4505520d9515689dbd443510bfce58a0bf33345c258e05467befa8e45cd52d9bbc8fadc123e97c700f5b225a29a89e996c13a00341ed8dd195a94f0481e6dd433db2ac2594bb45b0679f74624344734de3e21baef54e1a69b21c7f3799c3ffa45dff768548cd1420194ca3411c8f1c4b580f588c249f3ca3c902120248a9b76fbe9ea3e64f3a5a98e4c15a3675bcf3dab37e9052a9a1cbba10536727a671026f54918b08206f43978693ff783c3561a3f04686c3454362074a59b1df38fae65589c850c4f06fb51c912f6a606e9bbd45d927d0dd507e1d3d4b8a838bc8d11bac31d4ac71ff2ae6ad1209db844443a9f302610c796a222a10d4bd70aeed0c23bc67bf2bd24cc1a7785d1b3fce707e5fa24fa1802f2289c91c55444a50680482c0a2b99380f074bd1ea8d45838c5168b85e680a7d80a76023b4780fa61e87af5c7a06c74f64f025ee417d2f2478f20d1e30f677cc66e113e0359fe245f82a16ab99f645e5bf129b307464a140b1a9521fcda808f696ca7e3dac88f6f449a0315bffa397c06a79ac155d500779add79490859676ef1cdb94260033cd258c4c1da6abde2754f37430e8d00f5bb82ed80cf07fe1598332514425bf8780761ee96e8104b3782d500ebdc205f6ef50d3a92ed697e5f1cbdd6de003cf7ed5757012b2982401cb1ffbaf6e152acf346d47d7b1955e82925cba206c1ceec97aab5a68324bc001e65711220c1c95864769d51ac88b27170b683fcfe1960f0616e8aab4459a941415d528c394f065aad14194b6b62e6b8d639e6a42cb9255f96814256e132dae3a07355554e87f0e67572c5db91410efa1b668f5bff6f0ffe52b19a0dff7f26f8516501ebd6befb579f0ed41deb5219fcd3b073d9f6602ee6ef3e60d03830ee7c8841a342e927e335fae998ed289c81d3aa4ccde4257c670f2404f981babc76baf58d03ad0369ba0f779f25ad480fce4cc9916a8d41bcb0a9803d5546dd252cf7749ae0f049346b98abb923e0fae2402fa3b3b7644d8fa53271614db6e1f2abf812356bf83166f4fe4213cd040505ecf0e07f5b9186b101b6042aed558fda7df77321462ae5ae4852dc1fe6eb183714f286e1bab474280c130a43af883802027ad235b6f3a21aba906ac1dd26688a22d1222eadd099668a90ee38dcea670794cb554839119ad9db2f2b1ad59600e4353bf019dd777f6f6cbe57245fd20f4db8be25fda350f377cc1b2e2132185da1bec88870978ba4f3043fa1ef76e8a0abf4c39054a0e8971518f33f1803776bce276f24505c2945246f64305cd203d2f03cfe48909bd043199439f17b941a539dbbde37cbeb14eb06c3a823d721d718019f229b2582943048f2fabd8b47ea78c9ffad86de0798d4240cfb07e0432706baec89abaa5b4235a364a5aa0c4eb6ffea5c03671403153a916a21d0aae88eee6fc3cf662fa6aea013b1f76197086e2497d8839fa6465a7d3196b06a3dfe7dd338825c856bf29690a4877b18177e327591706197901c84f3ef0297e7b1d3085feada3f8321e9a4c1fc138dd7c2b65803ccffbde110ea4fd369b672d9e0c168cabce453a1613c0e4948b7c124e4760c5ac1cf2964b9eaa16a54682d89b8cc766206e30015eafcd0dabb4da153bb2ad24b8754cb0d8708dda1cc64af84817ee4aa36b1c7d279a59ab1460ae4e6f6386344e1fa4854c7fc8b4f4307e6fb9b7983997a961d4339a7c1c3d65e52a707e50d29220e62d31f0f89046f3fe2392e6b802b674687ff3a10e0c0c769f7d490dd7bb3889e86c6699e80ceacb298baa38df96376a551806ab1067ef4a0e1c0f648309eacac9d60d0bcf85b50bd3234b6ede593419f4d2e70a69f8ed8da42798e2ef950135826003cd0302635d708dc55ce5035119992a6f3884debe8dd44bba4c5d80e3cebbabedec36055d3a227a8c528363271b472ef274bdfee2bcc9282b0dbd99fdfbf7b355c25b036556bc214c47cbe0e6d4ca15f1bad9cbc14e4c2ff66df350094d8153ec3bb9637655c2bda209581e9e042aa133698a3a78ceb9fca6a277fc8ef72a1e1bff1250a1df4621946c847b0fd901045f818eff30b6e36082db3d73558431e9deac55cb4d815f0422de085a91df59ec78407a69e1d626f0a3c95c75e42c67ad84b536605303b9a44a6a4b06bf076d7275239d19a52e6b4044ecde1871f54dd1d7b8fac0d429cc4b8e2cd50322dcf47b2f374ed415e5b7acd7ca156af92ff162b26197ac38bc3d232bca525b44c9cf3d06b8f15e38aeb71151b1cce4a811500a6aa08b2ef560aadefa433a437c20c51ea657d638407db13bea1334cce1b0544293571b90184ec26d0813eaf02123c34e727f2c654cdc083d982f6e25f8eded4316b90a17bbebcdc84d26f2f2fdac45b4718688d825ae323fe8088994ee9ae23cafd767c0d6dffc5708bc2e22cbd3314132dbe3a6db1ef19569f432309801704ca209983446b38e7eed4a425de286868f99abba017f27969ab7cf03c1d0de90315d061a96302ccf6f079114ffe000aa8e48de614bc101512908d19e9925638dbaf13dd7924a249d25f7dd2676c2d3ca816c53d53726ba543dcadefe6823090a256c27c795c71308499290cccbdf61aee404c16ea422d73a873002868be42c3536d6efc4db296139624a3047044ffd2a56b57a087a78037cba437d4c250e45f6d22975dd8c4414a0fca9c96c69e5d5823c4cfc4f091ebc755b4ff8a9ec26a483c71b76818fc3bd69cd9a7e33bf3e91175c7b9a98c8a58f378814aaa6d6c1b95832a0a88be5134729bf916c6bb1b035c8d5b16cd5497ca0082864c5552c1dc28787038ddf48fc973f3edc34d51905621661077cd55a83"}}}]}]}, 0x2ee4}, 0x1, 0x0, 0x0, 0x20008086}, 0x24044001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 05:37:50 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 380.271048][ T32] audit: type=1800 audit(1583991470.330:100): pid=12229 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16590 res=0 05:37:50 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) [ 380.364489][T12219] ion_buffer_destroy: buffer still mapped in the kernel 05:37:50 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x18b120, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:37:50 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 381.083040][ T32] audit: type=1800 audit(1583991471.140:101): pid=12229 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=16590 res=0 05:37:51 executing program 2: ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0185649, &(0x7f0000000300)={0x9f0000, 0xfffffff8, 0x6, 0xffffffffffffffff, 0x0, &(0x7f00000002c0)={0x9d0901, 0x80000000, [], @p_u32=&(0x7f0000000280)=0x9}}) io_uring_register$IORING_UNREGISTER_FILES(r0, 0x3, 0x0, 0x0) select(0x40, &(0x7f0000000040)={0x3ff, 0x3, 0xfffffffffffffff7, 0x7fffffff, 0x8, 0x0, 0x1f, 0x9}, &(0x7f0000000080)={0x8000, 0xcaf2, 0xffffffffffffffff, 0x4, 0x1, 0x9, 0x7, 0x3}, &(0x7f0000000180)={0x1, 0x10001, 0x3f, 0x7, 0x20, 0x6, 0x15, 0x1}, &(0x7f00000001c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xc, 0x15, &(0x7f00000000c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000004503000000fefff67a0af0fff8ffffff7900001800000000b7060000ffffffff6e6405000000000065040400010000000404000001000000b7050000260000006a0a00fe000000008500000028000000b70000004dc50000950000000000000089c81f20273d16b798b43ec5a3c87bb07eb78c27b0e1773f04a22ba8cedf8510e63fb112cf6956f99d1938013c217e0f6ae30b09b011676eb223"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x3}, 0x10}, 0x74) [ 381.226126][T12249] 9pnet: Insufficient options for proto=fd 05:37:51 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:37:51 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe0, 0x0) 05:37:51 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000000000000bfa30000000000fefff67a0af0fff8ffffef79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000040000006a0a00fe00000000850000000b000000b7000000000000009500000000000000acbdff7a8b455235f877c46fb88194f2b1b185e5a2e303855811a00d481d33b48a29825eefab888236677c3547c8bf2c0931b900d2de57fa12c6f09b3b52bd35122da8718bd9ed9766a5438cac10e0d7ef68ec091f97795f45e03df9c28fcf4c48ea2b51ff9248cccbf397367cb60cdd097c5bcc80849a1ba58e5c579948527fea31773f189d8d6955d8dc70170c237bc14cf66f41412f28a661eeed021610d2725b9808fa80e1890ca0003573abde02014533e140620271d89c221f02bd8c530480a15755cfa9d793f49c94de4b03c2d5be5067bc20519e8212c6e3afd042e70338f5a534764a936cb7d6a1218b3281e2c69b947dec48545424470f09216af166e7fa28aa932a8c777c2aea8c97c5c6d9be5a6c87cd385d067a5cf61b65a6c031f9cd2db78cdbc8bde5b0e3730af7d4b484bbd6ac72694291320281835553e8c39e4a4f2075461f940a6ed8ae5388817cc1d53a5d0a3e26eee5000000000000"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0xbaae9238b0c1f6c9}, 0x48) [ 381.616695][T12257] 9pnet: Insufficient options for proto=fd 05:37:51 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x18b120, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:37:51 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:37:51 executing program 2: write$binfmt_elf32(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="7f454c4600800000000000000000000002000600ca3f8bca0000000038000000000000f7ffffffffffff1f000200000000000008"], 0x34) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) write$capi20_data(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="100001000a81000008000000000000002d004dd10100057a445408938b13c646bc3cf60c88ca6000e310a3ac2dff7feb2bb87944e9fe1c77dd18ecc66bb3d8fbe1061a06e5af64f569498697af010dc384cd47c7f8abe00411681cffa883fe61098ba779037815e0d99f7b66e99d967015f23c9f152a6017d6bfc355973581a56dc1b517b2e40908c9dedba706991d0c4be6bae97c419070cd52066020ea904b6f5e30b60c0de9"], 0xa7) ioctl$SNDCTL_DSP_GETIPTR(0xffffffffffffffff, 0x800c5011, &(0x7f0000000200)) uselib(&(0x7f00000000c0)='./file0\x00') setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f0000000040)=0x1, 0x4) 05:37:52 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe0, 0x0) [ 382.103234][T12270] 9pnet: Insufficient options for proto=fd 05:37:52 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:37:52 executing program 2: syz_emit_ethernet(0x63b, &(0x7f00000004c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @gre_packet={0x7, 0x6, "daf4ee", 0x605, 0x2f, 0x5c, @local, @mcast2, {[@routing={0x2e, 0xa, 0x0, 0x4, 0x0, [@dev={0xfe, 0x80, [], 0x14}, @mcast2, @mcast1, @ipv4={[], [], @loopback}, @remote]}, @dstopts={0x0, 0x13, [], [@jumbo={0xc2, 0x4, 0xfffffff9}, @hao={0xc9, 0x10, @mcast2}, @hao={0xc9, 0x10, @loopback}, @generic={0xfd, 0x59, "a5da28f14b3f47fc7f5ad4a50e97a9c88afa28151f844b79aad249d87cdefc9549120ff2f6e1fb053b2598dd5773934602a5459004d3d2e86453685f1b429b1fe02ff074c12c0ae76ef5d89ecd6407ce607215a0d871d78b21"}, @pad1, @hao={0xc9, 0x10, @rand_addr="5ebe74d0d205a3fd27582b3fef595c97"}]}, @fragment={0x67, 0x0, 0x4, 0x1, 0x0, 0x9, 0x66}, @fragment={0x2b, 0x0, 0x0, 0x0, 0x0, 0x6, 0x66}, @hopopts={0x3c, 0x29, [], [@padn={0x1, 0x1, [0x0]}, @jumbo={0xc2, 0x4, 0x1ff}, @calipso={0x7, 0x30, {0x1, 0xa, 0xb1, 0x6, [0x4, 0x0, 0x4, 0x10000, 0xffff]}}, @hao={0xc9, 0x10, @mcast1}, @pad1, @generic={0x5, 0xd1, "f9e5349f5e7458f868822630f483bf4b6bb665fdcf2473bf654ce6bc9e6af38de9b2556a4a52c1c3c680bfa7bc4ec87fd744a4d546b1fb29fc2c0cda8a4eca605c3bd8df8acc14f4ccad639c99bff123100b39d9e7dba06d4834094e0f233dc21d36dcd1b4279b9d11a004804e52f89e2f2e7c7fe9db26db6861c65e9b4955e2b8e4a7447bb7d9cead80ce3d4aff4f394568c19ee97c199fef5de01ebf06e2be405ce45ec060c327165c919b0dc03c949498aca2834d4fc03dd6ef824adfc42819d4ddeaeeecbea9435b4ed04df1882acb"}, @hao={0xc9, 0x10, @mcast2}, @calipso={0x7, 0x10, {0x0, 0x2, 0x80, 0x9, [0x3]}}, @pad1]}, @srh={0x67, 0x2, 0x4, 0x1, 0x79, 0x20, 0x4, [@dev={0xfe, 0x80, [], 0x2b}]}, @fragment={0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x64}, @routing={0x89, 0xe, 0x1, 0x4, 0x0, [@loopback, @empty, @local, @mcast1, @rand_addr="6113525d76e0e8eaec443a106a7a7ffd", @local, @dev={0xfe, 0x80, [], 0x25}]}], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0xae, 0x2, [], "c10953b6ad69f99081abdd19e6dc589c84da22f70635d9f7067a12f14560b4db7031e421d2c1b57af1578ba9cfafa9860963e3dda7acd8aec4432f0c1d72c24544712866fd00dc7bc48db0d484532043ff91e55e0af99c670c1598ee28321561104439ab048552339b5ebebfc44d4183a6fb8ce1e2866311d7b664462e23401a59afd038467bf8b14354ed234c8cd5518fed97e820f1fcfa176a285027446eb8517025e2052ec8134c079a610b95"}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, [0xe6b], "c1de89d5cff290ca05823cb887f60e186c3bd1922f00f4b2edaef722d0d646be5bd46ed55c8e4a4e15c1efda7d2e1d507116cdbc2f51a922c7f7a3cde3bb17e5de79a345d9672c8bec4d2cfce09f60bf63dad46da0df669cff59d2a2a2cf4bdaaf3db7763bed716d8f65bffb447e0d999405bd6b7f767d134620c85406eeb3e5b196a0e49c55517c105568afeb8334dcad30eb284de52458a0915189838e38751b51e83b735689f873fc5a9a1c63e82d96af52388d6d441b7ecea64bc5264b4801fb53cf03368b035ed960918f78a35f5672a3181439a81e705e4f292b7db99d9e7e65bae98dfe33f00331344efcda0bb20139c644a567"}, {0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x86dd, [0xf801], "c0852f98a958dcc8c69c5c08775158ea8834d0995dc0d7629de22dcadf74bcc58908e853d805e05b5b74989305389a38e052d6a4e355cea817c505f53ca0d68ea823c8665b536597df3311cb298c931aec501721f69f8f6cbae5f5ff452cc2992afcb04c58ebec8c11f4335f51c4f2f93ba6937c0d7f3253b818b687d05d6483b0a2c44184003e19a91e5d547cc45e58"}, {0x8, 0x88be, 0x0, {{0x3, 0x1, 0x1f, 0x3, 0x0, 0x1, 0x6, 0xa6}, 0x1, {0x5}}}, {0x8, 0x22eb, 0x3, {{0x1, 0x2, 0x41, 0x2, 0x1, 0x3, 0x1, 0x6}, 0x2, {0x4319, 0x7, 0x1, 0x2, 0x1, 0x1, 0x3}}}, {0x8, 0x6558, 0x1, "7fe85c93f2c0c45fea147dc2009c222c5ff6b9e9b9e0af1b0a36ecf6f8c96c5fa8649eecfe7e5f647815583160d6a24f67291fe495c864ac1b500bd4e44d878f8bbb3bbea001316f878afb9a6daddc678e2251afc2dac0b66af73c9fd576d5209cd3ce6cafd607c98a0af0cc704d6a158abebd14e09e32c5aee476c73d1aaf1d5619dc94166e330c"}}}}}}}, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) sendfile(r0, r1, 0x0, 0x200fff) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0x80585414, &(0x7f0000000000)) syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x0, 0x2) 05:37:52 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe0, 0x0) 05:37:52 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r1, 0x0, 0xffffffffffffffb5, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='bbr\x00', 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000003c0), 0x4) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x2bcf) dup(0xffffffffffffffff) shutdown(r1, 0x1) recvmsg(r1, &(0x7f0000001440)={0x0, 0xa, &(0x7f00000015c0)=[{&(0x7f0000001600)=""/4096, 0xf99e}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x7115}, 0x500) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000180)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x2, 0x46, 0x0, "0000000000000400"}, 0x22b) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) io_setup(0x8, &(0x7f0000000100)=0x0) io_submit(r3, 0x2, &(0x7f0000001580)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x3, 0x0, r2, 0x0}, 0x0]) r4 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) r5 = gettid() tkill(r5, 0x30) tkill(r5, 0x8) keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000680)=""/41, 0x29) r6 = gettid() ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0185649, &(0x7f0000000600)={0xa30000, 0x4dc, 0x8, r4, 0x0, &(0x7f0000000540)={0x98090e, 0x9, [], @p_u32=&(0x7f0000000500)=0xbb54}}) ioctl$VHOST_VSOCK_SET_GUEST_CID(r7, 0x4008af60, &(0x7f0000000640)={@hyper}) tkill(r6, 0x30) r8 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r8, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') 05:37:52 executing program 1: pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe0, 0x0) 05:37:53 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x18b120, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:37:53 executing program 1: pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe0, 0x0) 05:37:53 executing program 1: pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe0, 0x0) 05:37:53 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:37:53 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:37:53 executing program 2: unshare(0x2a000400) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ff7000/0x2000)=nil) shmat(0x0, &(0x7f0000ffc000/0x1000)=nil, 0x0) unshare(0x8000400) shmget$private(0x0, 0x2000, 0x800, &(0x7f00008fd000/0x2000)=nil) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000) 05:37:54 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:37:54 executing program 2: unshare(0x2a000400) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ff7000/0x2000)=nil) shmat(0x0, &(0x7f0000ffc000/0x1000)=nil, 0x0) unshare(0x8000400) shmget$private(0x0, 0x2000, 0x800, &(0x7f00008fd000/0x2000)=nil) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000) 05:37:54 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:37:54 executing program 2: unshare(0x2a000400) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ff7000/0x2000)=nil) shmat(0x0, &(0x7f0000ffc000/0x1000)=nil, 0x0) unshare(0x8000400) shmget$private(0x0, 0x2000, 0x800, &(0x7f00008fd000/0x2000)=nil) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000) 05:37:55 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:37:55 executing program 2: unshare(0x2a000400) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ff7000/0x2000)=nil) shmat(0x0, &(0x7f0000ffc000/0x1000)=nil, 0x0) unshare(0x8000400) shmget$private(0x0, 0x2000, 0x800, &(0x7f00008fd000/0x2000)=nil) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000) 05:37:55 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:37:55 executing program 2: unshare(0x2a000400) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ff7000/0x2000)=nil) shmat(0x0, &(0x7f0000ffc000/0x1000)=nil, 0x0) unshare(0x8000400) shmget$private(0x0, 0x2000, 0x800, &(0x7f00008fd000/0x2000)=nil) 05:37:55 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:37:55 executing program 2: unshare(0x2a000400) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ff7000/0x2000)=nil) shmat(0x0, &(0x7f0000ffc000/0x1000)=nil, 0x0) unshare(0x8000400) 05:37:55 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:37:55 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:37:56 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef00030000000000000000080002"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:37:56 executing program 2: unshare(0x2a000400) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ff7000/0x2000)=nil) unshare(0x8000400) 05:37:56 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={0x0, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:37:56 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:37:56 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={0x0, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:37:56 executing program 2: unshare(0x2a000400) unshare(0x8000400) 05:37:56 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:37:56 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={0x0, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:37:57 executing program 4: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x802, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x80, r1, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_RULES={0x4c, 0x22, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x4}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x42a70}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x7}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xe9}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x95d00}, @NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x7}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x8}]}, @NL80211_ATTR_WIPHY={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}]}, 0x80}}, 0x20000000) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/snapshot\x00', 0x640200, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000001400)={&(0x7f00000001c0)="8d1484474ebb5c90e12846bb7ae3f0086c621908462d43cf027ff24c66ec24a98126408b952a7b408909663d422736", &(0x7f0000000200)=""/4096, &(0x7f0000001200)="cf7933ed0083719a49202cd34ef5f2008a10099e1dadab52ab606f438be6ef5fa7cabd260b562b22926b34230c3edb916899bcbe2404ad60248dc564e0889880db0f102b3ae3f7b0cccba921f78d6f41c83dc0d439c7772da6ff619fed5ea8ff3174b6b0cda9fc552ba99e7a3593534923bf9c21a6c3caef29cf1fbc110b4d9ee87a3c78c143d941190ec1e9393f22b4d01ddbb5a287022a17d8131effe1dfaa83942732c3de8a43ae464e30492efa3a1d1ceffb19bdc821a40883dcb21c8da2260ee0a926335a72d1f351bdb23fcdf13e8f1a134260ad11b6e2f7e07ac4307492b564643ec81b38d66c323fe6017e860ead2b97cd4411d0fe3c", &(0x7f0000001300)="4cd835f4ea425e2b38ab0a77360882529a4b5d84834d88550658c25f4dd5c4f63bd88b8f7a7ce2c654deb5a7eb80b361f860452794ebe2838298f2821f32bc4797a466a5d79fecc93d4d752a5b042a8bce79263108fe4712b604c8ba2a743cf11370ad945cdecc7effd440e25462718d6d0227398f0973fccd038aef97f4915e15d5ba57b6a9065661818b7d82b1e31fa73b02e70cd63cf7", 0x8001, r2, 0x4}, 0x38) fsopen(&(0x7f0000001440)='gfs2\x00', 0x1) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000001480)='/selinux/avc/cache_stats\x00', 0x0, 0x0) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000001500)=0x0, &(0x7f0000001540)=0x4) sendmsg$nl_route(r3, &(0x7f0000001640)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000001600)={&(0x7f0000001580)=@newlink={0x6c, 0x10, 0x8, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, 0x1, 0x8000}, [@IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0xc}, @IFLA_IFNAME={0x14, 0x3, 'veth1_virt_wifi\x00'}, @IFLA_MAP={0x20, 0xe, {0x80, 0x9, 0xb43e, 0x300, 0xf8, 0x1}}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0xb24}, @IFLA_CARRIER_CHANGES={0x8, 0x23, 0x4}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40004}, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000001680)='fou\x00') ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0185647, &(0x7f0000001700)={0xa30000, 0x6, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000016c0)={0x990a7d, 0x86b6a10c, [], @value64=0x3f}}) ioctl$KVM_S390_INTERRUPT_CPU(r5, 0x4010ae94, &(0x7f0000001740)={0x0, 0x6, 0x80000001}) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreqsrc(r6, 0x0, 0x28, &(0x7f0000001780)={@rand_addr=0x5, @dev={0xac, 0x14, 0x14, 0x21}, @remote}, 0xc) ioctl$GIO_CMAP(r0, 0x4b70, &(0x7f00000017c0)) r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001800)='/dev/sequencer2\x00', 0x408183, 0x0) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001880)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r7, &(0x7f0000001a40)={&(0x7f0000001840)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001a00)={&(0x7f00000018c0)={0x124, r8, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x20, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3ff}]}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}]}, @TIPC_NLA_LINK={0xc8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd9a0}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x4}, 0x80) ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc044565d, &(0x7f0000001ac0)={0x8, 0x2, 0x4, 0x100, 0x1, {0x77359400}, {0x5, 0xf6d74746e7af541f, 0x1f, 0x3, 0x20, 0x1, "a9f43288"}, 0x3, 0x1, @planes=&(0x7f0000001a80)={0x1, 0x0, @userptr=0x2, 0x6}, 0x10001, 0x0, 0xffffffffffffffff}) getsockopt$ARPT_SO_GET_ENTRIES(r9, 0x0, 0x61, &(0x7f0000001b40)={'filter\x00', 0x25, "ea809904da282e7ebc160e0ace1770a02103bb868ad79de67295f767ac2e47be4810f0e956"}, &(0x7f0000001bc0)=0x49) ioctl$VIDIOC_G_CROP(r5, 0xc014563b, &(0x7f0000001c00)={0x0, {0x8fba, 0x5, 0x100, 0x4}}) r10 = socket$unix(0x1, 0x0, 0x0) listen(r10, 0x4) prctl$PR_MCE_KILL(0x21, 0x0, 0x0) r11 = openat$cgroup_ro(r2, &(0x7f0000001c40)='cpuset.effective_cpus\x00', 0x0, 0x0) ioctl$TIOCMIWAIT(r11, 0x545c, 0x0) r12 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000001cc0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000001c80)={0xffffffffffffffff}, 0x106, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r12, &(0x7f0000001d00)={0x4, 0x8, 0xfa00, {r13, 0x2}}, 0x10) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000001e00)={&(0x7f0000001d40)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001dc0)={&(0x7f0000001d80)={0x40, 0x1401, 0x10, 0x70bd29, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0x4001}, 0x4000) 05:37:57 executing program 2: unshare(0x8000400) 05:37:57 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:37:57 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x26f) r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:37:57 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r2, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000080)=0x2) 05:37:57 executing program 2: unshare(0x8000400) [ 387.547289][T12391] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12391 comm=syz-executor.1 [ 387.612678][T12391] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12391 comm=syz-executor.1 05:37:57 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r2, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000080)=0x2) [ 387.672755][T12391] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12391 comm=syz-executor.1 [ 387.717830][T12391] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12391 comm=syz-executor.1 [ 387.782672][T12391] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12391 comm=syz-executor.1 [ 387.843726][T12391] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12391 comm=syz-executor.1 [ 387.883309][T12391] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12391 comm=syz-executor.1 [ 387.940140][T12391] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12391 comm=syz-executor.1 [ 387.969532][T12391] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12391 comm=syz-executor.1 05:37:58 executing program 2: unshare(0x8000400) [ 387.990632][T12391] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12391 comm=syz-executor.1 05:37:58 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r2, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000080)=0x2) 05:37:58 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:37:58 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x26f) r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:37:58 executing program 2: unshare(0x0) unshare(0x8000400) [ 388.583686][T12405] IPVS: ftp: loaded support on port[0] = 21 [ 389.018648][T12405] chnl_net:caif_netlink_parms(): no params data found [ 389.288472][T12405] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.297033][T12405] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.307147][T12405] device bridge_slave_0 entered promiscuous mode [ 389.329131][T12405] bridge0: port 2(bridge_slave_1) entered blocking state [ 389.337450][T12405] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.347992][T12405] device bridge_slave_1 entered promiscuous mode [ 389.462419][T12405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 389.510294][T12405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 389.633691][T12405] team0: Port device team_slave_0 added [ 389.651338][T12405] team0: Port device team_slave_1 added [ 389.736258][T12405] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 389.744131][T12405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 389.770497][T12405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 389.821825][T12405] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 389.829784][T12405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 389.860944][T12405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 390.039551][T12405] device hsr_slave_0 entered promiscuous mode [ 390.164778][T12405] device hsr_slave_1 entered promiscuous mode [ 390.272548][T12405] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 390.280623][T12405] Cannot create hsr debugfs directory [ 390.596081][T12405] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 390.698708][T12405] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 390.847466][T12405] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 390.956600][T12405] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 391.402774][T12405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 391.466891][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 391.475473][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 391.502679][T12405] 8021q: adding VLAN 0 to HW filter on device team0 [ 391.530491][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 391.540944][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 391.550621][ T3227] bridge0: port 1(bridge_slave_0) entered blocking state [ 391.557996][ T3227] bridge0: port 1(bridge_slave_0) entered forwarding state [ 391.622974][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 391.632872][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 391.643015][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 391.652685][ T3227] bridge0: port 2(bridge_slave_1) entered blocking state [ 391.659947][ T3227] bridge0: port 2(bridge_slave_1) entered forwarding state [ 391.669159][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 391.680353][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 391.719509][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 391.730735][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 391.749062][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 391.773482][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 391.784040][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 391.821250][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 391.831661][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 391.872683][T12405] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 391.886127][T12405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 391.901713][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 391.911701][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 391.987538][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 391.996193][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 392.040249][T12405] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 392.256310][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 392.267232][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 392.360980][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 392.371706][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 392.385439][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 392.396138][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 392.418707][T12405] device veth0_vlan entered promiscuous mode [ 392.461214][T12405] device veth1_vlan entered promiscuous mode [ 392.553046][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 392.563630][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 392.588766][T12405] device veth0_macvtap entered promiscuous mode [ 392.618692][T12405] device veth1_macvtap entered promiscuous mode [ 392.687122][T12405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 392.698243][T12405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.708274][T12405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 392.718830][T12405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.728955][T12405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 392.739790][T12405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.749803][T12405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 392.760401][T12405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.774917][T12405] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 392.791141][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 392.801585][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 392.811772][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 392.822219][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 392.853266][T12405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 392.863886][T12405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.874441][T12405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 392.885038][T12405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.895460][T12405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 392.906047][T12405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.916114][T12405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 392.926822][T12405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.940906][T12405] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 392.952128][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 392.963211][T11711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 05:38:03 executing program 2: unshare(0x0) unshare(0x8000400) 05:38:03 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r1}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r2, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)=0x2) 05:38:03 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:03 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x26f) r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:04 executing program 4: r0 = socket(0x1000000010, 0x80002, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_GET_BEARER_NAMES(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r6, 0x1, 0x0, 0x0, {{}, {0x0, 0x4}}}, 0x1c}}, 0x0) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r2, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r6, 0x10, 0x70bd2a, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4816) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x4}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x1c, 0x2, [@TCA_MATCHALL_ACT={0x18, 0x2, [@m_nat={0x14, 0x1, 0x0, 0x0, {{0x8, 0x1, 'nat\x00'}, {0x4}, {0x4}}}]}]}}]}, 0x50}}, 0x0) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r7, r8, 0x0, 0xf7fffff7) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) r10 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r9, 0x84, 0x72, &(0x7f00000000c0)={r11}, &(0x7f0000000100)=0xc) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000400)={r11}, &(0x7f0000000440)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r8, 0x84, 0x78, &(0x7f0000000480)=r12, 0x4) sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0) [ 394.100635][T12465] selinux_netlink_send: 22 callbacks suppressed [ 394.100689][T12465] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12465 comm=syz-executor.1 05:38:04 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r1}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r2, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)=0x2) [ 394.151599][T12465] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12465 comm=syz-executor.1 05:38:04 executing program 2: unshare(0x0) unshare(0x8000400) [ 394.195044][T12465] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12465 comm=syz-executor.1 [ 394.248219][T12465] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12465 comm=syz-executor.1 [ 394.300196][ T32] audit: type=1800 audit(1583991484.360:102): pid=12467 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16624 res=0 [ 394.384087][T12465] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12465 comm=syz-executor.1 [ 394.426761][T12465] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12465 comm=syz-executor.1 [ 394.479811][T12465] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12465 comm=syz-executor.1 [ 394.550281][T12465] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12465 comm=syz-executor.1 [ 394.597747][T12465] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12465 comm=syz-executor.1 05:38:04 executing program 2: unshare(0x2a000400) unshare(0x0) [ 394.641148][T12465] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12465 comm=syz-executor.1 05:38:04 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r1}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r2, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)=0x2) 05:38:05 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:05 executing program 2: unshare(0x2a000400) unshare(0x0) 05:38:05 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:05 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r2 = dup(r1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r3, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) [ 395.337141][ T32] audit: type=1800 audit(1583991485.400:103): pid=12469 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16624 res=0 05:38:05 executing program 4: r0 = socket(0x1000000010, 0x80002, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_GET_BEARER_NAMES(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r6, 0x1, 0x0, 0x0, {{}, {0x0, 0x4}}}, 0x1c}}, 0x0) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r2, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r6, 0x10, 0x70bd2a, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4816) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x4}}, [@filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x1c, 0x2, [@TCA_MATCHALL_ACT={0x18, 0x2, [@m_nat={0x14, 0x1, 0x0, 0x0, {{0x8, 0x1, 'nat\x00'}, {0x4}, {0x4}}}]}]}}]}, 0x50}}, 0x0) r7 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r7, 0x800) lseek(r7, 0x0, 0x2) r8 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r7, r8, 0x0, 0xf7fffff7) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) r10 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r9, 0x84, 0x72, &(0x7f00000000c0)={r11}, &(0x7f0000000100)=0xc) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000400)={r11}, &(0x7f0000000440)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r8, 0x84, 0x78, &(0x7f0000000480)=r12, 0x4) sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 05:38:05 executing program 2: unshare(0x2a000400) unshare(0x0) 05:38:05 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:05 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r2 = dup(r1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r3, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) 05:38:06 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r2 = dup(r1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r3, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) [ 395.990883][ T32] audit: type=1800 audit(1583991486.050:104): pid=12506 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16645 res=0 05:38:06 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:06 executing program 2 (fault-call:1 fault-nth:0): unshare(0x2a000400) unshare(0x8000400) 05:38:06 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 396.450457][T12522] FAULT_INJECTION: forcing a failure. [ 396.450457][T12522] name failslab, interval 1, probability 0, space 0, times 1 [ 396.464253][T12522] CPU: 0 PID: 12522 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 396.473279][T12522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 396.483718][T12522] Call Trace: [ 396.487144][T12522] dump_stack+0x1c9/0x220 [ 396.491767][T12522] should_fail+0x8b7/0x9e0 [ 396.496341][T12522] __should_failslab+0x1f6/0x290 [ 396.501649][T12522] should_failslab+0x29/0x70 [ 396.506596][T12522] kmem_cache_alloc+0xd0/0xd70 [ 396.511514][T12522] ? create_new_namespaces+0xc4/0x11e0 [ 396.517327][T12522] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 396.523805][T12522] ? kmsan_get_metadata+0x11d/0x180 [ 396.529357][T12522] create_new_namespaces+0xc4/0x11e0 [ 396.541333][T12522] ? kmsan_get_metadata+0x11d/0x180 [ 396.546680][T12522] ? kmsan_get_metadata+0x11d/0x180 [ 396.552144][T12522] unshare_nsproxy_namespaces+0x25e/0x340 [ 396.557990][T12522] ksys_unshare+0x8d5/0x1120 [ 396.563135][T12522] ? prepare_exit_to_usermode+0x1ca/0x520 [ 396.569255][T12522] __ia32_sys_unshare+0x58/0x80 [ 396.574414][T12522] ? __se_sys_unshare+0x60/0x60 [ 396.580138][T12522] do_fast_syscall_32+0x3c7/0x6e0 [ 396.587761][T12522] entry_SYSENTER_compat+0x68/0x77 [ 396.594613][T12522] RIP: 0023:0xf7f6bd99 [ 396.598973][T12522] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 396.620534][T12522] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 396.629024][T12522] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 396.637058][T12522] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 05:38:06 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r2 = dup(r1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_GEM_CLOSE(0xffffffffffffffff, 0x40046f41, &(0x7f0000000100)={r3, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) [ 396.645078][T12522] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 396.653358][T12522] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 396.661569][T12522] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:06 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:06 executing program 4: mkdir(&(0x7f0000000400)='./file1\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000080)='./file1\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f0000000280)=ANY=[@ANYBLOB="020000000100000000000000040000000000000020000000", @ANYRES32, @ANYBLOB="08000000e27790f5f956cd5dcbb7fbded85d09f85e7aec2ae1b09d5cab209b4a8ce60f3e42f6454a33d850c4e060927fb7cae3966b0960f6213e18b42f2b9dfe1971e04dddd75effbc1970e635f2ea713bd3d72829bed50e1fc5ce4871e0c5573f9f06a872590b66191a013685d98d12593b51019422f59663b3eae72506dfba6a8b01da26633acb9c6b00", @ANYRES32=0x0, @ANYBLOB="7400000000000000fe7f0200000000001ae257998f88fb0dc40d3eae37eb6463"], 0x1c, 0x2) mkdir(&(0x7f0000000000)='./file1/file0\x00', 0x0) r0 = creat(&(0x7f0000000680)='./bus\x00', 0x0) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x688902, 0x0) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000100)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}}) ftruncate(r0, 0x800) lseek(r0, 0x0, 0x2) r2 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r0, r2, 0x0, 0xf7fffff7) fanotify_mark(r2, 0x40, 0x1, 0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00') 05:38:06 executing program 2 (fault-call:1 fault-nth:1): unshare(0x2a000400) unshare(0x8000400) 05:38:07 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r2 = dup(r1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_GEM_CLOSE(0xffffffffffffffff, 0x40046f41, &(0x7f0000000100)={r3, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) [ 397.186969][T12538] FAULT_INJECTION: forcing a failure. [ 397.186969][T12538] name failslab, interval 1, probability 0, space 0, times 0 [ 397.200194][T12538] CPU: 0 PID: 12538 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 397.209044][T12538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 397.219682][T12538] Call Trace: [ 397.223077][T12538] dump_stack+0x1c9/0x220 [ 397.227747][T12538] should_fail+0x8b7/0x9e0 [ 397.232430][T12538] __should_failslab+0x1f6/0x290 [ 397.237684][T12538] should_failslab+0x29/0x70 [ 397.242385][T12538] kmem_cache_alloc_trace+0xf3/0xd70 [ 397.247803][T12538] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 397.253967][T12538] ? copy_ipcs+0x1ec/0x7f0 [ 397.258634][T12538] ? inc_ucount+0x9fb/0xfc0 [ 397.263270][T12538] ? kmsan_get_metadata+0x11d/0x180 [ 397.268623][T12538] copy_ipcs+0x1ec/0x7f0 [ 397.272993][T12538] ? kmsan_get_metadata+0x11d/0x180 [ 397.278315][T12538] create_new_namespaces+0x550/0x11e0 [ 397.283793][T12538] ? kmsan_get_metadata+0x11d/0x180 [ 397.289139][T12538] unshare_nsproxy_namespaces+0x25e/0x340 [ 397.295074][T12538] ksys_unshare+0x8d5/0x1120 [ 397.299778][T12538] ? prepare_exit_to_usermode+0x1ca/0x520 [ 397.305789][T12538] __ia32_sys_unshare+0x58/0x80 [ 397.310753][T12538] ? __se_sys_unshare+0x60/0x60 [ 397.315723][T12538] do_fast_syscall_32+0x3c7/0x6e0 [ 397.321016][T12538] entry_SYSENTER_compat+0x68/0x77 [ 397.326226][T12538] RIP: 0023:0xf7f6bd99 [ 397.330564][T12538] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 397.350551][T12538] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 397.359062][T12538] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 397.367124][T12538] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 397.375181][T12538] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 397.383266][T12538] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 397.391315][T12538] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 397.402155][ T32] audit: type=1800 audit(1583991487.270:105): pid=12540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16654 res=0 05:38:07 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:07 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:07 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r2 = dup(r1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_GEM_CLOSE(0xffffffffffffffff, 0x40046f41, &(0x7f0000000100)={r3, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) 05:38:07 executing program 2 (fault-call:1 fault-nth:2): unshare(0x2a000400) unshare(0x8000400) 05:38:07 executing program 5: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x400000) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) r1 = dup(0xffffffffffffffff) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r2, 0xc00464c9, &(0x7f0000000040)) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000080), 0x4) setsockopt$inet6_tcp_int(r2, 0x6, 0x4, &(0x7f00000000c0)=0xd, 0x4) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) r3 = open(&(0x7f0000000140)='./file0\x00', 0x40102, 0x2) recvfrom$rose(r3, &(0x7f0000000180), 0x0, 0x10020, &(0x7f00000001c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}}, 0x1c) r4 = dup3(r2, r1, 0x0) sendmsg$IPSET_CMD_GET_BYINDEX(r4, &(0x7f00000002c0)={&(0x7f0000000200), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x34, 0xf, 0x6, 0x801, 0x0, 0x0, {0x5, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x50) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vcs\x00', 0x80000, 0x0) ioctl$TIOCSSERIAL(r5, 0x541e, &(0x7f0000001340)={0x0, 0x9, 0xd0a, 0x2c, 0x8, 0x4, 0x2, 0x0, 0x80, 0x40, 0x3f, 0x9, 0x80, 0x9, &(0x7f0000000340)=""/4096, 0x6, 0x7, 0xffffff00}) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000001380)='/dev/full\x00', 0x101080, 0x0) ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f00000013c0)={@ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}, @dev={0xfe, 0x80, [], 0x31}, @dev={0xfe, 0x80, [], 0x24}, 0x4, 0x9b, 0x100, 0x500, 0x91, 0x10010}) r7 = openat$full(0xffffffffffffff9c, &(0x7f0000001440)='/dev/full\x00', 0x14000, 0x0) ioctl$SIOCAX25GETINFOOLD(r7, 0x89e9, &(0x7f0000001480)) getsockname$inet(r7, &(0x7f00000014c0)={0x2, 0x0, @multicast1}, &(0x7f0000001500)=0x10) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0185648, &(0x7f00000028c0)={0xfffffff, 0x486, 0xffff, 0xffffffffffffffff, 0x0, &(0x7f0000002880)={0x9a090e, 0x7fffffff, [], @ptr=0x2634}}) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r8, 0x118, 0x1, &(0x7f0000002900)=0x4, 0x4) r9 = syz_open_dev$video(&(0x7f0000002940)='/dev/video#\x00', 0x3, 0x0) sync_file_range(r9, 0x1, 0xef44, 0x3) r10 = socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r10, 0x8983, &(0x7f0000002980)={0x7, 'ip_vti0\x00', {0x8}}) r11 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000029c0)='/dev/vcsa\x00', 0x400000, 0x0) ioctl$SIOCGETNODEID(r11, 0x89e1, &(0x7f0000002a00)={0x4}) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(r3, 0xc0245720, &(0x7f0000002a40)) ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0445609, &(0x7f0000002a80)={0x887, 0xc, 0x4, 0x2, 0x81, {}, {0x1, 0x1a, 0x8, 0xf8, 0x7, 0xf7, "ac60dbf4"}, 0x6, 0x2, @offset=0x4, 0x6, 0x0, 0xffffffffffffffff}) r13 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000002b40)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r12, &(0x7f0000002c80)={&(0x7f0000002b00)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000002c40)={&(0x7f0000002b80)={0x88, r13, 0x800, 0x70bd27, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0_to_batadv\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr="6679bb5ca09aa450d9dd6907399ec7fc"}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'sit0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'lo\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @empty}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}]}, 0x88}}, 0x4008080) 05:38:08 executing program 3: r0 = syz_open_dev$dri(0x0, 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 398.045294][ T32] audit: type=1800 audit(1583991488.110:106): pid=12558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16654 res=0 [ 398.046060][T12559] FAULT_INJECTION: forcing a failure. [ 398.046060][T12559] name failslab, interval 1, probability 0, space 0, times 0 [ 398.083286][T12559] CPU: 1 PID: 12559 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 398.092061][T12559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 398.102471][T12559] Call Trace: [ 398.105872][T12559] dump_stack+0x1c9/0x220 [ 398.110300][T12559] should_fail+0x8b7/0x9e0 [ 398.114803][T12559] __should_failslab+0x1f6/0x290 [ 398.119948][T12559] should_failslab+0x29/0x70 [ 398.124622][T12559] kmem_cache_alloc_trace+0xf3/0xd70 [ 398.130002][T12559] ? alloc_fs_context+0xe3/0xd00 [ 398.135031][T12559] ? kmsan_get_metadata+0x4f/0x180 [ 398.140216][T12559] ? kmsan_get_metadata+0x11d/0x180 [ 398.145470][T12559] alloc_fs_context+0xe3/0xd00 [ 398.150753][T12559] fs_context_for_mount+0x83/0xa0 [ 398.155876][T12559] mq_init_ns+0x147/0x730 [ 398.160276][T12559] ? kmsan_get_metadata+0x11d/0x180 [ 398.165568][T12559] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 398.171486][T12559] copy_ipcs+0x40a/0x7f0 [ 398.175818][T12559] create_new_namespaces+0x550/0x11e0 [ 398.181481][T12559] ? kmsan_get_metadata+0x11d/0x180 [ 398.186795][T12559] unshare_nsproxy_namespaces+0x25e/0x340 [ 398.193419][T12559] ksys_unshare+0x8d5/0x1120 [ 398.198099][T12559] ? prepare_exit_to_usermode+0x1ca/0x520 [ 398.204871][T12559] __ia32_sys_unshare+0x58/0x80 [ 398.210030][T12559] ? __se_sys_unshare+0x60/0x60 [ 398.215195][T12559] do_fast_syscall_32+0x3c7/0x6e0 [ 398.220471][T12559] entry_SYSENTER_compat+0x68/0x77 [ 398.225621][T12559] RIP: 0023:0xf7f6bd99 [ 398.229795][T12559] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 398.250010][T12559] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 398.258585][T12559] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 398.266628][T12559] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 398.275064][T12559] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 398.283094][T12559] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 05:38:08 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 398.291104][T12559] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:08 executing program 4: 05:38:08 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0), 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:08 executing program 3: r0 = syz_open_dev$dri(0x0, 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:38:08 executing program 0: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x26f) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:08 executing program 2 (fault-call:1 fault-nth:3): unshare(0x2a000400) unshare(0x8000400) 05:38:08 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) [ 399.032794][T12577] FAULT_INJECTION: forcing a failure. [ 399.032794][T12577] name failslab, interval 1, probability 0, space 0, times 0 [ 399.046017][T12577] CPU: 0 PID: 12577 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 399.055176][T12577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 399.065298][T12577] Call Trace: [ 399.068656][T12577] dump_stack+0x1c9/0x220 [ 399.073059][T12577] should_fail+0x8b7/0x9e0 [ 399.077560][T12577] __should_failslab+0x1f6/0x290 [ 399.082565][T12577] should_failslab+0x29/0x70 [ 399.087219][T12577] kmem_cache_alloc_trace+0xf3/0xd70 [ 399.092559][T12577] ? mqueue_init_fs_context+0x82/0x550 [ 399.098065][T12577] ? kmem_cache_alloc_trace+0x170/0xd70 [ 399.103661][T12577] ? kmsan_get_metadata+0x11d/0x180 [ 399.108917][T12577] mqueue_init_fs_context+0x82/0x550 [ 399.114261][T12577] ? kmsan_get_metadata+0x11d/0x180 [ 399.119548][T12577] ? do_mq_getsetattr+0x800/0x800 [ 399.124643][T12577] alloc_fs_context+0xae4/0xd00 [ 399.129576][T12577] fs_context_for_mount+0x83/0xa0 [ 399.134662][T12577] mq_init_ns+0x147/0x730 [ 399.139043][T12577] ? kmsan_get_metadata+0x11d/0x180 [ 399.144336][T12577] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 399.150225][T12577] copy_ipcs+0x40a/0x7f0 [ 399.154842][T12577] create_new_namespaces+0x550/0x11e0 [ 399.160292][T12577] ? kmsan_get_metadata+0x11d/0x180 [ 399.165631][T12577] unshare_nsproxy_namespaces+0x25e/0x340 [ 399.171437][T12577] ksys_unshare+0x8d5/0x1120 [ 399.176145][T12577] ? prepare_exit_to_usermode+0x1ca/0x520 [ 399.181978][T12577] __ia32_sys_unshare+0x58/0x80 [ 399.186897][T12577] ? __se_sys_unshare+0x60/0x60 [ 399.191866][T12577] do_fast_syscall_32+0x3c7/0x6e0 [ 399.197021][T12577] entry_SYSENTER_compat+0x68/0x77 [ 399.202304][T12577] RIP: 0023:0xf7f6bd99 [ 399.206472][T12577] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 399.227476][T12577] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 399.236200][T12577] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 399.244892][T12577] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 399.253828][T12577] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 399.262504][T12577] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 399.270673][T12577] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 399.316883][T12580] selinux_netlink_send: 54 callbacks suppressed [ 399.316933][T12580] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12580 comm=syz-executor.1 [ 399.356579][T12581] 9pnet: Insufficient options for proto=fd [ 399.383872][T12580] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12580 comm=syz-executor.1 [ 399.425980][T12580] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12580 comm=syz-executor.1 05:38:09 executing program 0: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x26f) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 399.474207][T12580] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12580 comm=syz-executor.1 05:38:09 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/ip6_tables_targets\x00') r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x101103) dup2(r0, r1) [ 399.546027][T12580] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12580 comm=syz-executor.1 [ 399.678556][T12580] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12580 comm=syz-executor.1 05:38:09 executing program 3: r0 = syz_open_dev$dri(0x0, 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 399.733998][T12580] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12580 comm=syz-executor.1 [ 399.771203][T12586] IPVS: ftp: loaded support on port[0] = 21 [ 399.822900][T12580] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12580 comm=syz-executor.1 [ 399.861689][T12589] 9pnet: Insufficient options for proto=fd [ 399.921277][T12580] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12580 comm=syz-executor.1 [ 399.983470][T12580] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12580 comm=syz-executor.1 [ 400.341031][T12586] chnl_net:caif_netlink_parms(): no params data found [ 400.440298][T12586] bridge0: port 1(bridge_slave_0) entered blocking state [ 400.447817][T12586] bridge0: port 1(bridge_slave_0) entered disabled state [ 400.456989][T12586] device bridge_slave_0 entered promiscuous mode [ 400.469091][T12586] bridge0: port 2(bridge_slave_1) entered blocking state [ 400.476520][T12586] bridge0: port 2(bridge_slave_1) entered disabled state [ 400.485949][T12586] device bridge_slave_1 entered promiscuous mode [ 400.523796][T12586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 400.539511][T12586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 400.577729][T12586] team0: Port device team_slave_0 added [ 400.588447][T12586] team0: Port device team_slave_1 added [ 400.616190][T12586] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 400.623446][T12586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 400.649652][T12586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 400.668897][T12586] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 400.676128][T12586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 400.702481][T12586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 400.787454][T12586] device hsr_slave_0 entered promiscuous mode [ 400.843482][T12586] device hsr_slave_1 entered promiscuous mode [ 400.892281][T12586] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 400.900013][T12586] Cannot create hsr debugfs directory [ 401.065641][T12586] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 401.117653][T12586] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 401.179516][T12586] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 401.237576][T12586] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 401.340653][T12586] bridge0: port 2(bridge_slave_1) entered blocking state [ 401.348247][T12586] bridge0: port 2(bridge_slave_1) entered forwarding state [ 401.356291][T12586] bridge0: port 1(bridge_slave_0) entered blocking state [ 401.363650][T12586] bridge0: port 1(bridge_slave_0) entered forwarding state [ 401.377664][ T3227] bridge0: port 1(bridge_slave_0) entered disabled state [ 401.387322][ T3227] bridge0: port 2(bridge_slave_1) entered disabled state [ 401.511661][T12586] 8021q: adding VLAN 0 to HW filter on device bond0 [ 401.538373][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 401.547522][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 401.567852][T12586] 8021q: adding VLAN 0 to HW filter on device team0 [ 401.586109][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 401.596422][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 401.606915][ T2717] bridge0: port 1(bridge_slave_0) entered blocking state [ 401.614237][ T2717] bridge0: port 1(bridge_slave_0) entered forwarding state [ 401.636673][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 401.646636][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 401.656078][ T3227] bridge0: port 2(bridge_slave_1) entered blocking state [ 401.663488][ T3227] bridge0: port 2(bridge_slave_1) entered forwarding state [ 401.710131][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 401.720499][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 401.731178][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 401.741843][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 401.753832][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 401.770148][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 401.781304][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 401.804864][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 401.814074][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 401.833195][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 401.843295][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 401.860921][T12586] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 401.908424][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 401.916620][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 401.940926][T12586] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 402.070294][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 402.080783][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 402.129853][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 402.142411][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 402.153059][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 402.162709][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 402.187268][T12586] device veth0_vlan entered promiscuous mode [ 402.216142][T12586] device veth1_vlan entered promiscuous mode [ 402.277973][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 402.287292][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 402.297612][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 402.307966][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 402.332738][T12586] device veth0_macvtap entered promiscuous mode [ 402.356919][T12586] device veth1_macvtap entered promiscuous mode [ 402.388247][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 402.397837][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 402.426518][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 402.437890][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.448242][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 402.459298][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.469310][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 402.480175][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.490246][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 402.500893][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.510913][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 402.521589][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.535372][T12586] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 402.544653][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 402.555607][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 402.580077][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 402.591391][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.602625][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 402.613558][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.623803][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 402.634659][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.645097][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 402.656012][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.665986][T12586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 402.676552][T12586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.689750][T12586] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 402.699149][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 402.709663][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 05:38:13 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000280)='SMC_PNETID\x00') sendmsg$SMC_PNETID_ADD(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x34, r1, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bridge_slave_1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x34}}, 0x0) syz_genetlink_get_family_id$smc(&(0x7f0000000280)='SMC_PNETID\x00') 05:38:13 executing program 2 (fault-call:1 fault-nth:4): unshare(0x2a000400) unshare(0x8000400) 05:38:13 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00') getdents64(r0, &(0x7f0000000140)=""/100, 0x64) getdents64(r0, 0x0, 0x0) 05:38:13 executing program 0: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x26f) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:13 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0), 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:13 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 403.301195][T12640] FAULT_INJECTION: forcing a failure. [ 403.301195][T12640] name failslab, interval 1, probability 0, space 0, times 0 [ 403.314991][T12640] CPU: 1 PID: 12640 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 403.323782][T12640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.334570][T12640] Call Trace: [ 403.334645][T12640] dump_stack+0x1c9/0x220 05:38:13 executing program 4: [ 403.334723][T12640] should_fail+0x8b7/0x9e0 [ 403.334816][T12640] __should_failslab+0x1f6/0x290 05:38:13 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 403.334884][T12640] should_failslab+0x29/0x70 [ 403.334936][T12640] kmem_cache_alloc_trace+0xf3/0xd70 [ 403.334995][T12640] ? alloc_super+0xa6/0xdc0 [ 403.335068][T12640] ? kmsan_get_metadata+0x11d/0x180 [ 403.335130][T12640] ? kmsan_get_metadata+0x11d/0x180 [ 403.335191][T12640] alloc_super+0xa6/0xdc0 [ 403.335257][T12640] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 403.335329][T12640] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 05:38:13 executing program 2 (fault-call:1 fault-nth:5): unshare(0x2a000400) unshare(0x8000400) [ 403.335387][T12640] sget_fc+0x454/0xe40 [ 403.335443][T12640] ? kill_litter_super+0x120/0x120 [ 403.335513][T12640] ? test_single_super+0x30/0x30 [ 403.335584][T12640] get_tree_keyed+0xb8/0x430 [ 403.335665][T12640] ? mqueue_get_tree+0xc0/0xc0 [ 403.335727][T12640] mqueue_get_tree+0x94/0xc0 05:38:13 executing program 5: 05:38:14 executing program 4: r0 = creat(&(0x7f0000000240)='./bus\x00', 0x0) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000280)) [ 403.335789][T12640] ? mqueue_fs_context_free+0xa0/0xa0 [ 403.335867][T12640] vfs_get_tree+0xdd/0x580 05:38:14 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 403.335931][T12640] fc_mount+0x53/0x150 [ 403.335995][T12640] mq_init_ns+0x550/0x730 [ 403.336066][T12640] copy_ipcs+0x40a/0x7f0 [ 403.336155][T12640] create_new_namespaces+0x550/0x11e0 [ 403.336213][T12640] ? kmsan_get_metadata+0x11d/0x180 [ 403.336309][T12640] unshare_nsproxy_namespaces+0x25e/0x340 [ 403.336387][T12640] ksys_unshare+0x8d5/0x1120 [ 403.336452][T12640] ? prepare_exit_to_usermode+0x1ca/0x520 [ 403.336532][T12640] __ia32_sys_unshare+0x58/0x80 [ 403.336580][T12640] ? __se_sys_unshare+0x60/0x60 05:38:14 executing program 2 (fault-call:1 fault-nth:6): unshare(0x2a000400) unshare(0x8000400) [ 403.336638][T12640] do_fast_syscall_32+0x3c7/0x6e0 [ 403.336728][T12640] entry_SYSENTER_compat+0x68/0x77 [ 403.336765][T12640] RIP: 0023:0xf7f6bd99 05:38:14 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0), 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 403.336829][T12640] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 05:38:14 executing program 4: r0 = socket(0x1e, 0x5, 0x0) r1 = socket(0x1e, 0x2, 0x0) bind(r1, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cb184a"}, 0x80) connect$tipc(r0, &(0x7f00000000c0)=@name, 0x10) connect$tipc(r0, &(0x7f0000000000)=@name, 0x10) [ 403.336856][T12640] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 403.336908][T12640] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 403.336937][T12640] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 403.336966][T12640] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 403.336997][T12640] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 403.337029][T12640] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 403.371430][T12644] 9pnet: Insufficient options for proto=fd [ 403.931282][T12657] FAULT_INJECTION: forcing a failure. [ 403.931282][T12657] name failslab, interval 1, probability 0, space 0, times 0 [ 403.931341][T12657] CPU: 1 PID: 12657 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 403.931372][T12657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.931389][T12657] Call Trace: [ 403.931455][T12657] dump_stack+0x1c9/0x220 [ 403.931525][T12657] should_fail+0x8b7/0x9e0 [ 403.931614][T12657] __should_failslab+0x1f6/0x290 [ 403.931680][T12657] should_failslab+0x29/0x70 [ 403.931734][T12657] kmem_cache_alloc_trace+0xf3/0xd70 [ 403.931798][T12657] ? selinux_sb_alloc_security+0x82/0x380 [ 403.931862][T12657] ? kmsan_get_metadata+0x11d/0x180 [ 403.931948][T12657] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 403.932015][T12657] ? kmsan_get_metadata+0x11d/0x180 [ 403.932087][T12657] ? selinux_shm_alloc_security+0x390/0x390 [ 403.932148][T12657] selinux_sb_alloc_security+0x82/0x380 [ 403.932216][T12657] ? selinux_shm_alloc_security+0x390/0x390 [ 403.932280][T12657] security_sb_alloc+0xb7/0x1a0 [ 403.932352][T12657] alloc_super+0x24e/0xdc0 [ 403.932428][T12657] sget_fc+0x454/0xe40 [ 403.932486][T12657] ? kill_litter_super+0x120/0x120 [ 403.932555][T12657] ? test_single_super+0x30/0x30 [ 403.932620][T12657] get_tree_keyed+0xb8/0x430 [ 403.932690][T12657] ? mqueue_get_tree+0xc0/0xc0 [ 403.932754][T12657] mqueue_get_tree+0x94/0xc0 [ 403.932818][T12657] ? mqueue_fs_context_free+0xa0/0xa0 [ 403.932886][T12657] vfs_get_tree+0xdd/0x580 [ 403.932947][T12657] fc_mount+0x53/0x150 [ 403.933008][T12657] mq_init_ns+0x550/0x730 [ 403.933080][T12657] copy_ipcs+0x40a/0x7f0 [ 403.933170][T12657] create_new_namespaces+0x550/0x11e0 [ 403.933402][T12657] ? kmsan_get_metadata+0x11d/0x180 [ 403.933507][T12657] unshare_nsproxy_namespaces+0x25e/0x340 [ 403.933575][T12657] ksys_unshare+0x8d5/0x1120 [ 403.933640][T12657] ? prepare_exit_to_usermode+0x1ca/0x520 [ 403.933721][T12657] __ia32_sys_unshare+0x58/0x80 [ 403.933774][T12657] ? __se_sys_unshare+0x60/0x60 [ 403.933827][T12657] do_fast_syscall_32+0x3c7/0x6e0 [ 403.933926][T12657] entry_SYSENTER_compat+0x68/0x77 [ 403.933964][T12657] RIP: 0023:0xf7f6bd99 [ 403.934027][T12657] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 403.934050][T12657] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 403.934101][T12657] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 403.934128][T12657] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 403.934156][T12657] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 403.934184][T12657] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 403.934213][T12657] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 404.615988][T12671] FAULT_INJECTION: forcing a failure. [ 404.615988][T12671] name failslab, interval 1, probability 0, space 0, times 0 [ 404.616047][T12671] CPU: 0 PID: 12671 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 404.616079][T12671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 404.616096][T12671] Call Trace: [ 404.616161][T12671] dump_stack+0x1c9/0x220 [ 404.616234][T12671] should_fail+0x8b7/0x9e0 [ 404.616324][T12671] __should_failslab+0x1f6/0x290 [ 404.616386][T12671] should_failslab+0x29/0x70 [ 404.616435][T12671] kmem_cache_alloc_trace+0xf3/0xd70 [ 404.616501][T12671] ? mqueue_init_fs_context+0x82/0x550 [ 404.616556][T12671] ? kmem_cache_alloc_trace+0x170/0xd70 [ 404.616625][T12671] ? kmsan_get_metadata+0x11d/0x180 [ 404.616695][T12671] mqueue_init_fs_context+0x82/0x550 [ 404.616762][T12671] ? kmsan_get_metadata+0x11d/0x180 [ 404.616827][T12671] ? do_mq_getsetattr+0x800/0x800 [ 404.616878][T12671] alloc_fs_context+0xae4/0xd00 [ 404.616961][T12671] fs_context_for_mount+0x83/0xa0 [ 404.617021][T12671] mq_init_ns+0x147/0x730 [ 404.617085][T12671] ? kmsan_get_metadata+0x11d/0x180 [ 404.617226][T12671] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 404.617288][T12671] copy_ipcs+0x40a/0x7f0 [ 404.617376][T12671] create_new_namespaces+0x550/0x11e0 [ 404.617439][T12671] ? kmsan_get_metadata+0x11d/0x180 [ 404.617530][T12671] unshare_nsproxy_namespaces+0x25e/0x340 [ 404.617607][T12671] ksys_unshare+0x8d5/0x1120 [ 404.617675][T12671] ? prepare_exit_to_usermode+0x1ca/0x520 [ 404.617761][T12671] __ia32_sys_unshare+0x58/0x80 [ 404.617810][T12671] ? __se_sys_unshare+0x60/0x60 [ 404.617866][T12671] do_fast_syscall_32+0x3c7/0x6e0 [ 404.617953][T12671] entry_SYSENTER_compat+0x68/0x77 [ 404.617990][T12671] RIP: 0023:0xf7f6bd99 [ 404.618065][T12671] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 404.618094][T12671] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 404.618151][T12671] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 404.618183][T12671] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 404.618214][T12671] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 404.618250][T12671] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 404.618279][T12671] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 404.821580][T12678] selinux_netlink_send: 6 callbacks suppressed [ 404.821627][T12678] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12678 comm=syz-executor.1 [ 404.832750][T12678] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12678 comm=syz-executor.1 [ 404.833419][T12678] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12678 comm=syz-executor.1 [ 404.834008][T12678] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12678 comm=syz-executor.1 [ 404.834740][T12678] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12678 comm=syz-executor.1 [ 404.835387][T12678] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12678 comm=syz-executor.1 [ 404.835980][T12678] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12678 comm=syz-executor.1 [ 404.836557][T12678] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12678 comm=syz-executor.1 [ 404.837196][T12678] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12678 comm=syz-executor.1 [ 404.837815][T12678] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12678 comm=syz-executor.1 05:38:15 executing program 0: pipe2$9p(0x0, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x26f) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:15 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, 0x0, 0x0) 05:38:15 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r2 = dup(r1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r3, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) 05:38:15 executing program 2 (fault-call:1 fault-nth:7): unshare(0x2a000400) unshare(0x8000400) 05:38:15 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xe6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='task\x00') 05:38:15 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[]}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 405.819719][T12687] FAULT_INJECTION: forcing a failure. [ 405.819719][T12687] name failslab, interval 1, probability 0, space 0, times 0 [ 405.832914][T12687] CPU: 1 PID: 12687 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 405.841661][T12687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 405.851760][T12687] Call Trace: [ 405.855117][T12687] dump_stack+0x1c9/0x220 [ 405.859515][T12687] should_fail+0x8b7/0x9e0 [ 405.864006][T12687] __should_failslab+0x1f6/0x290 [ 405.869032][T12687] should_failslab+0x29/0x70 [ 405.873683][T12687] __kmalloc+0xae/0x450 [ 405.877906][T12687] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 405.884120][T12687] ? kmsan_get_metadata+0x11d/0x180 [ 405.889375][T12687] ? __list_lru_init+0x126/0x1050 [ 405.894603][T12687] __list_lru_init+0x126/0x1050 [ 405.899534][T12687] ? kmsan_get_metadata+0x11d/0x180 [ 405.904830][T12687] alloc_super+0xc94/0xdc0 [ 405.909327][T12687] sget_fc+0x454/0xe40 [ 405.913465][T12687] ? kill_litter_super+0x120/0x120 [ 405.918731][T12687] ? test_single_super+0x30/0x30 [ 405.923770][T12687] get_tree_keyed+0xb8/0x430 [ 405.928544][T12687] ? mqueue_get_tree+0xc0/0xc0 [ 405.933547][T12687] mqueue_get_tree+0x94/0xc0 [ 405.938284][T12687] ? mqueue_fs_context_free+0xa0/0xa0 [ 405.943720][T12687] vfs_get_tree+0xdd/0x580 [ 405.948244][T12687] fc_mount+0x53/0x150 [ 405.952430][T12687] mq_init_ns+0x550/0x730 [ 405.957125][T12687] copy_ipcs+0x40a/0x7f0 [ 405.961718][T12687] create_new_namespaces+0x550/0x11e0 [ 405.967198][T12687] ? kmsan_get_metadata+0x11d/0x180 [ 405.972496][T12687] unshare_nsproxy_namespaces+0x25e/0x340 [ 405.978493][T12687] ksys_unshare+0x8d5/0x1120 [ 405.983150][T12687] ? prepare_exit_to_usermode+0x1ca/0x520 [ 405.989124][T12687] __ia32_sys_unshare+0x58/0x80 [ 405.994017][T12687] ? __se_sys_unshare+0x60/0x60 [ 405.998929][T12687] do_fast_syscall_32+0x3c7/0x6e0 [ 406.004026][T12687] entry_SYSENTER_compat+0x68/0x77 [ 406.009177][T12687] RIP: 0023:0xf7f6bd99 [ 406.013320][T12687] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 406.032995][T12687] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 406.041510][T12687] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 406.049515][T12687] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 406.057540][T12687] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 406.065570][T12687] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 406.073609][T12687] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:16 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00') getdents64(r0, &(0x7f0000000140)=""/100, 0x64) 05:38:16 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r2 = dup(r1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r3, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) 05:38:16 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000180)=""/254) sendmsg$BATADV_CMD_GET_ORIGINATORS(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14}, 0x14}}, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/254) [ 406.320897][T12697] 9pnet: Insufficient options for proto=fd 05:38:16 executing program 0: pipe2$9p(0x0, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x26f) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 05:38:16 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r2 = dup(r1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r3, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) 05:38:16 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[]}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 406.887132][T12714] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 406.906954][T12715] 9pnet: Insufficient options for proto=fd 05:38:17 executing program 2 (fault-call:1 fault-nth:8): unshare(0x2a000400) unshare(0x8000400) 05:38:17 executing program 0: pipe2$9p(0x0, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x26f) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:17 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, 0x0) r2 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r3, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) 05:38:17 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) [ 407.274243][T12726] FAULT_INJECTION: forcing a failure. [ 407.274243][T12726] name failslab, interval 1, probability 0, space 0, times 0 [ 407.287946][T12726] CPU: 0 PID: 12726 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 407.296788][T12726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 407.306880][T12726] Call Trace: [ 407.310225][T12726] dump_stack+0x1c9/0x220 [ 407.314625][T12726] should_fail+0x8b7/0x9e0 [ 407.319635][T12726] __should_failslab+0x1f6/0x290 [ 407.324657][T12726] should_failslab+0x29/0x70 [ 407.329331][T12726] __kmalloc_node+0x1b1/0x11f0 [ 407.334165][T12726] ? kvmalloc_node+0x19a/0x3c0 [ 407.339710][T12726] kvmalloc_node+0x19a/0x3c0 [ 407.344434][T12726] __list_lru_init+0x55e/0x1050 [ 407.349358][T12726] ? kmsan_get_metadata+0x11d/0x180 [ 407.354706][T12726] alloc_super+0xc94/0xdc0 [ 407.359400][T12726] sget_fc+0x454/0xe40 [ 407.363677][T12726] ? kill_litter_super+0x120/0x120 [ 407.368998][T12726] ? test_single_super+0x30/0x30 [ 407.374005][T12726] get_tree_keyed+0xb8/0x430 [ 407.378719][T12726] ? mqueue_get_tree+0xc0/0xc0 [ 407.383597][T12726] mqueue_get_tree+0x94/0xc0 [ 407.388474][T12726] ? mqueue_fs_context_free+0xa0/0xa0 [ 407.393941][T12726] vfs_get_tree+0xdd/0x580 [ 407.398455][T12726] fc_mount+0x53/0x150 [ 407.402631][T12726] mq_init_ns+0x550/0x730 [ 407.407055][T12726] copy_ipcs+0x40a/0x7f0 [ 407.411417][T12726] create_new_namespaces+0x550/0x11e0 [ 407.416992][T12726] ? kmsan_get_metadata+0x11d/0x180 [ 407.422293][T12726] unshare_nsproxy_namespaces+0x25e/0x340 [ 407.428094][T12726] ksys_unshare+0x8d5/0x1120 [ 407.432775][T12726] ? prepare_exit_to_usermode+0x1ca/0x520 [ 407.438926][T12726] __ia32_sys_unshare+0x58/0x80 [ 407.443969][T12726] ? __se_sys_unshare+0x60/0x60 [ 407.449234][T12726] do_fast_syscall_32+0x3c7/0x6e0 [ 407.454356][T12726] entry_SYSENTER_compat+0x68/0x77 [ 407.459619][T12726] RIP: 0023:0xf7f6bd99 [ 407.463892][T12726] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 407.483564][T12726] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 407.492055][T12726] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 407.500122][T12726] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 407.508158][T12726] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 407.516196][T12726] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 407.524333][T12726] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 407.618449][T12727] 9pnet: Insufficient options for proto=fd 05:38:17 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 05:38:17 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(0x0, 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:17 executing program 2 (fault-call:1 fault-nth:9): unshare(0x2a000400) unshare(0x8000400) 05:38:18 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[]}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:18 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, 0x0) r2 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r3, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) [ 408.079552][T12747] FAULT_INJECTION: forcing a failure. [ 408.079552][T12747] name failslab, interval 1, probability 0, space 0, times 0 [ 408.095222][T12747] CPU: 0 PID: 12747 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 408.104035][T12747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 408.114254][T12747] Call Trace: [ 408.117634][T12747] dump_stack+0x1c9/0x220 [ 408.122046][T12747] should_fail+0x8b7/0x9e0 [ 408.126553][T12747] __should_failslab+0x1f6/0x290 [ 408.131544][T12747] should_failslab+0x29/0x70 [ 408.136203][T12747] kmem_cache_alloc_trace+0xf3/0xd70 [ 408.141586][T12747] ? __list_lru_init+0x654/0x1050 [ 408.146690][T12747] ? kmsan_get_metadata+0x11d/0x180 [ 408.151983][T12747] __list_lru_init+0x654/0x1050 [ 408.157054][T12747] alloc_super+0xc94/0xdc0 [ 408.161538][T12747] sget_fc+0x454/0xe40 [ 408.165691][T12747] ? kill_litter_super+0x120/0x120 [ 408.170893][T12747] ? test_single_super+0x30/0x30 [ 408.175911][T12747] get_tree_keyed+0xb8/0x430 [ 408.180558][T12747] ? mqueue_get_tree+0xc0/0xc0 [ 408.185409][T12747] mqueue_get_tree+0x94/0xc0 [ 408.190068][T12747] ? mqueue_fs_context_free+0xa0/0xa0 [ 408.195775][T12747] vfs_get_tree+0xdd/0x580 [ 408.200286][T12747] fc_mount+0x53/0x150 [ 408.204457][T12747] mq_init_ns+0x550/0x730 [ 408.209325][T12747] copy_ipcs+0x40a/0x7f0 [ 408.213791][T12747] create_new_namespaces+0x550/0x11e0 [ 408.219448][T12747] ? kmsan_get_metadata+0x11d/0x180 [ 408.224799][T12747] unshare_nsproxy_namespaces+0x25e/0x340 [ 408.230839][T12747] ksys_unshare+0x8d5/0x1120 [ 408.235501][T12747] ? prepare_exit_to_usermode+0x1ca/0x520 [ 408.241413][T12747] __ia32_sys_unshare+0x58/0x80 [ 408.246357][T12747] ? __se_sys_unshare+0x60/0x60 [ 408.251411][T12747] do_fast_syscall_32+0x3c7/0x6e0 [ 408.257911][T12747] entry_SYSENTER_compat+0x68/0x77 [ 408.263087][T12747] RIP: 0023:0xf7f6bd99 [ 408.267235][T12747] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 408.286927][T12747] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 408.295410][T12747] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 408.303419][T12747] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 408.311423][T12747] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 408.319837][T12747] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 408.327873][T12747] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:18 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(0x0, 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:18 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40086602, 0x400007) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) perf_event_open(0x0, 0x0, 0x0, r3, 0x0) socket$kcm(0x29, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='cpu.stat\x00', 0x2761, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="006d256d00027920"], 0xda00) write$cgroup_int(r5, &(0x7f0000000200), 0x1fff0) r6 = perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x1f, 0x9, 0x3, 0x0, 0x200, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0xffffffffffffffff, 0x95}, 0x20, 0x0, 0x0, 0x0, 0x800, 0x8000, 0x4}, 0x0, 0xe, 0xffffffffffffffff, 0x9) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r4, 0x2405, r6) ioctl$TUNDETACHFILTER(r2, 0x401054d6, 0x0) 05:38:18 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 05:38:18 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, 0x0) r2 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r3, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) 05:38:19 executing program 2 (fault-call:1 fault-nth:10): unshare(0x2a000400) unshare(0x8000400) 05:38:19 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(0x0, 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 409.088525][ T32] audit: type=1400 audit(1583991499.150:107): avc: denied { write } for pid=12759 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 05:38:19 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0xb3, 0x2, 0x0, 0x0, 0x0, 0x1010, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x3, 0x3, 0x6, 0x80, 0x3800}, 0x0, 0x5, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x8) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000440)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000001a3acceed2359b6a7042f95065a090e15e1b23c404f79c61f76c1a82ce772b05000000012097dee8d6e2a64fa661c0e29a9aaf0855cbca11d1082f44e2649eee73cb488c4b4be802a2a42fce4b856ebb8fe3ad469afd174e24102edd6178d64c1868b961b8d16c91f4963696944fa79975820875b16a96b193f0b7e3ff4a5ddd759d9f6dd306dba16300000000000000000064b240e9b769f7cdd86bf73a8551df09c8f9203909c3da77200e2469530d0209f964907438d7cf4d71de776bbe844cf758754669b2d1c815de66c015aaa246f8977f3001087b262637a5adb69fb3bceb6ebfb8dba3fa8f2075fac2aeb584f9432deeb3a0363be9cac00c95441e7f1037e4bda50e88205e073da91e496ac4f6b0648066f555"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) close(0xffffffffffffffff) ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000740)) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0xc0fe, &(0x7f00000000c0)="b9ff0300000d698cb89e40f086dd01000005a4004000ffa377fbac141414e9", 0x0, 0x100}, 0x28) [ 409.349423][T12776] FAULT_INJECTION: forcing a failure. [ 409.349423][T12776] name failslab, interval 1, probability 0, space 0, times 0 [ 409.365303][T12776] CPU: 1 PID: 12776 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 409.374113][T12776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 409.384341][T12776] Call Trace: [ 409.387756][T12776] dump_stack+0x1c9/0x220 [ 409.392180][T12776] should_fail+0x8b7/0x9e0 [ 409.396693][T12776] __should_failslab+0x1f6/0x290 [ 409.401708][T12776] should_failslab+0x29/0x70 [ 409.407186][T12776] kmem_cache_alloc_trace+0xf3/0xd70 [ 409.412588][T12776] ? __list_lru_init+0x654/0x1050 [ 409.417853][T12776] ? kmsan_get_metadata+0x11d/0x180 [ 409.423167][T12776] __list_lru_init+0x654/0x1050 [ 409.428149][T12776] alloc_super+0xc94/0xdc0 [ 409.433168][T12776] sget_fc+0x454/0xe40 [ 409.437402][T12776] ? kill_litter_super+0x120/0x120 [ 409.443426][T12776] ? test_single_super+0x30/0x30 [ 409.448531][T12776] get_tree_keyed+0xb8/0x430 [ 409.453296][T12776] ? mqueue_get_tree+0xc0/0xc0 [ 409.458162][T12776] mqueue_get_tree+0x94/0xc0 [ 409.462991][T12776] ? mqueue_fs_context_free+0xa0/0xa0 [ 409.468845][T12776] vfs_get_tree+0xdd/0x580 [ 409.473328][T12776] fc_mount+0x53/0x150 [ 409.477459][T12776] mq_init_ns+0x550/0x730 [ 409.481885][T12776] copy_ipcs+0x40a/0x7f0 [ 409.486229][T12776] create_new_namespaces+0x550/0x11e0 [ 409.491657][T12776] ? kmsan_get_metadata+0x11d/0x180 [ 409.496941][T12776] unshare_nsproxy_namespaces+0x25e/0x340 [ 409.502826][T12776] ksys_unshare+0x8d5/0x1120 [ 409.507473][T12776] ? prepare_exit_to_usermode+0x1ca/0x520 [ 409.513295][T12776] __ia32_sys_unshare+0x58/0x80 [ 409.518221][T12776] ? __se_sys_unshare+0x60/0x60 [ 409.523141][T12776] do_fast_syscall_32+0x3c7/0x6e0 [ 409.528246][T12776] entry_SYSENTER_compat+0x68/0x77 [ 409.533415][T12776] RIP: 0023:0xf7f6bd99 [ 409.537550][T12776] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 409.557994][T12776] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 409.566467][T12776] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 409.574501][T12776] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 409.582513][T12776] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 409.590516][T12776] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 409.598530][T12776] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:19 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x0, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:38:19 executing program 2 (fault-call:1 fault-nth:11): unshare(0x2a000400) unshare(0x8000400) 05:38:19 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:19 executing program 5: r0 = socket$kcm(0x2b, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r0, 0x6, 0x12, &(0x7f0000000200)=r1, 0x4) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) 05:38:19 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:20 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x0, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:38:20 executing program 4: r0 = syz_open_dev$radio(&(0x7f0000000200)='/dev/radio#\x00', 0x2, 0x2) preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000040)=""/90, 0x5a}], 0x1, 0x0) [ 410.515693][T12799] FAULT_INJECTION: forcing a failure. [ 410.515693][T12799] name failslab, interval 1, probability 0, space 0, times 0 [ 410.528670][T12799] CPU: 0 PID: 12799 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 410.537790][T12799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 410.548078][T12799] Call Trace: [ 410.551438][T12799] dump_stack+0x1c9/0x220 [ 410.556117][T12799] should_fail+0x8b7/0x9e0 [ 410.560624][T12799] __should_failslab+0x1f6/0x290 [ 410.565649][T12799] should_failslab+0x29/0x70 [ 410.570322][T12799] kmem_cache_alloc_trace+0xf3/0xd70 [ 410.575708][T12799] ? __list_lru_init+0x654/0x1050 [ 410.580811][T12799] ? kmsan_get_metadata+0x11d/0x180 [ 410.586228][T12799] __list_lru_init+0x654/0x1050 [ 410.591217][T12799] alloc_super+0xc94/0xdc0 [ 410.596266][T12799] sget_fc+0x454/0xe40 [ 410.600409][T12799] ? kill_litter_super+0x120/0x120 [ 410.605737][T12799] ? test_single_super+0x30/0x30 [ 410.610884][T12799] get_tree_keyed+0xb8/0x430 [ 410.615546][T12799] ? mqueue_get_tree+0xc0/0xc0 [ 410.620365][T12799] mqueue_get_tree+0x94/0xc0 [ 410.625162][T12799] ? mqueue_fs_context_free+0xa0/0xa0 [ 410.630901][T12799] vfs_get_tree+0xdd/0x580 [ 410.635421][T12799] fc_mount+0x53/0x150 [ 410.639559][T12799] mq_init_ns+0x550/0x730 [ 410.643964][T12799] copy_ipcs+0x40a/0x7f0 [ 410.648441][T12799] create_new_namespaces+0x550/0x11e0 [ 410.653889][T12799] ? kmsan_get_metadata+0x11d/0x180 [ 410.659848][T12799] unshare_nsproxy_namespaces+0x25e/0x340 [ 410.665691][T12799] ksys_unshare+0x8d5/0x1120 [ 410.670377][T12799] ? prepare_exit_to_usermode+0x1ca/0x520 [ 410.676209][T12799] __ia32_sys_unshare+0x58/0x80 [ 410.681128][T12799] ? __se_sys_unshare+0x60/0x60 [ 410.686231][T12799] do_fast_syscall_32+0x3c7/0x6e0 [ 410.691346][T12799] entry_SYSENTER_compat+0x68/0x77 [ 410.696541][T12799] RIP: 0023:0xf7f6bd99 [ 410.700705][T12799] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 410.720376][T12799] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 410.728893][T12799] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 410.737072][T12799] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 410.745110][T12799] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 410.753224][T12799] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 410.761397][T12799] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:20 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x0, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 410.838348][T12804] selinux_netlink_send: 54 callbacks suppressed [ 410.838468][T12804] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12804 comm=syz-executor.1 05:38:21 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={0x0, 0x4, &(0x7f0000002540)=[{0x0}, {0x0}, {&(0x7f0000003800)=""/4100, 0xffffff5f}], 0x3, 0x0, 0x17b, 0x3e8}, 0x180) write$binfmt_elf64(r0, &(0x7f0000000f80)=ANY=[@ANYRESHEX, @ANYRES32, @ANYPTR64=&(0x7f0000000900)=ANY=[@ANYBLOB="dc9d3f74a43a0d71057c1b486710e9c2a59de28459b2a5adaef09282f2e46cefc291757477e35991ebc9be6d698388e17f307e9262c2707a6eaf0a3fd080f30c88b7d15df32d79370000000000000e21e113d30073f4bfcf1f07ce6139d8df7ece1e66bcd28e3d3add076d4074d976da5071d55d742176f715134b6a3306fad5d79f9434aa1020211a2e779e3c719abe102ee4eaa538627d5d779deb9f7f1fc9560f9462692ece7a38628afd934717e363db8716e3b9524fa4a8d04be1773c0751b02885194fad573cf3fc720667baba8db2afc22f6e335d9f2ac49e3c82c9f4a7752adb998ec54a042fb3000000f6bdfe5b1ba26cc5603c08dbb1d476172f3dae8c6cb8d8b09ed29fad4afb8f6df4b05623bffb0c7ccfab21795e59d1d3a38d3c0a2bf7aa4c7d599f458b4c3f8e42caa348090c549547a7b9b691eef5c37b8169c3d4fbe728281afb377fd4b73d3c913e1081dbd0cf7575014d0d7ed698af3e5efea58f8675b6d3d2a85fe63a00"/379, @ANYBLOB="bfc98e8192cb0a9e79f202467c4be532cb8509741d6b35b9087b516de574e75eb6e7307a648644a4648487a557ec9d89ce3c0304e0d899911dc395259c95cc049b413fcc8bb534d400048af49dc48c773b0cab00346675446489d0", @ANYPTR64=&(0x7f0000000740)=ANY=[@ANYRES64, @ANYRES64, @ANYRESHEX=0x0, @ANYPTR], @ANYPTR64=&(0x7f0000000440)=ANY=[], @ANYRESHEX=0x0, @ANYRESOCT, @ANYRES64, @ANYRESHEX], @ANYPTR64=&(0x7f0000000700)=ANY=[@ANYRES32, @ANYRES32], @ANYRES64, @ANYRES32, @ANYBLOB="da9191a0e7d50931ff67a36a2b0a4538d83761b40fa899b14158a6e13222b4368cbf26872f561879e9a9990061ff3b43bb44e96ad25eff117365ee216f5ee11947b1081d9570cb7a99c8c0280b81a5b3c9af71cf933d9365fae704b66d82fd415d51e52ceb15eeb7ba2a15e37d0b1a7c5b2178ae665a548750f99fbc27893a21fd3a2ca9062b9b1ed13f6da70fc2e08601ee35a7fde01f98bf78bccba4cc86834bc510de0c8189a068046b73f847db2d021f37c4dae1e2be3647310ef0a3bb5f9a13d42dee4aad0f1a8dd7c9e46c13f4c95816aaf2c02e4a2c2b2c163e7905debbace4f67d255ae34a67ec8b03d24659bbf64192041b9ebf294cea669d66e15c67beeebc2fef1ed4e76934578872b66067d5aaca25d750c6f28ed3eaa7d52b34348b97bf49f0b1a7ebf8772467d626bb4d9b1d283ea359133eab471a708bf745a2fcb40daeabf5622dea0eae52af929e38d077301f10bfea91ac7bf4bb7a326b315c1046d707b2927d6c2352d27c0f7e4f9a53b168e24f543df2c094d2d74572661d09f43d0670d3bc448e2ba11f7f2a22f9bd913fbaa1c292f675df248fd08ebdfc366a3a870b5dc5129120d9d4d6e240982945a5a4c4d5ae5c19082e92d8ccfefbfa0f7dd467d094f5c5411c", @ANYBLOB="3d483beb6f8ee2ac6416956cf25e7ea9172f6e0c9d5f58cca3f716e5d7b76b9c083a7fc51d4be1dae09bfd7b089056691907d42c4566b4f51dee02492769a2249fc20ace3a92ee4b9fd04167a298ab7256bace21c52f10b1dcaad3f4df3a513a4e7ca788ddd3439472b01e62141f6394def5a6008414a1f11cac70a6f55541c33c35dd104ed5e3aecc64a96a3b6f54f2adb2c6d5b9580f2a0cfb7b11cde15cef99c9b0721e46e2b626b9926f0bceca144d20737335ddda9f7540dcf4ecd8251b60a93f372daec25c44f4a3935134aae19b8902ab8fc34d182a00000000000000000000000000000000000d784b64e6f3cad072fbe90d18a1e738884ebcf41ba7041903a463eb9b696374a4f7c0623d1467ae89b4ffca7a5ef35434c4c7c0c299b7600f22ff51363527034579471082ed0bd1e165a9e086169ac0d57d05bc629ab8d6952a6dc2a6e54d37bdacf7ff7e7c509f1e0e2e4dca291d011345def500ef93bba6a1e1db519b79ed6d391f0cb109fd18b62b9ccb48c208e39fdd0a46e60f0a54ba6b8a8bb0db70a19f01dfd5c169bc4169854834a170e70d221562e712"], 0x100000475) 05:38:21 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 411.018853][T12804] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12804 comm=syz-executor.1 05:38:21 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x0, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 411.131667][T12804] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12804 comm=syz-executor.1 [ 411.229578][T12804] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12804 comm=syz-executor.1 05:38:21 executing program 4: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) [ 411.290305][T12804] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12804 comm=syz-executor.1 [ 411.347218][T12804] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12804 comm=syz-executor.1 05:38:21 executing program 2 (fault-call:1 fault-nth:12): unshare(0x2a000400) unshare(0x8000400) [ 411.412806][T12804] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12804 comm=syz-executor.1 05:38:21 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 411.472518][T12804] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12804 comm=syz-executor.1 [ 411.613240][T12804] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12804 comm=syz-executor.1 [ 411.726319][T12804] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12804 comm=syz-executor.1 [ 411.788805][T12829] FAULT_INJECTION: forcing a failure. [ 411.788805][T12829] name failslab, interval 1, probability 0, space 0, times 0 [ 411.802166][T12829] CPU: 1 PID: 12829 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 05:38:21 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:21 executing program 5: socket$netlink(0x10, 0x3, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') getdents64(r0, &(0x7f0000000140)=""/100, 0x64) getdents64(r0, &(0x7f0000000080)=""/167, 0xa7) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x40000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000280)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/57, 0x39}], 0x3, 0x0, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 05:38:21 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x0, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:38:21 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/protocols\x00') r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) sendfile(r1, r0, 0x0, 0x800000080004103) [ 411.802214][T12829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 411.802231][T12829] Call Trace: [ 411.802305][T12829] dump_stack+0x1c9/0x220 [ 411.802377][T12829] should_fail+0x8b7/0x9e0 05:38:22 executing program 2 (fault-call:1 fault-nth:13): unshare(0x2a000400) unshare(0x8000400) [ 411.802476][T12829] __should_failslab+0x1f6/0x290 [ 411.802540][T12829] should_failslab+0x29/0x70 [ 411.802593][T12829] kmem_cache_alloc_trace+0xf3/0xd70 [ 411.802656][T12829] ? __list_lru_init+0x654/0x1050 [ 411.802732][T12829] ? kmsan_get_metadata+0x11d/0x180 [ 411.802807][T12829] __list_lru_init+0x654/0x1050 [ 411.802898][T12829] alloc_super+0xc94/0xdc0 [ 411.802967][T12829] sget_fc+0x454/0xe40 [ 411.803026][T12829] ? kill_litter_super+0x120/0x120 05:38:22 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x0, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 411.803089][T12829] ? test_single_super+0x30/0x30 [ 411.803156][T12829] get_tree_keyed+0xb8/0x430 [ 411.803221][T12829] ? mqueue_get_tree+0xc0/0xc0 [ 411.803283][T12829] mqueue_get_tree+0x94/0xc0 [ 411.803347][T12829] ? mqueue_fs_context_free+0xa0/0xa0 [ 411.803404][T12829] vfs_get_tree+0xdd/0x580 [ 411.803472][T12829] fc_mount+0x53/0x150 [ 411.803535][T12829] mq_init_ns+0x550/0x730 [ 411.803608][T12829] copy_ipcs+0x40a/0x7f0 [ 411.803704][T12829] create_new_namespaces+0x550/0x11e0 [ 411.803766][T12829] ? kmsan_get_metadata+0x11d/0x180 [ 411.803865][T12829] unshare_nsproxy_namespaces+0x25e/0x340 [ 411.803943][T12829] ksys_unshare+0x8d5/0x1120 [ 411.804006][T12829] ? prepare_exit_to_usermode+0x1ca/0x520 [ 411.804089][T12829] __ia32_sys_unshare+0x58/0x80 [ 411.804142][T12829] ? __se_sys_unshare+0x60/0x60 05:38:22 executing program 2 (fault-call:1 fault-nth:14): unshare(0x2a000400) unshare(0x8000400) [ 411.804213][T12829] do_fast_syscall_32+0x3c7/0x6e0 [ 411.804304][T12829] entry_SYSENTER_compat+0x68/0x77 [ 411.804340][T12829] RIP: 0023:0xf7f6bd99 [ 411.804410][T12829] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 05:38:22 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b}) r2 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r3, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) [ 411.804450][T12829] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 411.804506][T12829] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 411.804538][T12829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 411.804571][T12829] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 411.804603][T12829] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 411.804635][T12829] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 412.242435][T12846] FAULT_INJECTION: forcing a failure. [ 412.242435][T12846] name failslab, interval 1, probability 0, space 0, times 0 [ 412.242491][T12846] CPU: 1 PID: 12846 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 412.242525][T12846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 412.242543][T12846] Call Trace: 05:38:22 executing program 2 (fault-call:1 fault-nth:15): unshare(0x2a000400) unshare(0x8000400) 05:38:22 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b}) r2 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r3, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) [ 412.242615][T12846] dump_stack+0x1c9/0x220 [ 412.242691][T12846] should_fail+0x8b7/0x9e0 [ 412.242784][T12846] __should_failslab+0x1f6/0x290 [ 412.242853][T12846] should_failslab+0x29/0x70 [ 412.242907][T12846] kmem_cache_alloc_trace+0xf3/0xd70 [ 412.242970][T12846] ? __list_lru_init+0x654/0x1050 [ 412.243035][T12846] ? kmsan_get_metadata+0x11d/0x180 [ 412.243096][T12846] __list_lru_init+0x654/0x1050 [ 412.243168][T12846] alloc_super+0xc94/0xdc0 [ 412.243225][T12846] sget_fc+0x454/0xe40 [ 412.243272][T12846] ? kill_litter_super+0x120/0x120 [ 412.243326][T12846] ? test_single_super+0x30/0x30 [ 412.243381][T12846] get_tree_keyed+0xb8/0x430 [ 412.243439][T12846] ? mqueue_get_tree+0xc0/0xc0 [ 412.243490][T12846] mqueue_get_tree+0x94/0xc0 [ 412.243543][T12846] ? mqueue_fs_context_free+0xa0/0xa0 05:38:23 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 412.243589][T12846] vfs_get_tree+0xdd/0x580 [ 412.243643][T12846] fc_mount+0x53/0x150 [ 412.243691][T12846] mq_init_ns+0x550/0x730 [ 412.243750][T12846] copy_ipcs+0x40a/0x7f0 [ 412.243824][T12846] create_new_namespaces+0x550/0x11e0 [ 412.243887][T12846] ? kmsan_get_metadata+0x11d/0x180 [ 412.244119][T12846] unshare_nsproxy_namespaces+0x25e/0x340 [ 412.244191][T12846] ksys_unshare+0x8d5/0x1120 [ 412.244256][T12846] ? prepare_exit_to_usermode+0x1ca/0x520 [ 412.244330][T12846] __ia32_sys_unshare+0x58/0x80 [ 412.244373][T12846] ? __se_sys_unshare+0x60/0x60 [ 412.244421][T12846] do_fast_syscall_32+0x3c7/0x6e0 [ 412.244494][T12846] entry_SYSENTER_compat+0x68/0x77 [ 412.244526][T12846] RIP: 0023:0xf7f6bd99 [ 412.244580][T12846] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 412.244602][T12846] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 412.244645][T12846] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 412.244673][T12846] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 412.244696][T12846] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 412.244721][T12846] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 412.244756][T12846] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 412.655689][T12855] FAULT_INJECTION: forcing a failure. [ 412.655689][T12855] name failslab, interval 1, probability 0, space 0, times 0 [ 412.655750][T12855] CPU: 0 PID: 12855 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 412.655783][T12855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 412.655800][T12855] Call Trace: [ 412.655883][T12855] dump_stack+0x1c9/0x220 [ 412.655964][T12855] should_fail+0x8b7/0x9e0 [ 412.656055][T12855] __should_failslab+0x1f6/0x290 [ 412.656123][T12855] should_failslab+0x29/0x70 [ 412.656172][T12855] kmem_cache_alloc_trace+0xf3/0xd70 [ 412.656235][T12855] ? __list_lru_init+0x654/0x1050 [ 412.656306][T12855] ? kmsan_get_metadata+0x11d/0x180 [ 412.656379][T12855] __list_lru_init+0x654/0x1050 [ 412.656468][T12855] alloc_super+0xc94/0xdc0 [ 412.656538][T12855] sget_fc+0x454/0xe40 [ 412.656598][T12855] ? kill_litter_super+0x120/0x120 [ 412.656662][T12855] ? test_single_super+0x30/0x30 [ 412.656729][T12855] get_tree_keyed+0xb8/0x430 [ 412.656795][T12855] ? mqueue_get_tree+0xc0/0xc0 [ 412.656855][T12855] mqueue_get_tree+0x94/0xc0 [ 412.656925][T12855] ? mqueue_fs_context_free+0xa0/0xa0 [ 412.656982][T12855] vfs_get_tree+0xdd/0x580 [ 412.657044][T12855] fc_mount+0x53/0x150 [ 412.657107][T12855] mq_init_ns+0x550/0x730 [ 412.657180][T12855] copy_ipcs+0x40a/0x7f0 [ 412.657271][T12855] create_new_namespaces+0x550/0x11e0 [ 412.657335][T12855] ? kmsan_get_metadata+0x11d/0x180 [ 412.657425][T12855] unshare_nsproxy_namespaces+0x25e/0x340 [ 412.657490][T12855] ksys_unshare+0x8d5/0x1120 [ 412.657556][T12855] ? prepare_exit_to_usermode+0x1ca/0x520 [ 412.657634][T12855] __ia32_sys_unshare+0x58/0x80 [ 412.657682][T12855] ? __se_sys_unshare+0x60/0x60 [ 412.657736][T12855] do_fast_syscall_32+0x3c7/0x6e0 [ 412.657823][T12855] entry_SYSENTER_compat+0x68/0x77 [ 412.657857][T12855] RIP: 0023:0xf7f6bd99 [ 412.657926][T12855] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 412.657953][T12855] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 412.658006][T12855] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 412.658032][T12855] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 412.658058][T12855] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 412.658083][T12855] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 412.658107][T12855] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 413.047660][T12862] FAULT_INJECTION: forcing a failure. [ 413.047660][T12862] name failslab, interval 1, probability 0, space 0, times 0 [ 413.047721][T12862] CPU: 1 PID: 12862 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 413.047752][T12862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 413.047770][T12862] Call Trace: [ 413.047835][T12862] dump_stack+0x1c9/0x220 [ 413.047913][T12862] should_fail+0x8b7/0x9e0 [ 413.048013][T12862] __should_failslab+0x1f6/0x290 [ 413.048079][T12862] should_failslab+0x29/0x70 [ 413.048131][T12862] kmem_cache_alloc_trace+0xf3/0xd70 [ 413.048203][T12862] ? __list_lru_init+0x654/0x1050 [ 413.048280][T12862] ? kmsan_get_metadata+0x11d/0x180 [ 413.048357][T12862] __list_lru_init+0x654/0x1050 [ 413.048445][T12862] alloc_super+0xc94/0xdc0 [ 413.048517][T12862] sget_fc+0x454/0xe40 [ 413.048575][T12862] ? kill_litter_super+0x120/0x120 [ 413.048640][T12862] ? test_single_super+0x30/0x30 [ 413.048707][T12862] get_tree_keyed+0xb8/0x430 [ 413.048772][T12862] ? mqueue_get_tree+0xc0/0xc0 [ 413.048834][T12862] mqueue_get_tree+0x94/0xc0 [ 413.048897][T12862] ? mqueue_fs_context_free+0xa0/0xa0 [ 413.048961][T12862] vfs_get_tree+0xdd/0x580 [ 413.049030][T12862] fc_mount+0x53/0x150 [ 413.049093][T12862] mq_init_ns+0x550/0x730 [ 413.049166][T12862] copy_ipcs+0x40a/0x7f0 [ 413.049261][T12862] create_new_namespaces+0x550/0x11e0 [ 413.049324][T12862] ? kmsan_get_metadata+0x11d/0x180 [ 413.049419][T12862] unshare_nsproxy_namespaces+0x25e/0x340 [ 413.049488][T12862] ksys_unshare+0x8d5/0x1120 [ 413.049552][T12862] ? prepare_exit_to_usermode+0x1ca/0x520 [ 413.049634][T12862] __ia32_sys_unshare+0x58/0x80 [ 413.049685][T12862] ? __se_sys_unshare+0x60/0x60 [ 413.049743][T12862] do_fast_syscall_32+0x3c7/0x6e0 [ 413.049831][T12862] entry_SYSENTER_compat+0x68/0x77 [ 413.049865][T12862] RIP: 0023:0xf7f6bd99 [ 413.049927][T12862] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 413.049959][T12862] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 413.050010][T12862] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 413.050042][T12862] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 413.050073][T12862] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 413.050104][T12862] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 413.050135][T12862] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:24 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, 0x0, 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:24 executing program 2 (fault-call:1 fault-nth:16): unshare(0x2a000400) unshare(0x8000400) [ 414.214366][T12874] FAULT_INJECTION: forcing a failure. [ 414.214366][T12874] name failslab, interval 1, probability 0, space 0, times 0 [ 414.227436][T12874] CPU: 1 PID: 12874 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 414.236209][T12874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 414.246348][T12874] Call Trace: [ 414.249739][T12874] dump_stack+0x1c9/0x220 [ 414.254199][T12874] should_fail+0x8b7/0x9e0 [ 414.258923][T12874] __should_failslab+0x1f6/0x290 [ 414.263992][T12874] should_failslab+0x29/0x70 [ 414.268710][T12874] kmem_cache_alloc_trace+0xf3/0xd70 [ 414.274322][T12874] ? __list_lru_init+0x654/0x1050 [ 414.279494][T12874] ? kmsan_get_metadata+0x11d/0x180 [ 414.284973][T12874] __list_lru_init+0x654/0x1050 [ 414.290044][T12874] alloc_super+0xc94/0xdc0 [ 414.290117][T12874] sget_fc+0x454/0xe40 [ 414.290177][T12874] ? kill_litter_super+0x120/0x120 [ 414.290239][T12874] ? test_single_super+0x30/0x30 [ 414.290304][T12874] get_tree_keyed+0xb8/0x430 [ 414.290376][T12874] ? mqueue_get_tree+0xc0/0xc0 [ 414.290437][T12874] mqueue_get_tree+0x94/0xc0 [ 414.290499][T12874] ? mqueue_fs_context_free+0xa0/0xa0 [ 414.290555][T12874] vfs_get_tree+0xdd/0x580 [ 414.290618][T12874] fc_mount+0x53/0x150 [ 414.290679][T12874] mq_init_ns+0x550/0x730 [ 414.290747][T12874] copy_ipcs+0x40a/0x7f0 [ 414.290835][T12874] create_new_namespaces+0x550/0x11e0 [ 414.290902][T12874] ? kmsan_get_metadata+0x11d/0x180 [ 414.290993][T12874] unshare_nsproxy_namespaces+0x25e/0x340 [ 414.291060][T12874] ksys_unshare+0x8d5/0x1120 [ 414.291122][T12874] ? prepare_exit_to_usermode+0x1ca/0x520 [ 414.291204][T12874] __ia32_sys_unshare+0x58/0x80 [ 414.291255][T12874] ? __se_sys_unshare+0x60/0x60 [ 414.291313][T12874] do_fast_syscall_32+0x3c7/0x6e0 [ 414.291406][T12874] entry_SYSENTER_compat+0x68/0x77 [ 414.291440][T12874] RIP: 0023:0xf7f6bd99 [ 414.291506][T12874] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 414.291533][T12874] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 414.291587][T12874] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 414.291620][T12874] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 414.291650][T12874] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 414.291679][T12874] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 414.291708][T12874] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 414.349731][T12878] 9pnet: Insufficient options for proto=fd 05:38:25 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) 05:38:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000240)) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000080)={0x0, 0x110000}) 05:38:25 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b}) r2 = dup(0xffffffffffffffff) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r3, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000080)=0x2) 05:38:25 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:25 executing program 2 (fault-call:1 fault-nth:17): unshare(0x2a000400) unshare(0x8000400) 05:38:25 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, 0x0, 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 414.987957][T12882] FAULT_INJECTION: forcing a failure. [ 414.987957][T12882] name failslab, interval 1, probability 0, space 0, times 0 [ 415.001436][T12882] CPU: 1 PID: 12882 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 415.010201][T12882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 415.020343][T12882] Call Trace: [ 415.023724][T12882] dump_stack+0x1c9/0x220 [ 415.028179][T12882] should_fail+0x8b7/0x9e0 [ 415.032731][T12882] __should_failslab+0x1f6/0x290 [ 415.037780][T12882] should_failslab+0x29/0x70 [ 415.042454][T12882] kmem_cache_alloc_trace+0xf3/0xd70 [ 415.047807][T12882] ? __list_lru_init+0x654/0x1050 [ 415.053051][T12882] ? kmsan_get_metadata+0x11d/0x180 [ 415.058341][T12882] __list_lru_init+0x654/0x1050 [ 415.063283][T12882] alloc_super+0xc94/0xdc0 [ 415.067755][T12882] sget_fc+0x454/0xe40 [ 415.071929][T12882] ? kill_litter_super+0x120/0x120 [ 415.077111][T12882] ? test_single_super+0x30/0x30 [ 415.082281][T12882] get_tree_keyed+0xb8/0x430 [ 415.086932][T12882] ? mqueue_get_tree+0xc0/0xc0 [ 415.091771][T12882] mqueue_get_tree+0x94/0xc0 [ 415.096451][T12882] ? mqueue_fs_context_free+0xa0/0xa0 [ 415.101907][T12882] vfs_get_tree+0xdd/0x580 [ 415.106506][T12882] fc_mount+0x53/0x150 [ 415.110657][T12882] mq_init_ns+0x550/0x730 [ 415.115063][T12882] copy_ipcs+0x40a/0x7f0 [ 415.119396][T12882] create_new_namespaces+0x550/0x11e0 [ 415.124846][T12882] ? kmsan_get_metadata+0x11d/0x180 [ 415.130163][T12882] unshare_nsproxy_namespaces+0x25e/0x340 [ 415.136121][T12882] ksys_unshare+0x8d5/0x1120 [ 415.140942][T12882] ? prepare_exit_to_usermode+0x1ca/0x520 [ 415.146748][T12882] __ia32_sys_unshare+0x58/0x80 [ 415.151692][T12882] ? __se_sys_unshare+0x60/0x60 [ 415.156610][T12882] do_fast_syscall_32+0x3c7/0x6e0 [ 415.162860][T12882] entry_SYSENTER_compat+0x68/0x77 [ 415.168008][T12882] RIP: 0023:0xf7f6bd99 [ 415.172146][T12882] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 415.191788][T12882] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 415.200276][T12882] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 415.208321][T12882] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 415.216701][T12882] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 415.224715][T12882] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 415.232812][T12882] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:25 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:38:25 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect(r0, &(0x7f00000001c0)=@in={0x2, 0x4e20, @remote}, 0x80) sendmmsg(r0, &(0x7f00000002c0), 0x4000000000000d7, 0x0) 05:38:25 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, 0x0, 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:25 executing program 2 (fault-call:1 fault-nth:18): unshare(0x2a000400) unshare(0x8000400) [ 415.736571][T12907] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 05:38:25 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 415.840830][T12911] FAULT_INJECTION: forcing a failure. [ 415.840830][T12911] name failslab, interval 1, probability 0, space 0, times 0 [ 415.854225][T12911] CPU: 1 PID: 12911 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 415.862989][T12911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 415.873403][T12911] Call Trace: [ 415.876801][T12911] dump_stack+0x1c9/0x220 [ 415.881261][T12911] should_fail+0x8b7/0x9e0 [ 415.885831][T12911] __should_failslab+0x1f6/0x290 [ 415.890886][T12911] should_failslab+0x29/0x70 [ 415.895576][T12911] kmem_cache_alloc_trace+0xf3/0xd70 [ 415.900976][T12911] ? __list_lru_init+0x654/0x1050 [ 415.906126][T12911] ? kmsan_get_metadata+0x11d/0x180 [ 415.911444][T12911] __list_lru_init+0x654/0x1050 [ 415.916431][T12911] alloc_super+0xc94/0xdc0 [ 415.920957][T12911] sget_fc+0x454/0xe40 [ 415.925106][T12911] ? kill_litter_super+0x120/0x120 [ 415.930297][T12911] ? test_single_super+0x30/0x30 [ 415.935568][T12911] get_tree_keyed+0xb8/0x430 [ 415.940230][T12911] ? mqueue_get_tree+0xc0/0xc0 [ 415.945067][T12911] mqueue_get_tree+0x94/0xc0 [ 415.949714][T12911] ? mqueue_fs_context_free+0xa0/0xa0 [ 415.955647][T12911] vfs_get_tree+0xdd/0x580 [ 415.960308][T12911] fc_mount+0x53/0x150 [ 415.964471][T12911] mq_init_ns+0x550/0x730 [ 415.968949][T12911] copy_ipcs+0x40a/0x7f0 [ 415.973294][T12911] create_new_namespaces+0x550/0x11e0 [ 415.978874][T12911] ? kmsan_get_metadata+0x11d/0x180 [ 415.984302][T12911] unshare_nsproxy_namespaces+0x25e/0x340 [ 415.990115][T12911] ksys_unshare+0x8d5/0x1120 [ 415.994914][T12911] ? prepare_exit_to_usermode+0x1ca/0x520 [ 416.000779][T12911] __ia32_sys_unshare+0x58/0x80 [ 416.005713][T12911] ? __se_sys_unshare+0x60/0x60 [ 416.010626][T12911] do_fast_syscall_32+0x3c7/0x6e0 [ 416.015913][T12911] entry_SYSENTER_compat+0x68/0x77 [ 416.021082][T12911] RIP: 0023:0xf7f6bd99 [ 416.025649][T12911] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 416.045498][T12911] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 416.054120][T12911] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 416.062422][T12911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 416.070615][T12911] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 416.078814][T12911] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 05:38:25 executing program 4: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045003, &(0x7f0000000180)) [ 416.086947][T12911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:26 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) 05:38:26 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:26 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[], 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:26 executing program 2 (fault-call:1 fault-nth:19): unshare(0x2a000400) unshare(0x8000400) [ 416.570779][ T32] audit: type=1400 audit(1583991506.630:108): avc: denied { watch } for pid=12921 comm="syz-executor.5" path="/root/syzkaller-testdir779667576/syzkaller.zCVvoO/12/file0" dev="sda1" ino=16759 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 416.599235][T12930] FAULT_INJECTION: forcing a failure. [ 416.599235][T12930] name failslab, interval 1, probability 0, space 0, times 0 [ 416.613766][T12930] CPU: 1 PID: 12930 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 416.622526][T12930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 416.633200][T12930] Call Trace: [ 416.636775][T12930] dump_stack+0x1c9/0x220 [ 416.641234][T12930] should_fail+0x8b7/0x9e0 [ 416.645765][T12930] __should_failslab+0x1f6/0x290 [ 416.650814][T12930] should_failslab+0x29/0x70 [ 416.655536][T12930] __kmalloc_node+0x1b1/0x11f0 [ 416.660431][T12930] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 416.666328][T12930] ? kmsan_get_metadata+0x11d/0x180 [ 416.671680][T12930] ? kvmalloc_node+0x19a/0x3c0 [ 416.676604][T12930] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 416.682535][T12930] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 416.688748][T12930] kvmalloc_node+0x19a/0x3c0 [ 416.693458][T12930] __list_lru_init+0x55e/0x1050 [ 416.698499][T12930] alloc_super+0xc94/0xdc0 [ 416.703187][T12930] sget_fc+0x454/0xe40 [ 416.707363][T12930] ? kill_litter_super+0x120/0x120 [ 416.712834][T12930] ? test_single_super+0x30/0x30 [ 416.718054][T12930] get_tree_keyed+0xb8/0x430 [ 416.722805][T12930] ? mqueue_get_tree+0xc0/0xc0 [ 416.728087][T12930] mqueue_get_tree+0x94/0xc0 [ 416.733066][T12930] ? mqueue_fs_context_free+0xa0/0xa0 [ 416.738679][T12930] vfs_get_tree+0xdd/0x580 [ 416.743356][T12930] fc_mount+0x53/0x150 [ 416.747719][T12930] mq_init_ns+0x550/0x730 [ 416.752214][T12930] copy_ipcs+0x40a/0x7f0 [ 416.756745][T12930] create_new_namespaces+0x550/0x11e0 [ 416.762400][T12930] ? kmsan_get_metadata+0x11d/0x180 [ 416.767778][T12930] unshare_nsproxy_namespaces+0x25e/0x340 [ 416.773699][T12930] ksys_unshare+0x8d5/0x1120 [ 416.778771][T12930] ? prepare_exit_to_usermode+0x1ca/0x520 [ 416.784631][T12930] __ia32_sys_unshare+0x58/0x80 [ 416.789971][T12930] ? __se_sys_unshare+0x60/0x60 [ 416.794875][T12930] do_fast_syscall_32+0x3c7/0x6e0 [ 416.800180][T12930] entry_SYSENTER_compat+0x68/0x77 [ 416.805585][T12930] RIP: 0023:0xf7f6bd99 [ 416.809818][T12930] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 416.830874][T12930] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 416.839526][T12930] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 416.847561][T12930] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 416.855919][T12930] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 416.864374][T12930] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 05:38:26 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 416.872420][T12930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 416.938383][T12931] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 416.948692][T12931] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 05:38:27 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) 05:38:27 executing program 4: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1) timerfd_settime(r0, 0x0, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x387b1d0849878266, 0x8031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000947000/0x4000)=nil, 0x4000) [ 417.006338][T12931] selinux_netlink_send: 38 callbacks suppressed [ 417.006392][T12931] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12931 comm=syz-executor.1 [ 417.082926][T12931] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12931 comm=syz-executor.1 05:38:27 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, 0x0) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={0x0, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 417.172599][T12931] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12931 comm=syz-executor.1 [ 417.283619][T12931] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12931 comm=syz-executor.1 05:38:27 executing program 2 (fault-call:1 fault-nth:20): unshare(0x2a000400) unshare(0x8000400) 05:38:27 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[], 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 417.321025][T12931] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12931 comm=syz-executor.1 [ 417.384424][T12931] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12931 comm=syz-executor.1 [ 417.426031][T12931] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12931 comm=syz-executor.1 [ 417.502726][T12931] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12931 comm=syz-executor.1 05:38:27 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, 0x0) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={0x0, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:38:27 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) [ 417.595990][T12931] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12931 comm=syz-executor.1 [ 417.630638][T12931] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12931 comm=syz-executor.1 [ 417.734541][T12955] FAULT_INJECTION: forcing a failure. [ 417.734541][T12955] name failslab, interval 1, probability 0, space 0, times 0 [ 417.747809][T12955] CPU: 0 PID: 12955 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 417.757333][T12955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 417.767851][T12955] Call Trace: [ 417.771323][T12955] dump_stack+0x1c9/0x220 [ 417.775836][T12955] should_fail+0x8b7/0x9e0 [ 417.780612][T12955] __should_failslab+0x1f6/0x290 [ 417.785923][T12955] should_failslab+0x29/0x70 [ 417.790821][T12955] kmem_cache_alloc_trace+0xf3/0xd70 [ 417.796359][T12955] ? __list_lru_init+0x654/0x1050 [ 417.801604][T12955] ? kmsan_get_metadata+0x11d/0x180 [ 417.807556][T12955] __list_lru_init+0x654/0x1050 [ 417.812518][T12955] alloc_super+0xc94/0xdc0 [ 417.817110][T12955] sget_fc+0x454/0xe40 [ 417.821383][T12955] ? kill_litter_super+0x120/0x120 [ 417.826796][T12955] ? test_single_super+0x30/0x30 [ 417.832473][T12955] get_tree_keyed+0xb8/0x430 [ 417.837404][T12955] ? mqueue_get_tree+0xc0/0xc0 [ 417.842261][T12955] mqueue_get_tree+0x94/0xc0 [ 417.846952][T12955] ? mqueue_fs_context_free+0xa0/0xa0 [ 417.854886][T12955] vfs_get_tree+0xdd/0x580 [ 417.859726][T12955] fc_mount+0x53/0x150 [ 417.864448][T12955] mq_init_ns+0x550/0x730 [ 417.869099][T12955] copy_ipcs+0x40a/0x7f0 [ 417.873440][T12955] create_new_namespaces+0x550/0x11e0 [ 417.879341][T12955] ? kmsan_get_metadata+0x11d/0x180 [ 417.884863][T12955] unshare_nsproxy_namespaces+0x25e/0x340 [ 417.890772][T12955] ksys_unshare+0x8d5/0x1120 [ 417.896084][T12955] ? prepare_exit_to_usermode+0x1ca/0x520 [ 417.902252][T12955] __ia32_sys_unshare+0x58/0x80 [ 417.907367][T12955] ? __se_sys_unshare+0x60/0x60 [ 417.912561][T12955] do_fast_syscall_32+0x3c7/0x6e0 [ 417.918324][T12955] entry_SYSENTER_compat+0x68/0x77 [ 417.924518][T12955] RIP: 0023:0xf7f6bd99 [ 417.928707][T12955] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 417.949224][T12955] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 417.958525][T12955] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 417.966872][T12955] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 417.975094][T12955] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 05:38:28 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[], 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 417.983114][T12955] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 417.991143][T12955] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:28 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:28 executing program 2 (fault-call:1 fault-nth:21): unshare(0x2a000400) unshare(0x8000400) [ 418.478251][T12969] FAULT_INJECTION: forcing a failure. [ 418.478251][T12969] name failslab, interval 1, probability 0, space 0, times 0 [ 418.491354][T12969] CPU: 0 PID: 12969 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 418.500295][T12969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 418.511473][T12969] Call Trace: [ 418.514929][T12969] dump_stack+0x1c9/0x220 [ 418.521904][T12969] should_fail+0x8b7/0x9e0 [ 418.527018][T12969] __should_failslab+0x1f6/0x290 [ 418.545193][T12969] should_failslab+0x29/0x70 [ 418.549893][T12969] kmem_cache_alloc_trace+0xf3/0xd70 [ 418.555462][T12969] ? __list_lru_init+0x654/0x1050 [ 418.560845][T12969] ? kmsan_get_metadata+0x11d/0x180 [ 418.566352][T12969] __list_lru_init+0x654/0x1050 [ 418.571319][T12969] alloc_super+0xc94/0xdc0 [ 418.575830][T12969] sget_fc+0x454/0xe40 [ 418.579978][T12969] ? kill_litter_super+0x120/0x120 [ 418.585219][T12969] ? test_single_super+0x30/0x30 [ 418.590344][T12969] get_tree_keyed+0xb8/0x430 [ 418.595015][T12969] ? mqueue_get_tree+0xc0/0xc0 [ 418.599875][T12969] mqueue_get_tree+0x94/0xc0 [ 418.604549][T12969] ? mqueue_fs_context_free+0xa0/0xa0 [ 418.610007][T12969] vfs_get_tree+0xdd/0x580 [ 418.614921][T12969] fc_mount+0x53/0x150 [ 418.619043][T12969] mq_init_ns+0x550/0x730 [ 418.624406][T12969] copy_ipcs+0x40a/0x7f0 [ 418.628807][T12969] create_new_namespaces+0x550/0x11e0 [ 418.634433][T12969] ? kmsan_get_metadata+0x11d/0x180 [ 418.639799][T12969] unshare_nsproxy_namespaces+0x25e/0x340 [ 418.645675][T12969] ksys_unshare+0x8d5/0x1120 [ 418.650327][T12969] ? prepare_exit_to_usermode+0x1ca/0x520 [ 418.656123][T12969] __ia32_sys_unshare+0x58/0x80 [ 418.661023][T12969] ? __se_sys_unshare+0x60/0x60 [ 418.666124][T12969] do_fast_syscall_32+0x3c7/0x6e0 [ 418.671520][T12969] entry_SYSENTER_compat+0x68/0x77 [ 418.676782][T12969] RIP: 0023:0xf7f6bd99 [ 418.681521][T12969] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 418.703261][T12969] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 418.711840][T12969] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 05:38:28 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, 0x0) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={0x0, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 418.720912][T12969] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 418.732153][T12969] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 418.740231][T12969] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 418.748486][T12969] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 418.756928][T12970] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 418.766766][T12970] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 05:38:28 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) 05:38:28 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:30 executing program 4: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000008000)={0x1, {{0x2, 0x0, @multicast2}}}, 0x1c) setsockopt$inet_mreqsrc(r2, 0x0, 0x40000000000027, &(0x7f0000000000)={@multicast2, @remote, @dev}, 0xc) setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000780)=ANY=[@ANYBLOB="e0000002ac1414bb0000000005000000f965000200000000080000d78900e00000010000597a2ef4b1212a7d78dd35c9068fedfb5ca6c496161f25eab1c69a8378ab6b997b768a873252c4a5e27cfa4891decd4afaebeac099b434e8d548ba9b7d871a51d10b81d7a2aa37f41cac93341da2029657fcf3e09897341f8180c7aa06c521ee01fe39b9908d8511f1901a575498c2d40ec0705bdd46a9f23eae0e09000000d14a4b16f039c045f2b637ac7d0978f543654fb3e7225aff8e9ebe8173f2b73bd763873293258d327a2567d300e271fec691d9aebc43518810aa7dc996e85e01dda9688db5c674dedf2a367c20945bf7120707558f212aa8ceeced75c2db15a47aae4ca5ff9c4fbc6333ff9efca0cd4d02d3ea23fd11046ec173b4a108e99d2e7299d9f9235246600ee29dc89147c276cdf817681baaec72cd40d9daf6a4f800aa6512c2aa77eff663a2cc7dff6274753f8830960abb56e93428f5ac97a2ab3027c8f6425fdf02e461324c12f7e4890006defc7046d51a2211df0dcbd34500000000000000000000000000000100020000001614f1defeca484681302903078a94224cd1f822809878492b6073ad1ec78d40ec03c05fdcfd4638864a212416f5dd00000071579bd5d24975579444e6a6b0ae268ee732ee5c7578fe8ca2c8d9d0bd37fd062a3f8616d9950b4268c944e4b517c41c8400e7611ba473a22c025ce5a2c7cb27f60a8fb979665a8c8ca1934d5a107a04169c8394b9dc30958817ab8050ca08ffd152f72537d564438204b4d6f88c86e78400000000000000000000000000000000000000000000000000fb80abfc0a915a65fa75c0aa8b2287ac33352817a7e05c5e70e73c74ba244144b3217a0cfcd64b5c3f4c625646051ea496272fae3f6fd71c48db907c189777750e2da4ba54502e03245b8ebb6805264ffee407ff8f0cf51cf867fccdb1abd956d294148d64fee0920e433ce3cabfc2282b2061"], 0x24) getsockopt$inet_buf(r2, 0x0, 0x30, &(0x7f0000008000)=""/144, &(0x7f0000004000)=0x90) 05:38:30 executing program 2 (fault-call:1 fault-nth:22): unshare(0x2a000400) unshare(0x8000400) 05:38:30 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:38:30 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:30 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) 05:38:30 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c6500"/66], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 420.078356][T12996] FAULT_INJECTION: forcing a failure. [ 420.078356][T12996] name failslab, interval 1, probability 0, space 0, times 0 [ 420.091333][T12996] CPU: 1 PID: 12996 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 420.100078][T12996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 420.110176][T12996] Call Trace: [ 420.113546][T12996] dump_stack+0x1c9/0x220 [ 420.117957][T12996] should_fail+0x8b7/0x9e0 [ 420.122465][T12996] __should_failslab+0x1f6/0x290 [ 420.127510][T12996] should_failslab+0x29/0x70 [ 420.132162][T12996] kmem_cache_alloc_trace+0xf3/0xd70 [ 420.137515][T12996] ? __list_lru_init+0x654/0x1050 [ 420.142730][T12996] ? kmsan_get_metadata+0x11d/0x180 [ 420.148030][T12996] __list_lru_init+0x654/0x1050 [ 420.153017][T12996] alloc_super+0xc94/0xdc0 [ 420.157584][T12996] sget_fc+0x454/0xe40 [ 420.161770][T12996] ? kill_litter_super+0x120/0x120 [ 420.166982][T12996] ? test_single_super+0x30/0x30 [ 420.172016][T12996] get_tree_keyed+0xb8/0x430 [ 420.176696][T12996] ? mqueue_get_tree+0xc0/0xc0 [ 420.181525][T12996] mqueue_get_tree+0x94/0xc0 [ 420.186216][T12996] ? mqueue_fs_context_free+0xa0/0xa0 [ 420.191662][T12996] vfs_get_tree+0xdd/0x580 [ 420.196144][T12996] fc_mount+0x53/0x150 [ 420.200263][T12996] mq_init_ns+0x550/0x730 [ 420.204675][T12996] copy_ipcs+0x40a/0x7f0 [ 420.209006][T12996] create_new_namespaces+0x550/0x11e0 [ 420.214457][T12996] ? kmsan_get_metadata+0x11d/0x180 [ 420.219776][T12996] unshare_nsproxy_namespaces+0x25e/0x340 [ 420.225586][T12996] ksys_unshare+0x8d5/0x1120 [ 420.230231][T12996] ? prepare_exit_to_usermode+0x1ca/0x520 [ 420.236015][T12996] __ia32_sys_unshare+0x58/0x80 [ 420.240930][T12996] ? __se_sys_unshare+0x60/0x60 [ 420.245868][T12996] do_fast_syscall_32+0x3c7/0x6e0 [ 420.251003][T12996] entry_SYSENTER_compat+0x68/0x77 [ 420.256156][T12996] RIP: 0023:0xf7f6bd99 [ 420.260616][T12996] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 420.280373][T12996] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 420.288865][T12996] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 420.296900][T12996] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 420.304933][T12996] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 420.312942][T12996] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 420.320976][T12996] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 420.345871][T12998] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 420.355355][T12998] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 05:38:30 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:38:30 executing program 2 (fault-call:1 fault-nth:23): unshare(0x2a000400) unshare(0x8000400) 05:38:30 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:30 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/packet\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) [ 420.815655][T13011] FAULT_INJECTION: forcing a failure. [ 420.815655][T13011] name failslab, interval 1, probability 0, space 0, times 0 [ 420.828814][T13011] CPU: 0 PID: 13011 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 420.828846][T13011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 05:38:31 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 420.828862][T13011] Call Trace: 05:38:31 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) 05:38:31 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c6500"/66], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 420.828932][T13011] dump_stack+0x1c9/0x220 [ 420.829005][T13011] should_fail+0x8b7/0x9e0 [ 420.829095][T13011] __should_failslab+0x1f6/0x290 [ 420.829163][T13011] should_failslab+0x29/0x70 05:38:31 executing program 2 (fault-call:1 fault-nth:24): unshare(0x2a000400) unshare(0x8000400) [ 420.829216][T13011] kmem_cache_alloc_trace+0xf3/0xd70 [ 420.829283][T13011] ? __list_lru_init+0x654/0x1050 [ 420.829361][T13011] ? kmsan_get_metadata+0x11d/0x180 [ 420.829434][T13011] __list_lru_init+0x654/0x1050 05:38:31 executing program 4: syz_emit_ethernet(0x42, &(0x7f0000000040)={@local, @link_local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "97eb16", 0xc, 0x11, 0x0, @local, @rand_addr="6fcedbebdfc36cc7a32c1ad569e8716d", {[], {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0) [ 420.829518][T13011] alloc_super+0xc94/0xdc0 [ 420.829583][T13011] sget_fc+0x454/0xe40 [ 420.829641][T13011] ? kill_litter_super+0x120/0x120 [ 420.829706][T13011] ? test_single_super+0x30/0x30 [ 420.829770][T13011] get_tree_keyed+0xb8/0x430 [ 420.829839][T13011] ? mqueue_get_tree+0xc0/0xc0 [ 420.829904][T13011] mqueue_get_tree+0x94/0xc0 05:38:31 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(0xffffffffffffffff, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 420.829966][T13011] ? mqueue_fs_context_free+0xa0/0xa0 [ 420.830018][T13011] vfs_get_tree+0xdd/0x580 [ 420.830078][T13011] fc_mount+0x53/0x150 [ 420.830136][T13011] mq_init_ns+0x550/0x730 [ 420.830206][T13011] copy_ipcs+0x40a/0x7f0 05:38:31 executing program 2 (fault-call:1 fault-nth:25): unshare(0x2a000400) unshare(0x8000400) [ 420.830308][T13011] create_new_namespaces+0x550/0x11e0 [ 420.830367][T13011] ? kmsan_get_metadata+0x11d/0x180 [ 420.830461][T13011] unshare_nsproxy_namespaces+0x25e/0x340 [ 420.830526][T13011] ksys_unshare+0x8d5/0x1120 [ 420.830588][T13011] ? prepare_exit_to_usermode+0x1ca/0x520 [ 420.830667][T13011] __ia32_sys_unshare+0x58/0x80 [ 420.830719][T13011] ? __se_sys_unshare+0x60/0x60 [ 420.830776][T13011] do_fast_syscall_32+0x3c7/0x6e0 [ 420.830860][T13011] entry_SYSENTER_compat+0x68/0x77 [ 420.830901][T13011] RIP: 0023:0xf7f6bd99 05:38:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x34a, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000240)={0x0, 0x11d000}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) dup(0xffffffffffffffff) close(0xffffffffffffffff) dup(0xffffffffffffffff) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000240)={@local, @loopback, @dev={0xfe, 0x80, [0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c200a2}) dup(0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, 0x0, 0x0, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY={0x8}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x9, 0x4}}, @NL80211_ATTR_WIPHY={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0xffffffe0}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x840) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x3e7) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 420.830963][T13011] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 420.830989][T13011] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 420.831043][T13011] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 420.831074][T13011] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 420.831104][T13011] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 05:38:32 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(0xffffffffffffffff, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 420.831135][T13011] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 420.831166][T13011] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:32 executing program 2 (fault-call:1 fault-nth:26): unshare(0x2a000400) unshare(0x8000400) [ 420.918985][T13014] 9pnet: Insufficient options for proto=fd [ 421.437270][T13033] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 421.437312][T13033] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 421.454680][T13032] FAULT_INJECTION: forcing a failure. [ 421.454680][T13032] name failslab, interval 1, probability 0, space 0, times 0 [ 421.454738][T13032] CPU: 0 PID: 13032 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 421.454778][T13032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 421.454795][T13032] Call Trace: [ 421.454862][T13032] dump_stack+0x1c9/0x220 [ 421.454964][T13032] should_fail+0x8b7/0x9e0 [ 421.455062][T13032] __should_failslab+0x1f6/0x290 [ 421.455130][T13032] should_failslab+0x29/0x70 [ 421.455183][T13032] kmem_cache_alloc_trace+0xf3/0xd70 [ 421.455250][T13032] ? __list_lru_init+0x654/0x1050 [ 421.455314][T13032] ? kmsan_get_metadata+0x11d/0x180 [ 421.455372][T13032] __list_lru_init+0x654/0x1050 [ 421.455444][T13032] alloc_super+0xc94/0xdc0 [ 421.455500][T13032] sget_fc+0x454/0xe40 [ 421.455549][T13032] ? kill_litter_super+0x120/0x120 [ 421.455600][T13032] ? test_single_super+0x30/0x30 [ 421.455652][T13032] get_tree_keyed+0xb8/0x430 [ 421.455704][T13032] ? mqueue_get_tree+0xc0/0xc0 [ 421.455753][T13032] mqueue_get_tree+0x94/0xc0 [ 421.455805][T13032] ? mqueue_fs_context_free+0xa0/0xa0 [ 421.455872][T13032] vfs_get_tree+0xdd/0x580 [ 421.455925][T13032] fc_mount+0x53/0x150 [ 421.455983][T13032] mq_init_ns+0x550/0x730 [ 421.456050][T13032] copy_ipcs+0x40a/0x7f0 [ 421.456138][T13032] create_new_namespaces+0x550/0x11e0 [ 421.456201][T13032] ? kmsan_get_metadata+0x11d/0x180 [ 421.456293][T13032] unshare_nsproxy_namespaces+0x25e/0x340 [ 421.456351][T13032] ksys_unshare+0x8d5/0x1120 [ 421.456402][T13032] ? prepare_exit_to_usermode+0x1ca/0x520 [ 421.456466][T13032] __ia32_sys_unshare+0x58/0x80 [ 421.456505][T13032] ? __se_sys_unshare+0x60/0x60 [ 421.456551][T13032] do_fast_syscall_32+0x3c7/0x6e0 [ 421.456620][T13032] entry_SYSENTER_compat+0x68/0x77 [ 421.456649][T13032] RIP: 0023:0xf7f6bd99 [ 421.456705][T13032] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 421.456726][T13032] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 421.456766][T13032] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 421.456791][T13032] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 421.456814][T13032] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 421.456839][T13032] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 421.456862][T13032] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 421.857314][T13041] FAULT_INJECTION: forcing a failure. [ 421.857314][T13041] name failslab, interval 1, probability 0, space 0, times 0 [ 421.857372][T13041] CPU: 0 PID: 13041 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 421.857404][T13041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 421.857427][T13041] Call Trace: [ 421.857491][T13041] dump_stack+0x1c9/0x220 [ 421.857564][T13041] should_fail+0x8b7/0x9e0 [ 421.857659][T13041] __should_failslab+0x1f6/0x290 [ 421.857730][T13041] should_failslab+0x29/0x70 [ 421.857787][T13041] kmem_cache_alloc_trace+0xf3/0xd70 [ 421.857860][T13041] ? __list_lru_init+0x654/0x1050 [ 421.857940][T13041] ? kmsan_get_metadata+0x11d/0x180 [ 421.858025][T13041] __list_lru_init+0x654/0x1050 [ 421.858118][T13041] alloc_super+0xc94/0xdc0 [ 421.858191][T13041] sget_fc+0x454/0xe40 [ 421.858261][T13041] ? kill_litter_super+0x120/0x120 [ 421.858319][T13041] ? test_single_super+0x30/0x30 [ 421.858383][T13041] get_tree_keyed+0xb8/0x430 [ 421.858460][T13041] ? mqueue_get_tree+0xc0/0xc0 [ 421.858522][T13041] mqueue_get_tree+0x94/0xc0 [ 421.858584][T13041] ? mqueue_fs_context_free+0xa0/0xa0 [ 421.858638][T13041] vfs_get_tree+0xdd/0x580 [ 421.858697][T13041] fc_mount+0x53/0x150 [ 421.858757][T13041] mq_init_ns+0x550/0x730 [ 421.858831][T13041] copy_ipcs+0x40a/0x7f0 [ 421.858918][T13041] create_new_namespaces+0x550/0x11e0 [ 421.858989][T13041] ? kmsan_get_metadata+0x11d/0x180 [ 421.859085][T13041] unshare_nsproxy_namespaces+0x25e/0x340 [ 421.859150][T13041] ksys_unshare+0x8d5/0x1120 [ 421.859211][T13041] ? prepare_exit_to_usermode+0x1ca/0x520 [ 421.859288][T13041] __ia32_sys_unshare+0x58/0x80 [ 421.859338][T13041] ? __se_sys_unshare+0x60/0x60 [ 421.859396][T13041] do_fast_syscall_32+0x3c7/0x6e0 [ 421.859484][T13041] entry_SYSENTER_compat+0x68/0x77 [ 421.859518][T13041] RIP: 0023:0xf7f6bd99 [ 421.859582][T13041] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 421.859608][T13041] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 421.859660][T13041] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 421.859691][T13041] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 421.859721][T13041] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 421.859751][T13041] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 421.859792][T13041] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 422.370010][T13055] FAULT_INJECTION: forcing a failure. [ 422.370010][T13055] name failslab, interval 1, probability 0, space 0, times 0 [ 422.370067][T13055] CPU: 1 PID: 13055 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 422.370098][T13055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 422.370117][T13055] Call Trace: [ 422.370190][T13055] dump_stack+0x1c9/0x220 [ 422.370269][T13055] should_fail+0x8b7/0x9e0 [ 422.370356][T13055] __should_failslab+0x1f6/0x290 [ 422.370418][T13055] should_failslab+0x29/0x70 [ 422.370469][T13055] kmem_cache_alloc_trace+0xf3/0xd70 [ 422.370540][T13055] ? __list_lru_init+0x654/0x1050 [ 422.370609][T13055] ? kmsan_get_metadata+0x11d/0x180 [ 422.370681][T13055] __list_lru_init+0x654/0x1050 [ 422.370771][T13055] alloc_super+0xc94/0xdc0 [ 422.370836][T13055] sget_fc+0x454/0xe40 [ 422.370897][T13055] ? kill_litter_super+0x120/0x120 [ 422.370960][T13055] ? test_single_super+0x30/0x30 [ 422.371025][T13055] get_tree_keyed+0xb8/0x430 [ 422.371094][T13055] ? mqueue_get_tree+0xc0/0xc0 [ 422.371153][T13055] mqueue_get_tree+0x94/0xc0 [ 422.371215][T13055] ? mqueue_fs_context_free+0xa0/0xa0 [ 422.371274][T13055] vfs_get_tree+0xdd/0x580 [ 422.371339][T13055] fc_mount+0x53/0x150 [ 422.371398][T13055] mq_init_ns+0x550/0x730 [ 422.371471][T13055] copy_ipcs+0x40a/0x7f0 [ 422.371560][T13055] create_new_namespaces+0x550/0x11e0 [ 422.371625][T13055] ? kmsan_get_metadata+0x11d/0x180 [ 422.371715][T13055] unshare_nsproxy_namespaces+0x25e/0x340 [ 422.371788][T13055] ksys_unshare+0x8d5/0x1120 [ 422.371860][T13055] ? prepare_exit_to_usermode+0x1ca/0x520 [ 422.371937][T13055] __ia32_sys_unshare+0x58/0x80 [ 422.371982][T13055] ? __se_sys_unshare+0x60/0x60 [ 422.372036][T13055] do_fast_syscall_32+0x3c7/0x6e0 [ 422.372122][T13055] entry_SYSENTER_compat+0x68/0x77 [ 422.372160][T13055] RIP: 0023:0xf7f6bd99 [ 422.372225][T13055] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 422.372253][T13055] RSP: 002b:00000000f5d450cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 422.372305][T13055] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 422.372336][T13055] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 422.372365][T13055] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 05:38:33 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff01800000080039503230"], 0x11) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:33 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) 05:38:33 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c6500"/66], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:33 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(0xffffffffffffffff, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:38:33 executing program 2 (fault-call:1 fault-nth:27): unshare(0x2a000400) unshare(0x8000400) 05:38:33 executing program 4: r0 = gettid() r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) prctl$PR_SET_PTRACER(0x59616d61, r0) write$binfmt_script(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="2321202e2f66696c653020f0"], 0xc) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r1) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) [ 422.372395][T13055] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 422.372422][T13055] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 423.514441][T13067] FAULT_INJECTION: forcing a failure. [ 423.514441][T13067] name failslab, interval 1, probability 0, space 0, times 0 [ 423.530376][T13067] CPU: 0 PID: 13067 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 423.539132][T13067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 423.549248][T13067] Call Trace: [ 423.552696][T13067] dump_stack+0x1c9/0x220 [ 423.557222][T13067] should_fail+0x8b7/0x9e0 [ 423.561761][T13067] __should_failslab+0x1f6/0x290 [ 423.567087][T13067] should_failslab+0x29/0x70 [ 423.571868][T13067] kmem_cache_alloc_trace+0xf3/0xd70 [ 423.578106][T13067] ? __list_lru_init+0x654/0x1050 [ 423.583412][T13067] ? kmsan_get_metadata+0x11d/0x180 [ 423.588720][T13067] __list_lru_init+0x654/0x1050 [ 423.593749][T13067] alloc_super+0xc94/0xdc0 [ 423.598235][T13067] sget_fc+0x454/0xe40 [ 423.602354][T13067] ? kill_litter_super+0x120/0x120 [ 423.607523][T13067] ? test_single_super+0x30/0x30 [ 423.613705][T13067] get_tree_keyed+0xb8/0x430 [ 423.618819][T13067] ? mqueue_get_tree+0xc0/0xc0 [ 423.623957][T13067] mqueue_get_tree+0x94/0xc0 [ 423.629025][T13067] ? mqueue_fs_context_free+0xa0/0xa0 [ 423.634737][T13067] vfs_get_tree+0xdd/0x580 [ 423.639420][T13067] fc_mount+0x53/0x150 [ 423.644134][T13067] mq_init_ns+0x550/0x730 [ 423.648646][T13067] copy_ipcs+0x40a/0x7f0 [ 423.653698][T13067] create_new_namespaces+0x550/0x11e0 [ 423.659748][T13067] ? kmsan_get_metadata+0x11d/0x180 [ 423.665039][T13067] unshare_nsproxy_namespaces+0x25e/0x340 [ 423.674680][T13067] ksys_unshare+0x8d5/0x1120 [ 423.679529][T13067] ? prepare_exit_to_usermode+0x1ca/0x520 [ 423.685435][T13067] __ia32_sys_unshare+0x58/0x80 [ 423.690666][T13067] ? __se_sys_unshare+0x60/0x60 [ 423.695811][T13067] do_fast_syscall_32+0x3c7/0x6e0 [ 423.700981][T13067] entry_SYSENTER_compat+0x68/0x77 [ 423.706334][T13067] RIP: 0023:0xf7f6bd99 [ 423.710587][T13067] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 423.730460][T13067] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 423.739018][T13067] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 423.747417][T13067] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 423.755540][T13067] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 423.763725][T13067] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 423.772351][T13067] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 423.823286][T13071] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 423.832946][T13071] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 05:38:34 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:38:34 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_vs_stats\x00') sendfile(r0, r1, &(0x7f0000000240)=0x202, 0x4000000000dc) [ 423.903702][T13071] selinux_netlink_send: 50 callbacks suppressed [ 423.903755][T13071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13071 comm=syz-executor.1 [ 423.995738][T13071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13071 comm=syz-executor.1 [ 424.076069][T13071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13071 comm=syz-executor.1 05:38:34 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff01800000080039503230"], 0x11) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 424.131153][T13071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13071 comm=syz-executor.1 05:38:34 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 424.196527][T13071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13071 comm=syz-executor.1 [ 424.263074][T13071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13071 comm=syz-executor.1 05:38:34 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) creat(&(0x7f0000000100)='./file0\x00', 0x0) [ 424.337032][T13071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13071 comm=syz-executor.1 [ 424.418104][T13071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13071 comm=syz-executor.1 05:38:34 executing program 2 (fault-call:1 fault-nth:28): unshare(0x2a000400) unshare(0x8000400) [ 424.486577][T13071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13071 comm=syz-executor.1 05:38:34 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff01800000080039503230"], 0x11) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:34 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040)={0x1, 0x7}, 0x8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) [ 424.564371][T13071] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13071 comm=syz-executor.1 05:38:34 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef000300"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:34 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, 0x0) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 424.982498][T13107] FAULT_INJECTION: forcing a failure. [ 424.982498][T13107] name failslab, interval 1, probability 0, space 0, times 0 [ 424.995830][T13107] CPU: 1 PID: 13107 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 425.005263][T13107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 425.015486][T13107] Call Trace: [ 425.019155][T13107] dump_stack+0x1c9/0x220 [ 425.023746][T13107] should_fail+0x8b7/0x9e0 [ 425.028671][T13107] __should_failslab+0x1f6/0x290 [ 425.033850][T13107] should_failslab+0x29/0x70 [ 425.038488][T13107] kmem_cache_alloc_trace+0xf3/0xd70 [ 425.043832][T13107] ? __list_lru_init+0x654/0x1050 [ 425.048921][T13107] ? kmsan_get_metadata+0x11d/0x180 [ 425.054231][T13107] __list_lru_init+0x654/0x1050 [ 425.059164][T13107] alloc_super+0xc94/0xdc0 [ 425.063642][T13107] sget_fc+0x454/0xe40 [ 425.067759][T13107] ? kill_litter_super+0x120/0x120 [ 425.072928][T13107] ? test_single_super+0x30/0x30 [ 425.077967][T13107] get_tree_keyed+0xb8/0x430 [ 425.082608][T13107] ? mqueue_get_tree+0xc0/0xc0 [ 425.087599][T13107] mqueue_get_tree+0x94/0xc0 [ 425.092273][T13107] ? mqueue_fs_context_free+0xa0/0xa0 [ 425.097742][T13107] vfs_get_tree+0xdd/0x580 [ 425.102357][T13107] fc_mount+0x53/0x150 [ 425.106535][T13107] mq_init_ns+0x550/0x730 [ 425.111080][T13107] copy_ipcs+0x40a/0x7f0 [ 425.115449][T13107] create_new_namespaces+0x550/0x11e0 [ 425.120935][T13107] ? kmsan_get_metadata+0x11d/0x180 [ 425.126365][T13107] unshare_nsproxy_namespaces+0x25e/0x340 [ 425.132190][T13107] ksys_unshare+0x8d5/0x1120 [ 425.136876][T13107] ? prepare_exit_to_usermode+0x1ca/0x520 [ 425.142871][T13107] __ia32_sys_unshare+0x58/0x80 [ 425.147794][T13107] ? __se_sys_unshare+0x60/0x60 [ 425.152837][T13107] do_fast_syscall_32+0x3c7/0x6e0 [ 425.158012][T13107] entry_SYSENTER_compat+0x68/0x77 [ 425.163174][T13107] RIP: 0023:0xf7f6bd99 [ 425.167530][T13107] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 425.187808][T13107] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 425.197036][T13107] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 425.205675][T13107] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 425.213721][T13107] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 425.224798][T13107] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 425.233138][T13107] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:35 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3"], 0x1a) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:35 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000340)="0f019207000f22536467660f388121d9fa0f38cdcf0fdc1e6da80f01f20f01c3baf80c66b8ad491b8466efbafc0cb009ee66b98404000066b83163974666baffffffff0f30", 0x45}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:38:35 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={0x0, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:38:35 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) creat(&(0x7f0000000100)='./file0\x00', 0x0) 05:38:35 executing program 2 (fault-call:1 fault-nth:29): unshare(0x2a000400) unshare(0x8000400) [ 425.911305][T13131] FAULT_INJECTION: forcing a failure. [ 425.911305][T13131] name failslab, interval 1, probability 0, space 0, times 0 [ 425.925886][T13131] CPU: 0 PID: 13131 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 425.934642][T13131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 425.945390][T13131] Call Trace: [ 425.948808][T13131] dump_stack+0x1c9/0x220 [ 425.953261][T13131] should_fail+0x8b7/0x9e0 05:38:36 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={0x0, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) [ 425.957827][T13131] __should_failslab+0x1f6/0x290 [ 425.962887][T13131] should_failslab+0x29/0x70 [ 425.967588][T13131] kmem_cache_alloc_trace+0xf3/0xd70 [ 425.973343][T13131] ? __list_lru_init+0x654/0x1050 [ 425.978566][T13131] ? kmsan_get_metadata+0x11d/0x180 [ 425.984150][T13131] __list_lru_init+0x654/0x1050 [ 425.989532][T13131] alloc_super+0xc94/0xdc0 [ 425.994765][T13131] sget_fc+0x454/0xe40 [ 425.999196][T13131] ? kill_litter_super+0x120/0x120 [ 426.005114][T13131] ? test_single_super+0x30/0x30 [ 426.010419][T13131] get_tree_keyed+0xb8/0x430 [ 426.016511][T13131] ? mqueue_get_tree+0xc0/0xc0 [ 426.021463][T13131] mqueue_get_tree+0x94/0xc0 [ 426.026294][T13131] ? mqueue_fs_context_free+0xa0/0xa0 [ 426.031889][T13131] vfs_get_tree+0xdd/0x580 [ 426.036750][T13131] fc_mount+0x53/0x150 [ 426.040925][T13131] mq_init_ns+0x550/0x730 [ 426.045838][T13131] copy_ipcs+0x40a/0x7f0 [ 426.050421][T13131] create_new_namespaces+0x550/0x11e0 [ 426.055876][T13131] ? kmsan_get_metadata+0x11d/0x180 [ 426.061190][T13131] unshare_nsproxy_namespaces+0x25e/0x340 [ 426.066976][T13131] ksys_unshare+0x8d5/0x1120 [ 426.071739][T13131] ? prepare_exit_to_usermode+0x1ca/0x520 [ 426.077559][T13131] __ia32_sys_unshare+0x58/0x80 [ 426.082495][T13131] ? __se_sys_unshare+0x60/0x60 [ 426.087438][T13131] do_fast_syscall_32+0x3c7/0x6e0 [ 426.092549][T13131] entry_SYSENTER_compat+0x68/0x77 [ 426.098958][T13131] RIP: 0023:0xf7f6bd99 [ 426.103187][T13131] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 426.124155][T13131] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 426.133140][T13131] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 426.141262][T13131] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 426.149757][T13131] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 05:38:36 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3"], 0x1a) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 426.157785][T13131] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 426.165981][T13131] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:36 executing program 4: getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}, 0x0, 0x0, 0x0, 0xe}, &(0x7f00000004c0)=0x20) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = socket$inet6(0xa, 0x1, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup3(r1, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@local={0xfe, 0x80, [0xa4ffffff]}}, &(0x7f00000004c0)=0x20) 05:38:36 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef000300"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:36 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={0x0, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)=0x2) 05:38:36 executing program 2 (fault-call:1 fault-nth:30): unshare(0x2a000400) unshare(0x8000400) 05:38:36 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3"], 0x1a) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 426.708665][T13148] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 426.718783][T13148] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 05:38:36 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) creat(&(0x7f0000000100)='./file0\x00', 0x0) 05:38:37 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000080)=0x2) 05:38:37 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="0500000000000000000004000000"], 0x14}, 0x1, 0x6c}, 0x0) io_cancel(0x0, 0x0, 0x0) [ 427.006083][T13157] FAULT_INJECTION: forcing a failure. [ 427.006083][T13157] name failslab, interval 1, probability 0, space 0, times 0 [ 427.020760][T13157] CPU: 1 PID: 13157 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 427.020791][T13157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 427.020808][T13157] Call Trace: [ 427.020871][T13157] dump_stack+0x1c9/0x220 [ 427.020945][T13157] should_fail+0x8b7/0x9e0 [ 427.021040][T13157] __should_failslab+0x1f6/0x290 05:38:37 executing program 2 (fault-call:1 fault-nth:31): unshare(0x2a000400) unshare(0x8000400) [ 427.021098][T13157] should_failslab+0x29/0x70 [ 427.021143][T13157] __kmalloc+0xae/0x450 [ 427.021223][T13157] ? __msan_metadata_ptr_for_store_8+0x13/0x20 05:38:37 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000080)=0x2) [ 427.021281][T13157] ? kmsan_get_metadata+0x11d/0x180 [ 427.021338][T13157] ? __list_lru_init+0x126/0x1050 [ 427.021406][T13157] __list_lru_init+0x126/0x1050 [ 427.021493][T13157] alloc_super+0xd45/0xdc0 05:38:37 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, 0x0}) r2 = getpid() tgkill(r2, r1, 0x0) [ 427.021562][T13157] sget_fc+0x454/0xe40 [ 427.021619][T13157] ? kill_litter_super+0x120/0x120 [ 427.021680][T13157] ? test_single_super+0x30/0x30 [ 427.021743][T13157] get_tree_keyed+0xb8/0x430 [ 427.021812][T13157] ? mqueue_get_tree+0xc0/0xc0 05:38:37 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef000300"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 427.021883][T13157] mqueue_get_tree+0x94/0xc0 [ 427.021948][T13157] ? mqueue_fs_context_free+0xa0/0xa0 [ 427.022042][T13157] vfs_get_tree+0xdd/0x580 [ 427.022112][T13157] fc_mount+0x53/0x150 [ 427.022168][T13157] mq_init_ns+0x550/0x730 [ 427.022240][T13157] copy_ipcs+0x40a/0x7f0 [ 427.022330][T13157] create_new_namespaces+0x550/0x11e0 [ 427.022391][T13157] ? kmsan_get_metadata+0x11d/0x180 [ 427.022481][T13157] unshare_nsproxy_namespaces+0x25e/0x340 05:38:37 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000080)=0x2) 05:38:37 executing program 2 (fault-call:1 fault-nth:32): unshare(0x2a000400) unshare(0x8000400) [ 427.022550][T13157] ksys_unshare+0x8d5/0x1120 [ 427.022611][T13157] ? prepare_exit_to_usermode+0x1ca/0x520 [ 427.022692][T13157] __ia32_sys_unshare+0x58/0x80 [ 427.022749][T13157] ? __se_sys_unshare+0x60/0x60 [ 427.022808][T13157] do_fast_syscall_32+0x3c7/0x6e0 05:38:38 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) readv(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) [ 427.022894][T13157] entry_SYSENTER_compat+0x68/0x77 [ 427.022930][T13157] RIP: 0023:0xf7f6bd99 [ 427.023004][T13157] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 05:38:38 executing program 4: socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xbb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f0000000180), &(0x7f00000001c0)=0x4) pipe2$9p(&(0x7f0000000080), 0x4800) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='net/dev\x00') perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 427.023032][T13157] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 427.023084][T13157] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 427.023115][T13157] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 427.023147][T13157] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 427.023176][T13157] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 427.023207][T13157] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 427.067104][T13159] 9pnet: Insufficient options for proto=fd [ 427.550113][T13172] FAULT_INJECTION: forcing a failure. [ 427.550113][T13172] name failslab, interval 1, probability 0, space 0, times 0 [ 427.550347][T13172] CPU: 0 PID: 13172 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 427.550385][T13172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 427.550404][T13172] Call Trace: [ 427.550473][T13172] dump_stack+0x1c9/0x220 [ 427.550550][T13172] should_fail+0x8b7/0x9e0 [ 427.550646][T13172] __should_failslab+0x1f6/0x290 [ 427.550715][T13172] should_failslab+0x29/0x70 [ 427.550769][T13172] __kmalloc_node+0x1b1/0x11f0 [ 427.550839][T13172] ? kvmalloc_node+0x19a/0x3c0 [ 427.550923][T13172] kvmalloc_node+0x19a/0x3c0 [ 427.551008][T13172] __list_lru_init+0x55e/0x1050 [ 427.551096][T13172] alloc_super+0xd45/0xdc0 [ 427.551168][T13172] sget_fc+0x454/0xe40 [ 427.551229][T13172] ? kill_litter_super+0x120/0x120 [ 427.551294][T13172] ? test_single_super+0x30/0x30 [ 427.551367][T13172] get_tree_keyed+0xb8/0x430 [ 427.551434][T13172] ? mqueue_get_tree+0xc0/0xc0 [ 427.551496][T13172] mqueue_get_tree+0x94/0xc0 [ 427.551561][T13172] ? mqueue_fs_context_free+0xa0/0xa0 [ 427.551619][T13172] vfs_get_tree+0xdd/0x580 [ 427.551683][T13172] fc_mount+0x53/0x150 [ 427.551746][T13172] mq_init_ns+0x550/0x730 [ 427.551813][T13172] copy_ipcs+0x40a/0x7f0 [ 427.551899][T13172] create_new_namespaces+0x550/0x11e0 [ 427.551960][T13172] ? kmsan_get_metadata+0x11d/0x180 [ 427.552049][T13172] unshare_nsproxy_namespaces+0x25e/0x340 [ 427.552120][T13172] ksys_unshare+0x8d5/0x1120 [ 427.552184][T13172] ? prepare_exit_to_usermode+0x1ca/0x520 [ 427.552266][T13172] __ia32_sys_unshare+0x58/0x80 [ 427.552318][T13172] ? __se_sys_unshare+0x60/0x60 [ 427.552381][T13172] do_fast_syscall_32+0x3c7/0x6e0 [ 427.552466][T13172] entry_SYSENTER_compat+0x68/0x77 [ 427.552500][T13172] RIP: 0023:0xf7f6bd99 [ 427.552565][T13172] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 427.552592][T13172] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 427.552644][T13172] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 427.552675][T13172] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 427.552705][T13172] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 427.552737][T13172] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 427.552767][T13172] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 428.006407][T13184] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 428.006452][T13184] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 428.210496][T13191] FAULT_INJECTION: forcing a failure. [ 428.210496][T13191] name failslab, interval 1, probability 0, space 0, times 0 [ 428.210555][T13191] CPU: 1 PID: 13191 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 428.210586][T13191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 428.210604][T13191] Call Trace: [ 428.210671][T13191] dump_stack+0x1c9/0x220 [ 428.210745][T13191] should_fail+0x8b7/0x9e0 [ 428.210837][T13191] __should_failslab+0x1f6/0x290 [ 428.210912][T13191] should_failslab+0x29/0x70 [ 428.210966][T13191] kmem_cache_alloc_trace+0xf3/0xd70 [ 428.211035][T13191] ? __list_lru_init+0x654/0x1050 [ 428.211110][T13191] ? kmsan_get_metadata+0x11d/0x180 [ 428.211182][T13191] __list_lru_init+0x654/0x1050 [ 428.211264][T13191] alloc_super+0xc94/0xdc0 [ 428.211333][T13191] sget_fc+0x454/0xe40 [ 428.211389][T13191] ? kill_litter_super+0x120/0x120 [ 428.211451][T13191] ? test_single_super+0x30/0x30 [ 428.211515][T13191] get_tree_keyed+0xb8/0x430 [ 428.211580][T13191] ? mqueue_get_tree+0xc0/0xc0 [ 428.211654][T13191] mqueue_get_tree+0x94/0xc0 [ 428.211718][T13191] ? mqueue_fs_context_free+0xa0/0xa0 [ 428.211777][T13191] vfs_get_tree+0xdd/0x580 [ 428.211840][T13191] fc_mount+0x53/0x150 [ 428.211910][T13191] mq_init_ns+0x550/0x730 [ 428.211984][T13191] copy_ipcs+0x40a/0x7f0 [ 428.212073][T13191] create_new_namespaces+0x550/0x11e0 [ 428.212135][T13191] ? kmsan_get_metadata+0x11d/0x180 [ 428.212228][T13191] unshare_nsproxy_namespaces+0x25e/0x340 [ 428.212298][T13191] ksys_unshare+0x8d5/0x1120 [ 428.212364][T13191] ? prepare_exit_to_usermode+0x1ca/0x520 [ 428.212447][T13191] __ia32_sys_unshare+0x58/0x80 [ 428.212499][T13191] ? __se_sys_unshare+0x60/0x60 [ 428.212559][T13191] do_fast_syscall_32+0x3c7/0x6e0 [ 428.212644][T13191] entry_SYSENTER_compat+0x68/0x77 [ 428.212681][T13191] RIP: 0023:0xf7f6bd99 [ 428.212746][T13191] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 428.212773][T13191] RSP: 002b:00000000f5d450cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 05:38:39 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0"], 0x1e) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:39 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, 0x0) 05:38:39 executing program 2 (fault-call:1 fault-nth:33): unshare(0x2a000400) unshare(0x8000400) 05:38:39 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) readv(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) 05:38:39 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef0003000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:39 executing program 4: restart_syscall() ioctl$TIOCSISO7816(0xffffffffffffffff, 0xc0285443, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) gettid() sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9, 0x1, 'veth\x00'}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x26}}}}, @IFLA_NET_NS_PID={0x8}]}, 0x50}}, 0x0) [ 428.212827][T13191] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 428.212860][T13191] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 428.212899][T13191] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 428.212930][T13191] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 428.212961][T13191] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 429.481068][T13214] FAULT_INJECTION: forcing a failure. [ 429.481068][T13214] name failslab, interval 1, probability 0, space 0, times 0 [ 429.494341][T13214] CPU: 0 PID: 13214 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 429.503407][T13214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 429.514185][T13214] Call Trace: [ 429.517893][T13214] dump_stack+0x1c9/0x220 [ 429.522346][T13214] should_fail+0x8b7/0x9e0 [ 429.526899][T13214] __should_failslab+0x1f6/0x290 [ 429.531975][T13214] should_failslab+0x29/0x70 [ 429.536774][T13214] kmem_cache_alloc_trace+0xf3/0xd70 [ 429.542209][T13214] ? __list_lru_init+0x654/0x1050 [ 429.547453][T13214] ? kmsan_get_metadata+0x11d/0x180 [ 429.552806][T13214] __list_lru_init+0x654/0x1050 [ 429.557893][T13214] alloc_super+0xd45/0xdc0 [ 429.562429][T13214] sget_fc+0x454/0xe40 [ 429.566966][T13214] ? kill_litter_super+0x120/0x120 [ 429.572414][T13214] ? test_single_super+0x30/0x30 [ 429.577565][T13214] get_tree_keyed+0xb8/0x430 [ 429.582254][T13214] ? mqueue_get_tree+0xc0/0xc0 [ 429.587141][T13214] mqueue_get_tree+0x94/0xc0 [ 429.591823][T13214] ? mqueue_fs_context_free+0xa0/0xa0 [ 429.601756][T13214] vfs_get_tree+0xdd/0x580 [ 429.606383][T13214] fc_mount+0x53/0x150 [ 429.610694][T13214] mq_init_ns+0x550/0x730 [ 429.615273][T13214] copy_ipcs+0x40a/0x7f0 [ 429.619813][T13214] create_new_namespaces+0x550/0x11e0 [ 429.625268][T13214] ? kmsan_get_metadata+0x11d/0x180 [ 429.630741][T13214] unshare_nsproxy_namespaces+0x25e/0x340 [ 429.637172][T13214] ksys_unshare+0x8d5/0x1120 [ 429.642483][T13214] ? prepare_exit_to_usermode+0x1ca/0x520 [ 429.648426][T13214] __ia32_sys_unshare+0x58/0x80 [ 429.654353][T13214] ? __se_sys_unshare+0x60/0x60 [ 429.659765][T13214] do_fast_syscall_32+0x3c7/0x6e0 [ 429.665184][T13214] entry_SYSENTER_compat+0x68/0x77 [ 429.670610][T13214] RIP: 0023:0xf7f6bd99 [ 429.674792][T13214] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 429.695248][T13214] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 429.703821][T13214] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 429.712103][T13214] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 429.720834][T13214] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 05:38:39 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) readv(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) [ 429.729224][T13214] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 429.737457][T13214] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 429.802181][T13212] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 05:38:39 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, 0x0) 05:38:40 executing program 2 (fault-call:1 fault-nth:34): unshare(0x2a000400) unshare(0x8000400) 05:38:40 executing program 4: socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000d06000), 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) pipe2$9p(&(0x7f0000000080), 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a0900000065002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xfffffffffffffeb4}], 0xb3e, 0x0, 0x0, 0xfffffe41) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='net/dev\x00') perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 430.217389][T13229] FAULT_INJECTION: forcing a failure. [ 430.217389][T13229] name failslab, interval 1, probability 0, space 0, times 0 [ 430.231487][T13229] CPU: 1 PID: 13229 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 430.240447][T13229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 430.250781][T13229] Call Trace: [ 430.254173][T13229] dump_stack+0x1c9/0x220 [ 430.258615][T13229] should_fail+0x8b7/0x9e0 [ 430.263165][T13229] __should_failslab+0x1f6/0x290 [ 430.268211][T13229] should_failslab+0x29/0x70 [ 430.272900][T13229] kmem_cache_alloc_trace+0xf3/0xd70 [ 430.278509][T13229] ? __list_lru_init+0x654/0x1050 [ 430.284122][T13229] ? kmsan_get_metadata+0x11d/0x180 [ 430.289667][T13229] __list_lru_init+0x654/0x1050 [ 430.295091][T13229] alloc_super+0xd45/0xdc0 [ 430.299819][T13229] sget_fc+0x454/0xe40 [ 430.304020][T13229] ? kill_litter_super+0x120/0x120 [ 430.309243][T13229] ? test_single_super+0x30/0x30 [ 430.314351][T13229] get_tree_keyed+0xb8/0x430 [ 430.319389][T13229] ? mqueue_get_tree+0xc0/0xc0 [ 430.324387][T13229] mqueue_get_tree+0x94/0xc0 [ 430.329313][T13229] ? mqueue_fs_context_free+0xa0/0xa0 [ 430.334785][T13229] vfs_get_tree+0xdd/0x580 [ 430.339478][T13229] fc_mount+0x53/0x150 [ 430.344787][T13229] mq_init_ns+0x550/0x730 [ 430.349263][T13229] copy_ipcs+0x40a/0x7f0 [ 430.353713][T13229] create_new_namespaces+0x550/0x11e0 [ 430.359194][T13229] ? kmsan_get_metadata+0x11d/0x180 [ 430.364530][T13229] unshare_nsproxy_namespaces+0x25e/0x340 [ 430.370363][T13229] ksys_unshare+0x8d5/0x1120 [ 430.375090][T13229] ? prepare_exit_to_usermode+0x1ca/0x520 [ 430.380924][T13229] __ia32_sys_unshare+0x58/0x80 [ 430.385846][T13229] ? __se_sys_unshare+0x60/0x60 [ 430.390761][T13229] do_fast_syscall_32+0x3c7/0x6e0 [ 430.395883][T13229] entry_SYSENTER_compat+0x68/0x77 [ 430.401205][T13229] RIP: 0023:0xf7f6bd99 [ 430.405510][T13229] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 430.425635][T13229] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 430.434213][T13229] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 430.442930][T13229] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 430.451322][T13229] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 430.459539][T13229] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 05:38:40 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, 0x0) 05:38:40 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef0003000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 430.467739][T13229] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:40 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0"], 0x1e) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:40 executing program 5: r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) [ 430.868300][T13244] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 430.878285][T13244] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 05:38:41 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)) [ 430.959124][T13244] selinux_netlink_send: 35 callbacks suppressed [ 430.959170][T13244] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13244 comm=syz-executor.1 05:38:41 executing program 2 (fault-call:1 fault-nth:35): unshare(0x2a000400) unshare(0x8000400) 05:38:41 executing program 4: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet_udp(0x2, 0x2, 0x0) restart_syscall() r1 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSISO7816(r1, 0xc0285443, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) ioctl$TIOCL_UNBLANKSCREEN(r1, 0x541c, &(0x7f0000000280)) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x6}, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = gettid() sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9, 0x1, 'veth\x00'}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x26}}}}, @IFLA_NET_NS_PID={0x8, 0x13, r4}]}, 0x50}}, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x40000, 0x0, 0x0, 0x9, 0x7f}, 0x0, 0x0, r2, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGSKNS(r5, 0x894c, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r5, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, 0x2, 0x8, 0x3, 0x0, 0x0, {0xc, 0x0, 0x2}, [@CTA_TIMEOUT_L4PROTO={0x5}, @CTA_TIMEOUT_L4PROTO={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$P9_RMKNOD(r6, &(0x7f00000000c0)={0x14, 0x13, 0x1, {0x80}}, 0x14) semget$private(0x0, 0x20000000102, 0x0) [ 431.024281][T13244] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13244 comm=syz-executor.1 [ 431.144964][T13244] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13244 comm=syz-executor.1 05:38:41 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0"], 0x1e) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 431.251002][T13244] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13244 comm=syz-executor.1 [ 431.287796][T13244] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13244 comm=syz-executor.1 [ 431.341658][T13257] FAULT_INJECTION: forcing a failure. [ 431.341658][T13257] name failslab, interval 1, probability 0, space 0, times 0 [ 431.356090][T13257] CPU: 0 PID: 13257 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 431.365105][T13257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 431.375428][T13257] Call Trace: [ 431.379605][T13257] dump_stack+0x1c9/0x220 [ 431.384257][T13257] should_fail+0x8b7/0x9e0 [ 431.389214][T13257] __should_failslab+0x1f6/0x290 [ 431.392810][T13259] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 431.394390][T13257] should_failslab+0x29/0x70 [ 431.394473][T13257] kmem_cache_alloc_trace+0xf3/0xd70 [ 431.414673][T13257] ? __list_lru_init+0x654/0x1050 [ 431.419812][T13257] ? kmsan_get_metadata+0x11d/0x180 [ 431.425382][T13257] __list_lru_init+0x654/0x1050 [ 431.430672][T13257] alloc_super+0xd45/0xdc0 [ 431.435272][T13257] sget_fc+0x454/0xe40 [ 431.440398][T13257] ? kill_litter_super+0x120/0x120 [ 431.445843][T13257] ? test_single_super+0x30/0x30 [ 431.451265][T13257] get_tree_keyed+0xb8/0x430 [ 431.455961][T13257] ? mqueue_get_tree+0xc0/0xc0 [ 431.460903][T13257] mqueue_get_tree+0x94/0xc0 [ 431.467196][T13257] ? mqueue_fs_context_free+0xa0/0xa0 [ 431.472904][T13257] vfs_get_tree+0xdd/0x580 [ 431.477770][T13257] fc_mount+0x53/0x150 [ 431.482097][T13257] mq_init_ns+0x550/0x730 [ 431.486588][T13257] copy_ipcs+0x40a/0x7f0 [ 431.491197][T13257] create_new_namespaces+0x550/0x11e0 [ 431.496758][T13257] ? kmsan_get_metadata+0x11d/0x180 [ 431.502068][T13257] unshare_nsproxy_namespaces+0x25e/0x340 [ 431.508391][T13257] ksys_unshare+0x8d5/0x1120 [ 431.514148][T13257] ? prepare_exit_to_usermode+0x1ca/0x520 [ 431.519956][T13257] __ia32_sys_unshare+0x58/0x80 [ 431.525036][T13257] ? __se_sys_unshare+0x60/0x60 [ 431.530475][T13257] do_fast_syscall_32+0x3c7/0x6e0 [ 431.535578][T13257] entry_SYSENTER_compat+0x68/0x77 [ 431.540725][T13257] RIP: 0023:0xf7f6bd99 [ 431.544846][T13257] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 431.566408][T13257] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 431.574981][T13257] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 431.583187][T13257] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 05:38:41 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)) [ 431.591396][T13257] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 431.599485][T13257] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 431.607896][T13257] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 431.628784][T13244] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13244 comm=syz-executor.1 [ 431.682916][T13244] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13244 comm=syz-executor.1 [ 431.713987][T13244] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13244 comm=syz-executor.1 [ 431.741738][T13261] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2050 sclass=netlink_route_socket pid=13261 comm=syz-executor.4 [ 431.758820][T13244] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13244 comm=syz-executor.1 05:38:41 executing program 5: r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) 05:38:41 executing program 2 (fault-call:1 fault-nth:36): unshare(0x2a000400) unshare(0x8000400) 05:38:42 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef0003000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:42 executing program 4: r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) dup3(r1, r0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) io_setup(0x40000000008, &(0x7f0000000240)=0x0) io_submit(r4, 0x4, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x8, 0x0, 0x0, r0, &(0x7f0000000000), 0x40000}]) [ 432.165290][T13274] FAULT_INJECTION: forcing a failure. [ 432.165290][T13274] name failslab, interval 1, probability 0, space 0, times 0 [ 432.179642][T13274] CPU: 1 PID: 13274 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 432.188888][T13274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 432.199818][T13274] Call Trace: [ 432.203283][T13274] dump_stack+0x1c9/0x220 [ 432.207802][T13274] should_fail+0x8b7/0x9e0 [ 432.212307][T13274] __should_failslab+0x1f6/0x290 [ 432.217309][T13274] should_failslab+0x29/0x70 [ 432.222089][T13274] kmem_cache_alloc_trace+0xf3/0xd70 [ 432.227819][T13274] ? __list_lru_init+0x654/0x1050 [ 432.233374][T13274] ? kmsan_get_metadata+0x11d/0x180 [ 432.238943][T13274] __list_lru_init+0x654/0x1050 [ 432.244067][T13274] alloc_super+0xd45/0xdc0 [ 432.248757][T13274] sget_fc+0x454/0xe40 [ 432.252937][T13274] ? kill_litter_super+0x120/0x120 [ 432.258231][T13274] ? test_single_super+0x30/0x30 [ 432.263466][T13274] get_tree_keyed+0xb8/0x430 [ 432.268674][T13274] ? mqueue_get_tree+0xc0/0xc0 [ 432.274264][T13274] mqueue_get_tree+0x94/0xc0 [ 432.279448][T13274] ? mqueue_fs_context_free+0xa0/0xa0 [ 432.285161][T13274] vfs_get_tree+0xdd/0x580 [ 432.290060][T13274] fc_mount+0x53/0x150 [ 432.295005][T13274] mq_init_ns+0x550/0x730 [ 432.299773][T13274] copy_ipcs+0x40a/0x7f0 [ 432.304805][T13274] create_new_namespaces+0x550/0x11e0 [ 432.310643][T13274] ? kmsan_get_metadata+0x11d/0x180 [ 432.316157][T13274] unshare_nsproxy_namespaces+0x25e/0x340 [ 432.321952][T13274] ksys_unshare+0x8d5/0x1120 [ 432.326891][T13274] ? prepare_exit_to_usermode+0x1ca/0x520 [ 432.332964][T13274] __ia32_sys_unshare+0x58/0x80 [ 432.338080][T13274] ? __se_sys_unshare+0x60/0x60 [ 432.342997][T13274] do_fast_syscall_32+0x3c7/0x6e0 [ 432.348197][T13274] entry_SYSENTER_compat+0x68/0x77 [ 432.353489][T13274] RIP: 0023:0xf7f6bd99 [ 432.357635][T13274] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 432.378013][T13274] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 432.386597][T13274] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 432.395063][T13274] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 432.403450][T13274] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 432.411653][T13274] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 432.419752][T13274] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:42 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x5, 0x2b, 0x0, 0xffffffffffffffff}) r3 = dup(r2) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r3}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40046f41, &(0x7f0000000100)={r4, 0x7000002}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000080)) [ 432.539615][T13279] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 432.550047][T13279] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 05:38:42 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac1"], 0x20) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 432.691561][ T32] audit: type=1804 audit(1583991522.750:109): pid=13283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir500880598/syzkaller.BGNkHm/38/bus" dev="sda1" ino=16593 res=1 [ 432.799061][ T32] audit: type=1804 audit(1583991522.800:110): pid=13283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir500880598/syzkaller.BGNkHm/38/bus" dev="sda1" ino=16593 res=1 05:38:42 executing program 2 (fault-call:1 fault-nth:37): unshare(0x2a000400) unshare(0x8000400) 05:38:42 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61) 05:38:43 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x11, 0x4, 0x4, 0x400, 0x0, 0x1}, 0x40) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$IOC_PR_RESERVE(0xffffffffffffffff, 0x401070c9, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x10020000000, 0x0}, 0x2c) 05:38:43 executing program 5: r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) 05:38:43 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac1"], 0x20) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 433.251730][T13300] FAULT_INJECTION: forcing a failure. [ 433.251730][T13300] name failslab, interval 1, probability 0, space 0, times 0 [ 433.264907][T13300] CPU: 0 PID: 13300 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 433.273675][T13300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 433.283807][T13300] Call Trace: [ 433.287198][T13300] dump_stack+0x1c9/0x220 [ 433.291643][T13300] should_fail+0x8b7/0x9e0 [ 433.296284][T13300] __should_failslab+0x1f6/0x290 [ 433.301324][T13300] should_failslab+0x29/0x70 [ 433.305988][T13300] kmem_cache_alloc_trace+0xf3/0xd70 [ 433.311402][T13300] ? __list_lru_init+0x654/0x1050 [ 433.316553][T13300] ? kmsan_get_metadata+0x11d/0x180 [ 433.322018][T13300] __list_lru_init+0x654/0x1050 [ 433.327082][T13300] alloc_super+0xd45/0xdc0 [ 433.331617][T13300] sget_fc+0x454/0xe40 [ 433.335775][T13300] ? kill_litter_super+0x120/0x120 [ 433.340955][T13300] ? test_single_super+0x30/0x30 [ 433.345952][T13300] get_tree_keyed+0xb8/0x430 [ 433.350599][T13300] ? mqueue_get_tree+0xc0/0xc0 [ 433.355591][T13300] mqueue_get_tree+0x94/0xc0 [ 433.360285][T13300] ? mqueue_fs_context_free+0xa0/0xa0 [ 433.365733][T13300] vfs_get_tree+0xdd/0x580 [ 433.370217][T13300] fc_mount+0x53/0x150 [ 433.374379][T13300] mq_init_ns+0x550/0x730 [ 433.378935][T13300] copy_ipcs+0x40a/0x7f0 [ 433.383277][T13300] create_new_namespaces+0x550/0x11e0 [ 433.388745][T13300] ? kmsan_get_metadata+0x11d/0x180 [ 433.394061][T13300] unshare_nsproxy_namespaces+0x25e/0x340 [ 433.399990][T13300] ksys_unshare+0x8d5/0x1120 [ 433.404659][T13300] ? prepare_exit_to_usermode+0x1ca/0x520 [ 433.410453][T13300] __ia32_sys_unshare+0x58/0x80 [ 433.415393][T13300] ? __se_sys_unshare+0x60/0x60 [ 433.420341][T13300] do_fast_syscall_32+0x3c7/0x6e0 [ 433.425460][T13300] entry_SYSENTER_compat+0x68/0x77 [ 433.430615][T13300] RIP: 0023:0xf7f6bd99 [ 433.434738][T13300] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 433.454701][T13300] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 433.463314][T13300] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 433.471353][T13300] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 433.479376][T13300] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 433.487411][T13300] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 433.495447][T13300] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:43 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61) 05:38:43 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef0003000000000000000008"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:43 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x103400, 0x0) ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f00000000c0)={0x8, 0xfffffffffffff321}) socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r1, 0x400c12f5, &(0x7f0000001cc0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}) r2 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, 0x0) close(0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) socket$inet(0x2, 0x2, 0x2200000088) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000001140)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000000c103000003000000c00300009001000000000000900100000000000000000000f0020000f0020000f0020000f0020000f00200000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000280190010000000000000000000000000000000000000000000000002800736f636b657400000000000000000000000000000000000000000000000200000000000000005800686173686c696d69740000000000000000000000000000000000000000017665746831000000000000000000000024000000000003de00000000000000000000000005000000a60000000000000000000000000000006800435400000000000000000000000000000000000000000000000000000001000000000180000000000000736e6d7000000000000000000000000073797a310000000000"], 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) 05:38:44 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61) 05:38:44 executing program 2 (fault-call:1 fault-nth:38): unshare(0x2a000400) unshare(0x8000400) 05:38:44 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac1"], 0x20) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 434.097050][T13323] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 05:38:44 executing program 5: creat(0x0, 0x0) r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) [ 434.340388][T13333] FAULT_INJECTION: forcing a failure. [ 434.340388][T13333] name failslab, interval 1, probability 0, space 0, times 0 [ 434.353743][T13333] CPU: 1 PID: 13333 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 434.362509][T13333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 434.372617][T13333] Call Trace: [ 434.375975][T13333] dump_stack+0x1c9/0x220 [ 434.380365][T13333] should_fail+0x8b7/0x9e0 [ 434.384950][T13333] __should_failslab+0x1f6/0x290 [ 434.390997][T13333] should_failslab+0x29/0x70 [ 434.395697][T13333] kmem_cache_alloc_trace+0xf3/0xd70 [ 434.401229][T13333] ? __list_lru_init+0x654/0x1050 [ 434.406333][T13333] ? kmsan_get_metadata+0x11d/0x180 [ 434.411779][T13333] __list_lru_init+0x654/0x1050 [ 434.416927][T13333] alloc_super+0xd45/0xdc0 [ 434.421473][T13333] sget_fc+0x454/0xe40 [ 434.426084][T13333] ? kill_litter_super+0x120/0x120 [ 434.431319][T13333] ? test_single_super+0x30/0x30 [ 434.436340][T13333] get_tree_keyed+0xb8/0x430 [ 434.441176][T13333] ? mqueue_get_tree+0xc0/0xc0 [ 434.446496][T13333] mqueue_get_tree+0x94/0xc0 [ 434.451195][T13333] ? mqueue_fs_context_free+0xa0/0xa0 [ 434.456947][T13333] vfs_get_tree+0xdd/0x580 [ 434.461605][T13333] fc_mount+0x53/0x150 [ 434.465954][T13333] mq_init_ns+0x550/0x730 [ 434.470665][T13333] copy_ipcs+0x40a/0x7f0 [ 434.475186][T13333] create_new_namespaces+0x550/0x11e0 [ 434.480621][T13333] ? kmsan_get_metadata+0x11d/0x180 [ 434.486008][T13333] unshare_nsproxy_namespaces+0x25e/0x340 [ 434.491972][T13333] ksys_unshare+0x8d5/0x1120 [ 434.496930][T13333] ? prepare_exit_to_usermode+0x1ca/0x520 [ 434.502733][T13333] __ia32_sys_unshare+0x58/0x80 [ 434.507626][T13333] ? __se_sys_unshare+0x60/0x60 [ 434.512891][T13333] do_fast_syscall_32+0x3c7/0x6e0 [ 434.518039][T13333] entry_SYSENTER_compat+0x68/0x77 [ 434.523206][T13333] RIP: 0023:0xf7f6bd99 [ 434.527351][T13333] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 434.547980][T13333] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 434.556474][T13333] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 434.564511][T13333] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 434.572669][T13333] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 434.580684][T13333] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 434.588706][T13333] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:44 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r0, 0x1) syz_emit_ethernet(0x4a, &(0x7f0000000300)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "083ff2", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "209200", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 05:38:44 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61) 05:38:44 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac148"], 0x21) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:44 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef0003000000000000000008"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:45 executing program 4: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r1, 0x10000000000025, &(0x7f0000000040)={0x1}) fcntl$lock(r0, 0x5, &(0x7f0000000100)) 05:38:45 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f00000005c0)=""/223, 0xfc61) 05:38:45 executing program 2 (fault-call:1 fault-nth:39): unshare(0x2a000400) unshare(0x8000400) [ 435.264864][T13352] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 05:38:45 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac148"], 0x21) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 435.559333][T13363] FAULT_INJECTION: forcing a failure. [ 435.559333][T13363] name failslab, interval 1, probability 0, space 0, times 0 [ 435.572191][T13363] CPU: 1 PID: 13363 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 435.580919][T13363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 435.591014][T13363] Call Trace: [ 435.594386][T13363] dump_stack+0x1c9/0x220 [ 435.598911][T13363] should_fail+0x8b7/0x9e0 [ 435.603434][T13363] __should_failslab+0x1f6/0x290 [ 435.608487][T13363] should_failslab+0x29/0x70 [ 435.613163][T13363] kmem_cache_alloc_trace+0xf3/0xd70 [ 435.618567][T13363] ? __list_lru_init+0x654/0x1050 [ 435.623676][T13363] ? kmsan_get_metadata+0x11d/0x180 [ 435.628952][T13363] __list_lru_init+0x654/0x1050 [ 435.633890][T13363] alloc_super+0xd45/0xdc0 [ 435.638369][T13363] sget_fc+0x454/0xe40 [ 435.642497][T13363] ? kill_litter_super+0x120/0x120 [ 435.647661][T13363] ? test_single_super+0x30/0x30 [ 435.652738][T13363] get_tree_keyed+0xb8/0x430 [ 435.657387][T13363] ? mqueue_get_tree+0xc0/0xc0 [ 435.662327][T13363] mqueue_get_tree+0x94/0xc0 [ 435.667007][T13363] ? mqueue_fs_context_free+0xa0/0xa0 [ 435.672448][T13363] vfs_get_tree+0xdd/0x580 [ 435.676925][T13363] fc_mount+0x53/0x150 [ 435.681054][T13363] mq_init_ns+0x550/0x730 [ 435.685445][T13363] copy_ipcs+0x40a/0x7f0 [ 435.689775][T13363] create_new_namespaces+0x550/0x11e0 [ 435.695200][T13363] ? kmsan_get_metadata+0x11d/0x180 [ 435.700523][T13363] unshare_nsproxy_namespaces+0x25e/0x340 [ 435.706507][T13363] ksys_unshare+0x8d5/0x1120 [ 435.711203][T13363] ? prepare_exit_to_usermode+0x1ca/0x520 [ 435.717440][T13363] __ia32_sys_unshare+0x58/0x80 [ 435.722374][T13363] ? __se_sys_unshare+0x60/0x60 [ 435.727473][T13363] do_fast_syscall_32+0x3c7/0x6e0 [ 435.732602][T13363] entry_SYSENTER_compat+0x68/0x77 [ 435.737786][T13363] RIP: 0023:0xf7f6bd99 [ 435.742028][T13363] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 435.761700][T13363] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 435.770173][T13363] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 435.778179][T13363] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 435.786180][T13363] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 435.794179][T13363] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 435.802268][T13363] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:45 executing program 5: creat(0x0, 0x0) r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) 05:38:45 executing program 4: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f0000000100)={0xa, 0x4e24, 0x0, @loopback}, 0x1c, 0x0}}, {{&(0x7f0000000880)={0xa, 0x4e24, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=[@dontfrag={{0x14, 0x29, 0x3e, 0x9}}], 0x18}}], 0x2, 0x0) 05:38:46 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f00000005c0)=""/223, 0xfc61) 05:38:46 executing program 2 (fault-call:1 fault-nth:40): unshare(0x2a000400) unshare(0x8000400) 05:38:46 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef0003000000000000000008"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:46 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac148"], 0x21) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:46 executing program 4: timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000f00f88)) msgsnd(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="95"], 0x1, 0x0) msgrcv(0x0, &(0x7f0000000300)={0x0, ""/210}, 0xda, 0x3, 0x2000) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000580)={{0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}) 05:38:46 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f00000005c0)=""/223, 0xfc61) [ 436.586840][T13388] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 436.624398][T13388] selinux_netlink_send: 51 callbacks suppressed [ 436.624478][T13388] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13388 comm=syz-executor.1 [ 436.671621][T13391] FAULT_INJECTION: forcing a failure. [ 436.671621][T13391] name failslab, interval 1, probability 0, space 0, times 0 [ 436.685125][T13391] CPU: 0 PID: 13391 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 436.694077][T13391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 436.704292][T13391] Call Trace: [ 436.707660][T13391] dump_stack+0x1c9/0x220 [ 436.712095][T13391] should_fail+0x8b7/0x9e0 [ 436.716635][T13391] __should_failslab+0x1f6/0x290 [ 436.721665][T13391] should_failslab+0x29/0x70 [ 436.726308][T13391] kmem_cache_alloc_trace+0xf3/0xd70 [ 436.731698][T13391] ? __list_lru_init+0x654/0x1050 [ 436.736800][T13391] ? kmsan_get_metadata+0x11d/0x180 [ 436.742075][T13391] __list_lru_init+0x654/0x1050 [ 436.747000][T13391] alloc_super+0xd45/0xdc0 [ 436.751479][T13391] sget_fc+0x454/0xe40 [ 436.755592][T13391] ? kill_litter_super+0x120/0x120 [ 436.760801][T13391] ? test_single_super+0x30/0x30 [ 436.765814][T13391] get_tree_keyed+0xb8/0x430 [ 436.770465][T13391] ? mqueue_get_tree+0xc0/0xc0 [ 436.775462][T13391] mqueue_get_tree+0x94/0xc0 [ 436.780340][T13391] ? mqueue_fs_context_free+0xa0/0xa0 [ 436.785812][T13391] vfs_get_tree+0xdd/0x580 [ 436.790327][T13391] fc_mount+0x53/0x150 [ 436.794467][T13391] mq_init_ns+0x550/0x730 [ 436.798860][T13391] copy_ipcs+0x40a/0x7f0 [ 436.803193][T13391] create_new_namespaces+0x550/0x11e0 [ 436.808634][T13391] ? kmsan_get_metadata+0x11d/0x180 [ 436.814071][T13391] unshare_nsproxy_namespaces+0x25e/0x340 [ 436.819874][T13391] ksys_unshare+0x8d5/0x1120 [ 436.824532][T13391] ? prepare_exit_to_usermode+0x1ca/0x520 [ 436.830382][T13391] __ia32_sys_unshare+0x58/0x80 [ 436.835290][T13391] ? __se_sys_unshare+0x60/0x60 [ 436.840192][T13391] do_fast_syscall_32+0x3c7/0x6e0 [ 436.845459][T13391] entry_SYSENTER_compat+0x68/0x77 [ 436.850605][T13391] RIP: 0023:0xf7f6bd99 [ 436.854727][T13391] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 436.874405][T13391] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 436.882897][T13391] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 436.890938][T13391] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 436.899079][T13391] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 436.908025][T13391] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 436.916065][T13391] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 436.924565][T13388] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13388 comm=syz-executor.1 05:38:47 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(0xffffffffffffffff) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:47 executing program 5: creat(0x0, 0x0) r0 = inotify_init() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) 05:38:47 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61) 05:38:47 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x34a, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000240)) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_GET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14}, 0x14}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x3e7) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) [ 437.233917][T13388] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13388 comm=syz-executor.1 [ 437.325687][T13388] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13388 comm=syz-executor.1 05:38:47 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61) [ 437.382253][T13388] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13388 comm=syz-executor.1 [ 437.411614][T13388] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13388 comm=syz-executor.1 [ 437.430530][T13388] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13388 comm=syz-executor.1 [ 437.451305][T13388] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13388 comm=syz-executor.1 [ 437.473480][T13388] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13388 comm=syz-executor.1 [ 437.527568][T13388] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13388 comm=syz-executor.1 05:38:47 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef000300000000000000000800"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:47 executing program 2 (fault-call:1 fault-nth:41): unshare(0x2a000400) unshare(0x8000400) 05:38:47 executing program 4: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f0000000100)={0xa, 0x4e24, 0x0, @loopback}, 0x1c, 0x0}}, {{&(0x7f0000000880)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=[@hopopts_2292={{0x18}}, @hopopts={{0x18}}], 0x30}}], 0x2, 0x0) [ 438.216338][T13423] FAULT_INJECTION: forcing a failure. [ 438.216338][T13423] name failslab, interval 1, probability 0, space 0, times 0 [ 438.229598][T13423] CPU: 1 PID: 13423 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 438.238348][T13423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 438.248497][T13423] Call Trace: [ 438.251879][T13423] dump_stack+0x1c9/0x220 [ 438.256333][T13423] should_fail+0x8b7/0x9e0 [ 438.260899][T13423] __should_failslab+0x1f6/0x290 [ 438.265984][T13423] should_failslab+0x29/0x70 [ 438.270804][T13423] kmem_cache_alloc_trace+0xf3/0xd70 [ 438.276217][T13423] ? __list_lru_init+0x654/0x1050 [ 438.281611][T13423] ? kmsan_get_metadata+0x11d/0x180 [ 438.286946][T13423] __list_lru_init+0x654/0x1050 [ 438.291934][T13423] alloc_super+0xd45/0xdc0 [ 438.296441][T13423] sget_fc+0x454/0xe40 [ 438.300564][T13423] ? kill_litter_super+0x120/0x120 [ 438.305762][T13423] ? test_single_super+0x30/0x30 [ 438.311659][T13423] get_tree_keyed+0xb8/0x430 [ 438.316677][T13423] ? mqueue_get_tree+0xc0/0xc0 [ 438.321530][T13423] mqueue_get_tree+0x94/0xc0 [ 438.326205][T13423] ? mqueue_fs_context_free+0xa0/0xa0 [ 438.331645][T13423] vfs_get_tree+0xdd/0x580 [ 438.336111][T13423] fc_mount+0x53/0x150 [ 438.340233][T13423] mq_init_ns+0x550/0x730 [ 438.344623][T13423] copy_ipcs+0x40a/0x7f0 [ 438.348965][T13423] create_new_namespaces+0x550/0x11e0 [ 438.354421][T13423] ? kmsan_get_metadata+0x11d/0x180 [ 438.359758][T13423] unshare_nsproxy_namespaces+0x25e/0x340 [ 438.365554][T13423] ksys_unshare+0x8d5/0x1120 [ 438.370196][T13423] ? prepare_exit_to_usermode+0x1ca/0x520 [ 438.376702][T13423] __ia32_sys_unshare+0x58/0x80 [ 438.381789][T13423] ? __se_sys_unshare+0x60/0x60 [ 438.386709][T13423] do_fast_syscall_32+0x3c7/0x6e0 [ 438.391812][T13423] entry_SYSENTER_compat+0x68/0x77 [ 438.396958][T13423] RIP: 0023:0xf7f6bd99 [ 438.401162][T13423] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 438.420925][T13423] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 438.429753][T13423] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 438.437895][T13423] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 438.446745][T13423] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 438.454979][T13423] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 05:38:48 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() readv(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) 05:38:48 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(0xffffffffffffffff) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) [ 438.462995][T13423] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 438.524027][T13425] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 05:38:48 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) 05:38:48 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() readv(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) 05:38:48 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61) 05:38:48 executing program 2 (fault-call:1 fault-nth:42): unshare(0x2a000400) unshare(0x8000400) 05:38:49 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$tmpfs(&(0x7f0000000080)='tmpfs\x00', &(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) [ 439.164702][T13451] FAULT_INJECTION: forcing a failure. [ 439.164702][T13451] name failslab, interval 1, probability 0, space 0, times 0 [ 439.178153][T13451] CPU: 1 PID: 13451 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 439.187231][T13451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 439.197838][T13451] Call Trace: [ 439.201224][T13451] dump_stack+0x1c9/0x220 [ 439.205656][T13451] should_fail+0x8b7/0x9e0 [ 439.210156][T13451] __should_failslab+0x1f6/0x290 [ 439.215154][T13451] should_failslab+0x29/0x70 [ 439.219807][T13451] __kmalloc_node+0x1b1/0x11f0 [ 439.224720][T13451] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 439.230620][T13451] ? kmsan_get_metadata+0x11d/0x180 [ 439.235895][T13451] ? kvmalloc_node+0x19a/0x3c0 [ 439.240915][T13451] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 439.246852][T13451] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 439.252901][T13451] kvmalloc_node+0x19a/0x3c0 [ 439.257575][T13451] __list_lru_init+0x55e/0x1050 [ 439.262515][T13451] alloc_super+0xd45/0xdc0 [ 439.267086][T13451] sget_fc+0x454/0xe40 [ 439.271245][T13451] ? kill_litter_super+0x120/0x120 [ 439.276609][T13451] ? test_single_super+0x30/0x30 [ 439.281614][T13451] get_tree_keyed+0xb8/0x430 [ 439.286288][T13451] ? mqueue_get_tree+0xc0/0xc0 [ 439.291130][T13451] mqueue_get_tree+0x94/0xc0 [ 439.295803][T13451] ? mqueue_fs_context_free+0xa0/0xa0 [ 439.301337][T13451] vfs_get_tree+0xdd/0x580 [ 439.305814][T13451] fc_mount+0x53/0x150 [ 439.309946][T13451] mq_init_ns+0x550/0x730 [ 439.314346][T13451] copy_ipcs+0x40a/0x7f0 [ 439.318758][T13451] create_new_namespaces+0x550/0x11e0 [ 439.324185][T13451] ? kmsan_get_metadata+0x11d/0x180 [ 439.329478][T13451] unshare_nsproxy_namespaces+0x25e/0x340 [ 439.335274][T13451] ksys_unshare+0x8d5/0x1120 [ 439.339951][T13451] ? prepare_exit_to_usermode+0x1ca/0x520 [ 439.345737][T13451] __ia32_sys_unshare+0x58/0x80 [ 439.350666][T13451] ? __se_sys_unshare+0x60/0x60 [ 439.355689][T13451] do_fast_syscall_32+0x3c7/0x6e0 [ 439.360832][T13451] entry_SYSENTER_compat+0x68/0x77 [ 439.366269][T13451] RIP: 0023:0xf7f6bd99 [ 439.370580][T13451] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 439.391933][T13451] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 [ 439.400691][T13451] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 05:38:49 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000030003dfa0000000000000000000000004c000100480001000700010078740000380002802a000600260000006e676c65000000000000000000000000000000000000473c02ef000300000000000000000800"], 0x1}, 0x1, 0x0, 0x0, 0x40c4000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 05:38:49 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61) [ 439.409005][T13451] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 439.417295][T13451] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 439.425587][T13451] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 439.433660][T13451] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 05:38:49 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() readv(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/6, 0x10}], 0x286) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) 05:38:49 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030754e46b67c69d3426a00f0dac14811"], 0x15) r2 = dup(0xffffffffffffffff) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',cf\x00\x00\x00\x00mmap,\x00']) 05:38:49 executing program 2 (fault-call:1 fault-nth:43): unshare(0x2a000400) unshare(0x8000400) 05:38:50 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init() readv(r0, 0x0, 0x0) inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x82a) creat(&(0x7f0000000100)='./file0\x00', 0x0) 05:38:50 executing program 4: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000001000"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140000800201010069706970000040"], 0x3}}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x1000000, 0x1, &(0x7f0000000000)=[{&(0x7f0000000080)="eb3c906d6b66732e666174000204010002000270fff8", 0x268}], 0x0, 0x0) [ 440.070199][T13473] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 440.141411][T13475] FAULT_INJECTION: forcing a failure. [ 440.141411][T13475] name failslab, interval 1, probability 0, space 0, times 0 [ 440.156764][T13475] CPU: 0 PID: 13475 Comm: syz-executor.2 Not tainted 5.6.0-rc2-syzkaller #0 [ 440.166762][T13475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 440.177407][T13475] Call Trace: [ 440.180887][T13475] dump_stack+0x1c9/0x220 [ 440.186481][T13475] should_fail+0x8b7/0x9e0 [ 440.192172][T13475] __should_failslab+0x1f6/0x290 [ 440.197830][T13475] should_failslab+0x29/0x70 [ 440.203602][T13475] kmem_cache_alloc_trace+0xf3/0xd70 [ 440.210502][T13475] ? __list_lru_init+0x654/0x1050 [ 440.216783][T13475] ? kmsan_get_metadata+0x11d/0x180 [ 440.222609][T13475] __list_lru_init+0x654/0x1050 [ 440.229303][T13475] alloc_super+0xd45/0xdc0 [ 440.235720][T13475] sget_fc+0x454/0xe40 [ 440.240345][T13475] ? kill_litter_super+0x120/0x120 [ 440.248216][T13475] ? test_single_super+0x30/0x30 [ 440.254120][T13475] get_tree_keyed+0xb8/0x430 [ 440.258899][T13475] ? mqueue_get_tree+0xc0/0xc0 [ 440.265136][T13475] mqueue_get_tree+0x94/0xc0 [ 440.270174][T13475] ? mqueue_fs_context_free+0xa0/0xa0 [ 440.276188][T13475] vfs_get_tree+0xdd/0x580 [ 440.282458][T13475] fc_mount+0x53/0x150 [ 440.287036][T13475] mq_init_ns+0x550/0x730 [ 440.291542][T13475] copy_ipcs+0x40a/0x7f0 [ 440.296730][T13475] create_new_namespaces+0x550/0x11e0 [ 440.303005][T13475] ? kmsan_get_metadata+0x11d/0x180 [ 440.308382][T13475] unshare_nsproxy_namespaces+0x25e/0x340 [ 440.314467][T13475] ksys_unshare+0x8d5/0x1120 [ 440.320780][T13475] ? prepare_exit_to_usermode+0x1ca/0x520 [ 440.327775][T13475] __ia32_sys_unshare+0x58/0x80 [ 440.333306][T13475] ? __se_sys_unshare+0x60/0x60 [ 440.340160][T13475] do_fast_syscall_32+0x3c7/0x6e0 [ 440.345363][T13475] entry_SYSENTER_compat+0x68/0x77 [ 440.352921][T13475] RIP: 0023:0xf7f6bd99 [ 440.357283][T13475] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 440.382129][T13475] RSP: 002b:00000000f5d660cc EFLAGS: 00000296 ORIG_RAX: 0000000000000136 05:38:50 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61) [ 440.391641][T13475] RAX: ffffffffffffffda RBX: 0000000008000400 RCX: 0000000000000000 [ 440.401423][T13475] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 440.410446][T13475] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 440.419328][T13475] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 440.428082][T13475] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 440.705788][T13481] FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 440.717377][T13481] FAT-fs (loop4): FAT read failed (blocknr 32769) [ 440.726666][T13481] ===================================================== [ 440.736610][T13481] BUG: KMSAN: uninit-value in fat_evict_inode+0x2f4/0x920 [ 440.746616][T13481] CPU: 1 PID: 13481 Comm: syz-executor.4 Not tainted 5.6.0-rc2-syzkaller #0 [ 440.759601][T13481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 440.773843][T13481] Call Trace: [ 440.778619][T13481] dump_stack+0x1c9/0x220 [ 440.784505][T13481] kmsan_report+0xf7/0x1e0 [ 440.790652][T13481] __msan_warning+0x58/0xa0 [ 440.797032][T13481] fat_evict_inode+0x2f4/0x920 [ 440.803417][T13481] ? fat_write_inode+0x250/0x250 [ 440.811137][T13481] evict+0x4ab/0xe10 [ 440.816672][T13481] iput+0xa70/0xe10 [ 440.823752][T13481] fat_fill_super+0x7b5c/0x89b0 [ 440.831157][T13481] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 440.839378][T13481] ? kmsan_get_metadata+0x11d/0x180 [ 440.847084][T13481] vfat_fill_super+0xa6/0xc0 [ 440.853633][T13481] mount_bdev+0x654/0x880 [ 440.858641][T13481] ? vfat_mount+0xe0/0xe0 [ 440.864137][T13481] vfat_mount+0xc9/0xe0 [ 440.869635][T13481] legacy_get_tree+0x169/0x2e0 [ 440.875627][T13481] ? __fat_nfs_get_inode+0x6f0/0x6f0 [ 440.882357][T13481] ? legacy_parse_monolithic+0x2c0/0x2c0 [ 440.889528][T13481] vfs_get_tree+0xdd/0x580 [ 440.894505][T13481] do_mount+0x365c/0x4ac0 [ 440.900223][T13481] ? _copy_from_user+0x15b/0x260 [ 440.905548][T13481] __se_compat_sys_mount+0x3a8/0xa10 [ 440.911438][T13481] ? kmsan_get_metadata+0x4f/0x180 [ 440.917104][T13481] __ia32_compat_sys_mount+0x157/0x1b0 [ 440.923500][T13481] ? locks_show+0x580/0x580 [ 440.928737][T13481] do_fast_syscall_32+0x3c7/0x6e0 [ 440.934227][T13481] entry_SYSENTER_compat+0x68/0x77 [ 440.939555][T13481] RIP: 0023:0xf7f18d99 [ 440.943883][T13481] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 440.965565][T13481] RSP: 002b:00000000f5d12ef0 EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 440.975872][T13481] RAX: ffffffffffffffda RBX: 00000000f5d12f8c RCX: 0000000020000380 [ 440.986856][T13481] RDX: 00000000f5d12f6c RSI: 0000000000000000 RDI: 00000000f5d12fcc [ 440.996999][T13481] RBP: 00000000f5d13168 R08: 0000000000000000 R09: 0000000000000000 [ 441.006928][T13481] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 441.017636][T13481] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 441.027291][T13481] [ 441.030010][T13481] Uninit was created at: [ 441.034912][T13481] kmsan_save_stack_with_flags+0x3c/0x90 [ 441.040930][T13481] kmsan_alloc_page+0x12a/0x310 [ 441.047018][T13481] __alloc_pages_nodemask+0x5712/0x5e80 [ 441.052926][T13481] alloc_pages_current+0x67d/0x990 [ 441.058559][T13481] alloc_slab_page+0x111/0x12f0 [ 441.064563][T13481] new_slab+0x2bc/0x1130 [ 441.069444][T13481] ___slab_alloc+0x1533/0x1f30 [ 441.074564][T13481] kmem_cache_alloc+0xb23/0xd70 [ 441.080264][T13481] fat_alloc_inode+0x58/0x120 [ 441.085572][T13481] new_inode_pseudo+0xb1/0x590 [ 441.091023][T13481] new_inode+0x5a/0x3d0 [ 441.095919][T13481] fat_fill_super+0x634b/0x89b0 [ 441.102460][T13481] vfat_fill_super+0xa6/0xc0 [ 441.107404][T13481] mount_bdev+0x654/0x880 [ 441.112173][T13481] vfat_mount+0xc9/0xe0 [ 441.116714][T13481] legacy_get_tree+0x169/0x2e0 [ 441.123431][T13481] vfs_get_tree+0xdd/0x580 [ 441.128638][T13481] do_mount+0x365c/0x4ac0 [ 441.133544][T13481] __se_compat_sys_mount+0x3a8/0xa10 [ 441.139723][T13481] __ia32_compat_sys_mount+0x157/0x1b0 [ 441.145479][T13481] do_fast_syscall_32+0x3c7/0x6e0 [ 441.150769][T13481] entry_SYSENTER_compat+0x68/0x77 [ 441.156535][T13481] ===================================================== [ 441.164024][T13481] Disabling lock debugging due to kernel taint [ 441.170966][T13481] Kernel panic - not syncing: panic_on_warn set ... [ 441.178470][T13481] CPU: 1 PID: 13481 Comm: syz-executor.4 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 441.189142][T13481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 441.200645][T13481] Call Trace: [ 441.204528][T13481] dump_stack+0x1c9/0x220 [ 441.209619][T13481] panic+0x3d5/0xc3e [ 441.214098][T13481] kmsan_report+0x1df/0x1e0 [ 441.219043][T13481] __msan_warning+0x58/0xa0 [ 441.224262][T13481] fat_evict_inode+0x2f4/0x920 [ 441.229323][T13481] ? fat_write_inode+0x250/0x250 [ 441.234709][T13481] evict+0x4ab/0xe10 [ 441.239495][T13481] iput+0xa70/0xe10 [ 441.243906][T13481] fat_fill_super+0x7b5c/0x89b0 [ 441.249894][T13481] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 441.257059][T13481] ? kmsan_get_metadata+0x11d/0x180 [ 441.262777][T13481] vfat_fill_super+0xa6/0xc0 [ 441.268083][T13481] mount_bdev+0x654/0x880 [ 441.273448][T13481] ? vfat_mount+0xe0/0xe0 [ 441.278735][T13481] vfat_mount+0xc9/0xe0 [ 441.283447][T13481] legacy_get_tree+0x169/0x2e0 [ 441.288768][T13481] ? __fat_nfs_get_inode+0x6f0/0x6f0 [ 441.294553][T13481] ? legacy_parse_monolithic+0x2c0/0x2c0 [ 441.301313][T13481] vfs_get_tree+0xdd/0x580 [ 441.307253][T13481] do_mount+0x365c/0x4ac0 [ 441.312491][T13481] ? _copy_from_user+0x15b/0x260 [ 441.318357][T13481] __se_compat_sys_mount+0x3a8/0xa10 [ 441.324052][T13481] ? kmsan_get_metadata+0x4f/0x180 [ 441.329533][T13481] __ia32_compat_sys_mount+0x157/0x1b0 [ 441.335004][T13481] ? locks_show+0x580/0x580 [ 441.339827][T13481] do_fast_syscall_32+0x3c7/0x6e0 [ 441.345580][T13481] entry_SYSENTER_compat+0x68/0x77 [ 441.350693][T13481] RIP: 0023:0xf7f18d99 [ 441.355325][T13481] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 441.376253][T13481] RSP: 002b:00000000f5d12ef0 EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 441.386324][T13481] RAX: ffffffffffffffda RBX: 00000000f5d12f8c RCX: 0000000020000380 [ 441.396688][T13481] RDX: 00000000f5d12f6c RSI: 0000000000000000 RDI: 00000000f5d12fcc [ 441.405114][T13481] RBP: 00000000f5d13168 R08: 0000000000000000 R09: 0000000000000000 [ 441.419804][T13481] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 441.428442][T13481] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 441.439886][T13481] Kernel Offset: 0x19000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 441.455098][T13481] Rebooting in 86400 seconds..