, 'sip\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0x2}}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x1}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xffffffffffffff65}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xffffffffffffffff}]}, 0xfc}, 0x1, 0x0, 0x0, 0x10}, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') 09:00:45 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0xfdfdffff, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 666.054484] FAULT_INJECTION: forcing a failure. [ 666.054484] name failslab, interval 1, probability 0, space 0, times 0 [ 666.065806] CPU: 0 PID: 21395 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 666.073175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 666.082521] Call Trace: [ 666.085114] dump_stack+0x1c9/0x2b4 [ 666.088742] ? dump_stack_print_info.cold.2+0x52/0x52 [ 666.093932] ? kernel_text_address+0x79/0xf0 [ 666.098346] should_fail.cold.4+0xa/0x1a [ 666.102410] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 666.107518] ? graph_lock+0x170/0x170 [ 666.111725] ? save_stack+0x43/0xd0 [ 666.115356] ? kasan_kmalloc+0xc4/0xe0 [ 666.119246] ? find_held_lock+0x36/0x1c0 [ 666.123314] ? __lock_is_held+0xb5/0x140 [ 666.127387] ? check_same_owner+0x340/0x340 [ 666.131707] ? rcu_note_context_switch+0x730/0x730 [ 666.136641] __should_failslab+0x124/0x180 [ 666.140880] should_failslab+0x9/0x14 [ 666.144680] kmem_cache_alloc_node_trace+0x26f/0x770 [ 666.149790] __kmalloc_node_track_caller+0x33/0x70 [ 666.154720] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 666.159477] __alloc_skb+0x155/0x790 [ 666.163193] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 666.168734] ? skb_scrub_packet+0x580/0x580 [ 666.173058] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 666.178595] ? ip_generic_getfrag+0x124/0x2e0 [ 666.183092] ? ip_reply_glue_bits+0xc0/0xc0 [ 666.187412] ? trace_hardirqs_on+0x10/0x10 [ 666.191653] ? raw_getfrag+0x15b/0x220 [ 666.195537] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 666.200557] __ip_append_data.isra.47+0x2248/0x2a90 [ 666.205577] ? raw_destroy+0x30/0x30 [ 666.209297] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 666.215103] ? ipv4_mtu+0x37d/0x590 [ 666.218734] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 666.224187] ? find_held_lock+0x36/0x1c0 [ 666.228261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 666.233806] ip_append_data.part.48+0xf3/0x180 [ 666.238390] ? raw_destroy+0x30/0x30 [ 666.242119] ip_append_data+0x6d/0x90 [ 666.245919] ? raw_destroy+0x30/0x30 [ 666.249633] raw_sendmsg+0x1db4/0x29c0 [ 666.253533] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 666.258636] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 666.263068] ? find_held_lock+0x36/0x1c0 [ 666.267141] ? lock_downgrade+0x8f0/0x8f0 [ 666.271293] ? lock_release+0xa30/0xa30 [ 666.275263] ? check_same_owner+0x340/0x340 [ 666.279585] ? __check_object_size+0x9d/0x5f2 [ 666.284083] inet_sendmsg+0x1a1/0x690 [ 666.287887] ? ipip_gro_receive+0x100/0x100 [ 666.292215] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 666.297749] ? security_socket_sendmsg+0x94/0xc0 [ 666.302503] ? ipip_gro_receive+0x100/0x100 [ 666.306824] sock_sendmsg+0xd5/0x120 [ 666.310537] __sys_sendto+0x3d7/0x670 [ 666.314341] ? __ia32_sys_getpeername+0xb0/0xb0 [ 666.319012] ? wait_for_completion+0x8d0/0x8d0 [ 666.323596] ? __lock_is_held+0xb5/0x140 [ 666.327665] ? __sb_end_write+0xac/0xe0 [ 666.331646] ? __ia32_sys_read+0xb0/0xb0 [ 666.335706] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 666.341249] __x64_sys_sendto+0xe1/0x1a0 [ 666.345313] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 666.350329] do_syscall_64+0x1b9/0x820 [ 666.354221] ? syscall_return_slowpath+0x5e0/0x5e0 [ 666.359153] ? syscall_return_slowpath+0x31d/0x5e0 [ 666.364086] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 666.369455] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 666.374305] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 666.379492] RIP: 0033:0x455a99 [ 666.382669] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:00:45 executing program 4 (fault-call:4 fault-nth:17): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:45 executing program 1: r0 = open(&(0x7f0000000040)='./file0\x00', 0x28000, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x800001c) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x31, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x3, 0x11, 0xffffffffffffffff, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000002000)={0x0, 0x0, 0x0, 0x791}) 09:00:45 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) getresgid(&(0x7f0000000100), &(0x7f0000000140)=0x0, &(0x7f0000000180)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) setregid(r1, r2) r3 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x8, 0x10001, 0x80000001, 0x3, 0x9}, 0x14) ioctl(r3, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x200000, 0x0) write$tun(r4, &(0x7f0000000380)={@void, @val={0x1, 0x5, 0x3, 0x3, 0x1, 0x8}, @arp=@ether_ipv4={0x1, 0x800, 0x6, 0x4, 0xa, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, @multicast2=0xe0000002, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x21}, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x26) r5 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x400002, 0x0) ioctl$TIOCSSOFTCAR(r5, 0x541a, &(0x7f0000000340)=0x7fff) ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:45 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xffffff80, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:45 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x200000000000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:45 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x100, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffff9c, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r3 = getuid() setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000080)={{{@in=@rand_addr=0x6, @in6, 0x4e21, 0x7, 0x4e22, 0x0, 0xa, 0x80, 0x80, 0x7f, r2, r3}, {0x1, 0x80000001, 0xfffffffffffffff7, 0x5, 0x32, 0x10001, 0x32, 0x5}, {0x1, 0x3, 0x2}, 0xffffffffffffff8d, 0x0, 0x2, 0x0, 0x3, 0x3}, {{@in6=@remote={0xfe, 0x80, [], 0xbb}, 0x4d3, 0xff}, 0x2, @in6=@mcast1={0xff, 0x1, [], 0x1}, 0x3507, 0x1, 0x1, 0x4, 0x2, 0x2, 0xa0d4}}, 0xe8) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 09:00:45 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x100000000000000, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:45 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x74, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 666.402049] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 666.409760] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 666.417027] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 666.424295] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 666.431557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 666.438822] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000010 [ 666.556281] FAULT_INJECTION: forcing a failure. [ 666.556281] name failslab, interval 1, probability 0, space 0, times 0 [ 666.567608] CPU: 1 PID: 21416 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 666.574971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 666.584323] Call Trace: [ 666.586923] dump_stack+0x1c9/0x2b4 [ 666.590571] ? dump_stack_print_info.cold.2+0x52/0x52 [ 666.595852] ? unwind_get_return_address+0x61/0xa0 [ 666.600794] ? graph_lock+0x170/0x170 09:00:45 executing program 7: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") syncfs(r0) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040), &(0x7f00000000c0)=0xb) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000080)={0x67b}, 0x4) [ 666.604600] should_fail.cold.4+0xa/0x1a [ 666.608671] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 666.613776] ? __lock_is_held+0xb5/0x140 [ 666.617838] ? __kmalloc_node_track_caller+0x47/0x70 [ 666.622941] ? graph_lock+0x170/0x170 [ 666.626750] ? find_held_lock+0x36/0x1c0 [ 666.630815] ? __lock_is_held+0xb5/0x140 [ 666.634882] ? check_same_owner+0x340/0x340 [ 666.639206] ? rcu_note_context_switch+0x730/0x730 [ 666.644142] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 666.649427] __should_failslab+0x124/0x180 [ 666.653672] should_failslab+0x9/0x14 [ 666.657483] kmem_cache_alloc_node+0x272/0x780 [ 666.662075] ? __kmalloc_node_track_caller+0x47/0x70 [ 666.667185] __alloc_skb+0x119/0x790 [ 666.670907] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 666.676451] ? skb_scrub_packet+0x580/0x580 [ 666.680782] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 666.686314] ? ip_generic_getfrag+0x124/0x2e0 [ 666.690800] ? ip_reply_glue_bits+0xc0/0xc0 [ 666.695113] ? trace_hardirqs_on+0x10/0x10 [ 666.699355] ? raw_getfrag+0x15b/0x220 [ 666.703229] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 666.708235] __ip_append_data.isra.47+0x2248/0x2a90 [ 666.713254] ? raw_destroy+0x30/0x30 [ 666.716962] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 666.722747] ? ipv4_mtu+0x37d/0x590 [ 666.726373] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 666.731812] ? find_held_lock+0x36/0x1c0 [ 666.735864] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 666.741388] ip_append_data.part.48+0xf3/0x180 [ 666.745954] ? raw_destroy+0x30/0x30 [ 666.749652] ip_append_data+0x6d/0x90 [ 666.753434] ? raw_destroy+0x30/0x30 [ 666.757132] raw_sendmsg+0x1db4/0x29c0 [ 666.761016] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 666.766118] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 666.770529] ? find_held_lock+0x36/0x1c0 [ 666.774579] ? lock_downgrade+0x8f0/0x8f0 [ 666.778714] ? lock_release+0xa30/0xa30 [ 666.782674] ? check_same_owner+0x340/0x340 [ 666.786983] ? __check_object_size+0x9d/0x5f2 [ 666.791467] inet_sendmsg+0x1a1/0x690 [ 666.795252] ? ipip_gro_receive+0x100/0x100 [ 666.799557] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 666.805079] ? security_socket_sendmsg+0x94/0xc0 [ 666.809817] ? ipip_gro_receive+0x100/0x100 [ 666.814126] sock_sendmsg+0xd5/0x120 [ 666.817823] __sys_sendto+0x3d7/0x670 [ 666.821613] ? __ia32_sys_getpeername+0xb0/0xb0 [ 666.826269] ? wait_for_completion+0x8d0/0x8d0 [ 666.830838] ? __lock_is_held+0xb5/0x140 [ 666.834892] ? __sb_end_write+0xac/0xe0 [ 666.838859] ? __ia32_sys_read+0xb0/0xb0 [ 666.842908] ? syscall_slow_exit_work+0x500/0x500 [ 666.847737] __x64_sys_sendto+0xe1/0x1a0 [ 666.851784] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 666.856785] do_syscall_64+0x1b9/0x820 [ 666.860654] ? finish_task_switch+0x1d3/0x890 [ 666.865132] ? syscall_return_slowpath+0x5e0/0x5e0 [ 666.870047] ? syscall_return_slowpath+0x31d/0x5e0 [ 666.874963] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 666.880311] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 666.885140] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 666.890312] RIP: 0033:0x455a99 09:00:46 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x500000000000000, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:46 executing program 1: r0 = socket(0x0, 0x400000000000801, 0x0) r1 = socket$inet6(0xa, 0x202000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f000088c000)={@remote={0xfe, 0x80, [], 0xbb}, 0x0, 0x0, 0x2, 0x80000000000041}, 0x20) dup3(r1, r0, 0x0) 09:00:46 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x80ffffff, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:46 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0xfbffffff00000000, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 666.893483] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 666.912715] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 666.920411] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 666.927660] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 666.934915] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 666.942557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 666.949812] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000011 09:00:46 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x900, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:46 executing program 7: r0 = inotify_init() ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x7fffffff) syz_open_dev$admmidi(&(0x7f0000000180)='/dev/admmidi#\x00', 0x6, 0x0) syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = socket$inet6(0xa, 0x1, 0x10000000000000) ioctl(r1, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") 09:00:46 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x4000000, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:46 executing program 4 (fault-call:4 fault-nth:18): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:46 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0x2, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:46 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x400300, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:46 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:46 executing program 1: prctl$intptr(0x40, 0x8001) r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x5c, 0x80000) ioctl$PPPIOCGFLAGS(r0, 0x8004745a, &(0x7f0000000180)) faccessat(r0, &(0x7f0000000100)='./file0\x00', 0xa1, 0x400) r1 = fcntl$getown(r0, 0x9) ptrace(0xffffffffffffffff, r1) r2 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x8, 0x200000) setsockopt$inet6_MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f00000001c0)={{0xa, 0x4e23, 0x3, @ipv4={[], [0xff, 0xff], @rand_addr=0x2}, 0x6c4a}, {0xa, 0x4e24, 0x8, @empty, 0x101}, 0x8000, [0x4, 0x200, 0x4, 0x400, 0x1, 0xae3, 0x7ae, 0xe20]}, 0x5c) sched_getaffinity(r1, 0xfffffd73, &(0x7f00000000c0)) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000040)=0x1) 09:00:46 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x7, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:46 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = shmget$private(0x0, 0x2000, 0x100, &(0x7f0000ffe000/0x2000)=nil) shmctl$SHM_LOCK(r1, 0xb) r2 = socket$inet6(0xa, 0x1, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x0, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(r3, 0x8040ae69, &(0x7f0000000080)={0x100000000, 0x29f, 0x3, 0x4, 0x9d43}) r4 = add_key(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000500)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000540)="e42e19fc94c6f7e29a3d824d199bde4e2b85df5cac68fe0e9990d3a8b84116c6144288e3bd98c4e781b7703b3a26297866ec1ffc2407f0cdfbecb9a8b7089480108f4b69c962ffba7258559cf2e36d3202ab5c4d22c18381125c34b89624598990189668f3dbc2c2337ec9b1b1b648dd436eeed6eddd9a973c47682e421233832f3f639d0cf96b57054815c2", 0x8c, 0x0) request_key(&(0x7f0000000280)='trusted\x00', &(0x7f0000000440)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000480)='m,cgroup\\bdev:lo*securitycpusetselinuxvmnet1+\x00', r4) ioctl(r0, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") r5 = mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4, 0x1010, 0xffffffffffffffff, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000600)={r5}) ioctl$TIOCSCTTY(r3, 0x540e, 0x4) ioctl$VT_RESIZE(r3, 0x5609, &(0x7f00000000c0)={0x8001, 0x2, 0x200}) setsockopt$inet6_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000200)={0x303, 0x33}, 0x4) getsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000240)=@assoc_value={0x0, 0x200}, &(0x7f0000000400)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f00000002c0)={0x4, 0x8000, 0x20, 0x3, r6}, 0x10) r7 = add_key(&(0x7f0000000100)='user\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000300)="932b81de885be43a40b39b428981a8dddc1515d8eec55f00f5430109a4fd096a5d9abe22445190b148595f2172690b0f88a3a59b22f6a119e37cd31556282f4fd2ece9ed164dadab05c217417804ad7a17dcf3ac0c76c1bdd1b7f20e6fe2ec49f951053b45f83c80e1d29c322be42a6205e788c3d965c2d101bd43bdeb2da0ee19cc8f1111ff5543b20d0424343199bfdcdf9e867274f14e3bd43154018cd765c2fbcfc7cd62c11987606ac87c43", 0xae, 0xfffffffffffffffd) request_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={0x73, 0x79, 0x7a, 0x3}, &(0x7f00000003c0)='\x00', 0xffffffffffffffff) keyctl$unlink(0x9, r7, r7) 09:00:46 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x9, 0x240000) setsockopt$inet_MCAST_LEAVE_GROUP(r1, 0x0, 0x2d, &(0x7f00000000c0)={0x3, {{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x12}}}}, 0x88) setsockopt$inet_MCAST_LEAVE_GROUP(r1, 0x0, 0x2d, &(0x7f0000003f00)={0x9, {{0x2, 0x4e23, @multicast1=0xe0000001}}}, 0x88) timerfd_settime(r1, 0x1, &(0x7f0000000180)={{0x77359400}}, &(0x7f00000001c0)) r2 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x1, 0x41) clock_gettime(0x0, &(0x7f0000003e40)={0x0, 0x0}) recvmmsg(r2, &(0x7f0000003bc0)=[{{&(0x7f0000000200), 0x80, &(0x7f0000000440)=[{&(0x7f0000000280)=""/86, 0x56}, {&(0x7f0000000300)=""/93, 0x5d}, {&(0x7f00000003c0)=""/92, 0x5c}], 0x3, &(0x7f0000000480)=""/154, 0x9a, 0x3}, 0x2}, {{&(0x7f0000000540), 0x80, &(0x7f0000000780)=[{&(0x7f00000005c0)=""/237, 0xed}, {&(0x7f00000006c0)=""/131, 0x83}], 0x2, &(0x7f00000007c0)=""/4096, 0x1000, 0x3}, 0x6279}, {{&(0x7f00000017c0)=@can, 0x80, &(0x7f0000001c40)=[{&(0x7f0000001840)=""/180, 0xb4}, {&(0x7f0000001900)=""/121, 0x79}, {&(0x7f0000001980)=""/96, 0x60}, {&(0x7f0000001a00)=""/112, 0x70}, {&(0x7f0000001a80)=""/163, 0xa3}, {&(0x7f0000001b40)=""/220, 0xdc}], 0x6, &(0x7f0000001cc0)=""/236, 0xec, 0xfe4}, 0x5}, {{&(0x7f0000001dc0)=@ll={0x0, 0x0, 0x0}, 0x80, &(0x7f0000001f00)=[{&(0x7f0000001e40)=""/120, 0x78}, {&(0x7f0000001ec0)=""/34, 0x22}], 0x2, &(0x7f0000001f40)=""/113, 0x71}, 0x200}, {{0x0, 0x0, &(0x7f00000020c0)=[{&(0x7f0000001fc0)=""/74, 0x4a}, {&(0x7f0000002040)=""/89, 0x59}], 0x2, &(0x7f0000002100)=""/187, 0xbb}, 0x1}, {{0x0, 0x0, &(0x7f0000002240)=[{&(0x7f00000021c0)=""/108, 0x6c}], 0x1, &(0x7f0000002280)=""/161, 0xa1, 0x6}, 0x7f}, {{&(0x7f0000002340)=@pppoe={0x0, 0x0, {0x0, @random}}, 0x80, &(0x7f0000002400)=[{&(0x7f00000023c0)=""/49, 0x31}], 0x1, &(0x7f0000002440)=""/226, 0xe2, 0x100000000}, 0x101}, {{&(0x7f0000002540), 0x80, &(0x7f0000002680)=[{&(0x7f00000025c0)=""/161, 0xa1}], 0x1, &(0x7f00000026c0)=""/100, 0x64, 0x2}, 0x8}, {{&(0x7f0000002740)=@pptp={0x0, 0x0, {0x0, @remote}}, 0x80, &(0x7f0000002a40)=[{&(0x7f00000027c0)=""/220, 0xdc}, {&(0x7f00000028c0)=""/142, 0x8e}, {&(0x7f0000002980)=""/185, 0xb9}], 0x3, &(0x7f0000002a80)=""/32, 0x20, 0x5}, 0x80000001}, {{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000002ac0)=""/104, 0x68}, {&(0x7f0000002b40)=""/48, 0x30}], 0x2, &(0x7f0000002bc0)=""/4096, 0x1000, 0x1}, 0x4}], 0xa, 0x40, &(0x7f0000003e80)={r3, r4+30000000}) setsockopt$inet6_IPV6_PKTINFO(r2, 0x29, 0x32, &(0x7f0000003ec0)={@local={0xfe, 0x80, [], 0xaa}, r5}, 0x14) setsockopt$inet_mtu(r2, 0x0, 0xa, &(0x7f0000000040)=0x3, 0x4) 09:00:46 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x3b00000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:46 executing program 1: r0 = socket$inet6(0xa, 0x4, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") bpf$OBJ_PIN_PROG(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='./file0\x00'}, 0x10) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x1, 0x0) ioctl$LOOP_CLR_FD(r1, 0x4c01) 09:00:46 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x68, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:46 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0x2c, 0x0, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:46 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x1000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 667.198425] Unknown ioctl -2143244695 [ 667.213894] Unknown ioctl -1072143861 [ 667.218466] Unknown ioctl 21518 [ 667.235925] Unknown ioctl 22025 [ 667.279056] Unknown ioctl -2143244695 [ 667.303760] Unknown ioctl -1072143861 09:00:46 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f0000000000)=0x0) ptrace$setsig(0x4203, r1, 0x1200000000000000, &(0x7f0000000040)={0x25, 0x9, 0x0, 0x2}) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x101000, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0xbc, &(0x7f00000000c0)=[@in={0x2, 0x4e24, @broadcast=0xffffffff}, @in6={0xa, 0x4e21, 0x9, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}, 0x40000}, @in={0x2, 0x4e24, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x1, 0x5, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, 0x8}, @in6={0xa, 0x4e22, 0x4, @loopback={0x0, 0x1}, 0x100000001}, @in6={0xa, 0x4e21, 0x80000000, @empty, 0x9}, @in={0x2, 0x4e22}, @in6={0xa, 0x4e24, 0x35, @remote={0xfe, 0x80, [], 0xbb}, 0x3ff}]}, &(0x7f00000001c0)=0x10) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000200)={r3, 0x6, "1bdcff84725b"}, &(0x7f0000000240)=0xe) 09:00:46 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x10000000, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:46 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xe000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 667.331691] Unknown ioctl 21518 [ 667.335108] Unknown ioctl 22025 [ 667.499297] FAULT_INJECTION: forcing a failure. [ 667.499297] name failslab, interval 1, probability 0, space 0, times 0 [ 667.510612] CPU: 0 PID: 21492 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 667.517965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 667.527307] Call Trace: [ 667.529895] dump_stack+0x1c9/0x2b4 [ 667.533523] ? dump_stack_print_info.cold.2+0x52/0x52 [ 667.538714] ? kernel_text_address+0x79/0xf0 [ 667.543129] should_fail.cold.4+0xa/0x1a [ 667.547194] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 667.552307] ? graph_lock+0x170/0x170 [ 667.556113] ? save_stack+0x43/0xd0 [ 667.559740] ? kasan_kmalloc+0xc4/0xe0 [ 667.563633] ? find_held_lock+0x36/0x1c0 [ 667.567697] ? __lock_is_held+0xb5/0x140 [ 667.571768] ? check_same_owner+0x340/0x340 [ 667.576089] ? rcu_note_context_switch+0x730/0x730 [ 667.581024] __should_failslab+0x124/0x180 [ 667.585268] should_failslab+0x9/0x14 [ 667.589073] kmem_cache_alloc_node_trace+0x26f/0x770 [ 667.594184] __kmalloc_node_track_caller+0x33/0x70 [ 667.599114] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 667.603871] __alloc_skb+0x155/0x790 [ 667.607590] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.613131] ? skb_scrub_packet+0x580/0x580 [ 667.617451] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.622985] ? ip_generic_getfrag+0x124/0x2e0 [ 667.627481] ? ip_reply_glue_bits+0xc0/0xc0 [ 667.631799] ? trace_hardirqs_on+0x10/0x10 [ 667.636042] ? raw_getfrag+0x15b/0x220 [ 667.639934] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 667.644958] __ip_append_data.isra.47+0x2248/0x2a90 [ 667.649978] ? raw_destroy+0x30/0x30 [ 667.653700] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 667.659505] ? ipv4_mtu+0x37d/0x590 [ 667.663135] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 667.668583] ? find_held_lock+0x36/0x1c0 [ 667.672658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.678200] ip_append_data.part.48+0xf3/0x180 [ 667.682785] ? raw_destroy+0x30/0x30 [ 667.686501] ip_append_data+0x6d/0x90 [ 667.690301] ? raw_destroy+0x30/0x30 [ 667.694016] raw_sendmsg+0x1db4/0x29c0 [ 667.697923] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 667.703028] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 667.707469] ? find_held_lock+0x36/0x1c0 [ 667.711538] ? lock_downgrade+0x8f0/0x8f0 [ 667.715688] ? lock_release+0xa30/0xa30 [ 667.719663] ? check_same_owner+0x340/0x340 [ 667.723985] ? __check_object_size+0x9d/0x5f2 [ 667.728482] inet_sendmsg+0x1a1/0x690 [ 667.732282] ? ipip_gro_receive+0x100/0x100 [ 667.736609] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 667.742146] ? security_socket_sendmsg+0x94/0xc0 [ 667.746904] ? ipip_gro_receive+0x100/0x100 [ 667.751226] sock_sendmsg+0xd5/0x120 [ 667.754939] __sys_sendto+0x3d7/0x670 [ 667.758744] ? __ia32_sys_getpeername+0xb0/0xb0 [ 667.763418] ? wait_for_completion+0x8d0/0x8d0 [ 667.768007] ? __lock_is_held+0xb5/0x140 [ 667.772083] ? __sb_end_write+0xac/0xe0 [ 667.776073] ? __ia32_sys_read+0xb0/0xb0 [ 667.780130] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 667.785671] __x64_sys_sendto+0xe1/0x1a0 [ 667.789735] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 667.794750] do_syscall_64+0x1b9/0x820 [ 667.798641] ? syscall_return_slowpath+0x5e0/0x5e0 [ 667.803572] ? syscall_return_slowpath+0x31d/0x5e0 [ 667.808505] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 667.813874] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 667.818725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 667.823911] RIP: 0033:0x455a99 [ 667.827090] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:00:47 executing program 4 (fault-call:4 fault-nth:19): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:47 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x80000001}, &(0x7f0000000100)=0xfffffdbc) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000140)={0x4, 0x8000, 0x9, 0x10001, r2}, &(0x7f0000000180)=0x10) ioctl(r1, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) r3 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x1f, 0x48000) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) getsockname$packet(r3, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f00000014c0)=0x14) sendto(r3, &(0x7f0000000300)="d5e7d6fb23483e4a5daa00acfbdcc38e6241ed3af57de95c960de8f40e65992acd1d3372ddfc5cabea757baa453d607628f17b1ffb4dbba4a8e5530ab9b06d3f3dc8674571655a9ed8dc38cc3c12e75be35a1b53e7470b3121622ae6739210aef64320ac8eeb0e8b7108b101a67211eafbfe0963051bfca42791acbf41f016e6859b2cd75fc8ad9a3e295305b2db959eb0eae895f2b5d357cd043e7ba164038b9b29be9381f47b9f16", 0xa9, 0x8011, &(0x7f0000001500)=@xdp={0x2c, 0x0, r4, 0x19}, 0x80) ioctl$SG_GET_KEEP_ORPHAN(r3, 0x2288, &(0x7f0000000080)) 09:00:47 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x4800000000000000, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:47 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = socket$alg(0x26, 0x5, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) bind$alg(r1, &(0x7f0000000980)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia-asm)\x00'}, 0x58) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x14) getsockopt$inet6_tcp_buf(r2, 0x6, 0xf, &(0x7f0000000040)=""/233, &(0x7f0000000140)=0xe9) dup3(r0, r1, 0x0) 09:00:47 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x400000000000000, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:47 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xf0, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:47 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0xffffff80, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:47 executing program 3: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffff9c) ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f0000000040)=0xf) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) set_thread_area(&(0x7f0000000000)={0x80, 0xffffffff, 0x1000, 0x8001, 0x3ff, 0x80000001, 0x80000000, 0x7, 0x2, 0x9502}) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) [ 667.846469] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 667.854181] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 667.861449] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 667.869063] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 667.876325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 667.883588] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000012 09:00:47 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x3fffffff, 0x0, 0x0, 0x6, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) r2 = request_key(&(0x7f0000000100)='blacklist\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000180), 0xfffffffffffffff9) request_key(&(0x7f0000000040)='syzkaller\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a, 0x1}, &(0x7f00000000c0)='/dev/loop#\x00', r2) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40000, 0x2) [ 667.993292] FAULT_INJECTION: forcing a failure. [ 667.993292] name failslab, interval 1, probability 0, space 0, times 0 [ 668.004657] CPU: 0 PID: 21514 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 668.012025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 668.021379] Call Trace: [ 668.023976] dump_stack+0x1c9/0x2b4 [ 668.027617] ? dump_stack_print_info.cold.2+0x52/0x52 [ 668.032816] ? unwind_get_return_address+0x61/0xa0 [ 668.037752] ? graph_lock+0x170/0x170 09:00:47 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x30000, 0x0) write$binfmt_elf32(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0xffffffffffffb6bd, 0x5, 0xffff, 0xa9, 0x512c, 0x3, 0x7, 0x9, 0x1b4, 0x38, 0x37c, 0x0, 0x81, 0x20, 0x2, 0x2f, 0x3f, 0x9}, [{0x4, 0x8a81, 0x5afea81a, 0xc0, 0x101, 0x100000001, 0x5, 0x400}], "bd719158e98ff7a3c5264ea0ac1a4db4b32890ebe3113c393222d798579bc804a14045e5dd2c58391c8dda13e36c1c998bd33c65766e1c0fe715fb4a3b98f05cecbde2eb7e0571f612b4d365f6450a0942f34c72982aa4bcf949ff5ee854c176b9fb1d42b609c8aa3c84de1e8479772e0eb5cd1d6a894be1c5205cf1a18249d543e4b4e9671779543bdaec5a86f64b3a5ee3350ab8b1f3db6d9849c69fb191cc6ca7913fba19c15bcb8a445824803af618a32e78a1c17007e1b2199c644b4e6c9d54293ef8e1a2999b77a602900b6f863aa914305e1dcda976954379ca3a9c36280a32e59b928712fd0747fb921cbb4564f3ae5ff7624820ff98501be8df6e1d9403f3e7eaa0f7078386bc97dac7759c720f4492cf2f4a8e2ac79d63eea41340e7a671edf5594dc6fa18293fbc920b27e48691e7c4e39e4485d69deeba66cd1a771b89f7b9dbb09dedeff1ba9b1e811b96804f78581a7960c6cab0465e083942c53f698d37bf0e2d9255c5c36888d54cef95a6f4b20ae21f5878f3eed7489e4e6c72378608d7c013323a751ee6da25c86cd1b8baae634c6b983e8e442a9abb552a3b6e77bb6745a3b0ff636a16396e303ec5e81f5d2018e5c3c11c41af5742341f8c2863b8c9d72324958a349fc829d882aedf07eb0f0b952a11a481fae322478a24009b3dc6f9544445f1d35d09bc353cf7bc99a550eb006b5a2ebed1831862cfb502c310be53e45315616e92f5b414ab94d28185d15fd90fd52bdf706e4c4c59d56923e4d840dc460869196ba3d8a3d3b67010da84358e218bd8f09e7a736d8663a2e86a8546d0d7d3277f8d49dbb088752a219ead846b59f566a93d13003e8d27d8390850be3f87146a5d61acbded6a562b4c9f74f9415069ed1d5e318c778d347b83210b44fead328cd75af3e22921a9d8adf424e7a8292e84b0b6d73711864fbd36c01f5a5e1f6ba3858934a3fd4977ae07a160233fedaf5e4cbed7b0282c5c089e2925ca556aa1dfa0bb268650e9edaa93ec03ab9c4380862cb6e99d6cbc3798471e64634670166c2b78461d812ac02fb94c30a267ed8e0c9185eed629dccd3777b367abb78ab0b2523e0b793106fd2da38480c535966cb2c5b9e1615169d5d2ca63286afa51b5d8bceae0f587f56e05c740b182b6728982345407d901ad059c0ba36297339668876a0c59c0d86035c39a4bb3a5456927ee0f5efb6770b47b5c14c195b508f2158c4170b2af734dd1b9a86852dfe8062478590275eda593db4320a6ec3bf35a7aa9aaaf695871fd1f1c3f66c04fcad44a21463e270e5944aaa19289a5c2d5971be820ce38f3cd92d6c716503a802028d0b2028ec276683db205e5c7b08db694b273c7d594249fbdd251bba90b4522ce5d8fb7e95975f2c32073b26bad17ded7b89e6d07dbb20a3e74f146aa6bcffc84fe5a96c6349b48bc9937ea2092d4526650f822caf31e15eec5ed9497cc4c6e78a7f262aa803f99bd2f61e56d5ca3e9cb21a1518de3b9e3ff49dcbdda6ebe950cf537d39f0d2780acf609438e3a06c7fc635ddf3d103c15f96a9f425c8f62038dc42659ee25bc8f8d63f8d3589e98f85bca9681041210130586fde2e6216ec4dd1df4fdafbdfe0948b7f59e80a92e25f1703de3fcda18c05c04ec1ea5db7b5c7f326a472523d7dfd4a00786c4ad91279dfbcaae901ad896ce6ecc3f3f0d111bcafdc42633cf7681f56a0fd0660e790735932e13ae4bb0e0bf68ffa45ac0f2de1f82d0d1f8610bb1d3395572c7ed0af2555a35e9aacc82979b9cce68d65256410c5c6955453eed3859fbabb16604c9ef682884e3ca6a31e5bf6aa1d94b44d2c102c59db7fa7a1c4a71f76317ba6122b60f5748ad8930d1298668c24ee919f9e76a514e573a2b4f761a9790fb223db52eab7821b019bd8e5140dbaf557331a1f35509f4e2ce133919e330e252a90746edb3401765656756c38dba077d531ed42e650d905063656379e8d751610a511bc07ab6dadfdda545f4774e7f364f0260a1ae73a491ebd6dcc6c6f8108f803d0e12c5069d77a1e5fc3814983b52396af2fa4f8b0b28a9f78a8d122b838ed5f4150330573e35d9e342c453af13782345f7802baded30899cf044bc0289a59195b34c58c82c803b51d309d0f078bc3216b7df3d77a17311b925c7413c2e580e9828ed5cf57c388d380c7f0f2111fcebe724f2bf1b2a12a640d36f98c4506889d9fa6674758c724b1e1ad91dc2b20c22ff84f0149f0f3106fe23954afa1a2dfc00f7d0a009bf5532ec358eeb0cde3b66f23a3a2d060ee7e4b5054beb78c6cfe8488408444e2cbfd5ed2828ded0c5791ef576bf94a5a2c1e6a50114f2eea075d9f7089f50065f1e331d4963c3c4952bcfc9e627b5b28a79ec0525f1eb81910e7055ca5c040b53e1a228ebd630653b6c1fe3409cd6ec608c9c5e75899b0c6b93f1d1624dc5e50d103bb90a8f130f0d69af44b9f3212554eef3d8ed8b7b484d9321526ae9f06990ea0ba15c4c48a8202e800df1337ec21052a41230a8a9d8763d69c33e54db0726318dea4ff4360e7c6e651fb3f3eb211bb00804b902e91ff1780b65ef5986ed2fd95d572192d79769aa297bb719e9444784d457d0ee13733479f92df1da4a4989b9fd8995be321962f0805242032d0a5f049420258e8996be453f30e1a362b1ead851169bc4b68c521113ba0986cde1062639f1389a1f42e77fdb41ac8617dc532bf2b7ce877cb43c898ed2df72f19e5e9949839363fb53c0b76985f7929fd662a4367b5766cd9ad7053f11481f66f9ed22f5db42cf0612b7e47466d0f3dcee51c5f3f2210244a389bfb2c500c85a553670769f33f267647118bacb0434aafb04329438cc65d9fa7e9c9681f3195d95fa7cc0e86723455838a06c8f1fb7391c3ab238a04b4540e52bb0a75cbd8de0e630d02918776120ba9c51627a23e44a2a56f4944ac90cb1fc9714be02e51b06731eb8754d9bde94603cfa3fddc70fe216c583d6a860a1de8b306790b10c2e52ebbd9b722351d7fb60717089a83f9ff9aa43ed3ca19f35b09a92a92d6423a0be8dc390192485338906f5dbea0e217dfc5954514553cb555cd24e0a7e6031c125260e592a154d188196e2388a85a2807cb0f490867f117e70da8f26a9a3bf2598aebe47593bc742df946abf4dc31a8c6e92b8c30f1e03209fcc8cd6daea2565997eaf376af50714f0e51963b7ba6551cfb974698dbf03f6b7fd9040e2a1f2b9e63474f137b92ab8e66b08eff260def824b0779ca4acbe988880c45784ac2bf5a399a8d611ad2ae752ab781d820aa98273eef66c8a34a88b712e244c951c6e44099f194acc81d54554ff90b96729ecd684975e2959d29ae386b48fbd07311046d2f368699507500a7a54c89a2bcf06e736781d4b85c21888e578ced6903d9c2bc0145a4bf1f6a38955a1139d0f1cbea98eed6621e83bb65dcbf2b11e57a2270ac243de29a81641dfc8914c4838703a7c0aaee00ce3c0d47f32e487628acd89cf8adbb589b0ac0e9a142e1fce568b4621d68287105df5007dce31a57e7a574ae76e74b9f2b547b82362874c671786703c42edaaa1ef387c83c82d6fa735962d56ef2d53beed2123fe4a78b5f9c5da33929049d8ab6d8e20f853bd7048013a8044f112d26c78e67bc5aa406439be55a007e4f55f9cc933af6e8adc6b2be382d304d8aa5e6d0bbd270ff0e247de17995018400ed2ad8399e6af40d39c273a5a42496b7f141e11c0f6df3cbf55fb4d26e94a630ca5a009e14c91efa50570f6e95de6ce66484764fd23384282c93151b321e7561709ee95bb025585ecb6d1a0f437c51dada5dc6e83194bbd07edf1fc1fb10a2087c6b5d109b71f6af9f9dcf9449f8c68c849532f3597d0dfa354110bca6c8279cdc8f12a50e1be35a7d84c337a2c05ae9a13a134e3288a84c40d908c9cd44641c3c6ff45819c15f5b192cbc8494795635147d4b73c51fe1aab66f92dd816aa06e4beda3dfe9f93d8d99e5f9d85ffcb414f9032e734d0ff8cbd7cbe0b1bc7eed7a9d6e28a7c071b9137173e23e3ba3a86932dc991d047a054a33f22e648d4a2bd4c13ec2c0eb4df0d8023297f0a53374db5000967ad52cc1a49c28e87195267fae21bb9cacf587e5f0117daa8781c8de40ce3b74d34c89f3c68c3877b9f6bd1d5c5d2d27b0c89956666cf5f4dc0f72b876f61d6706b00575516a51efa8ccbbb5c7bd6ffaf0966a0004dc5f4230c6684fd89f05cbc22133174339324abff2cd5058514cf1547bd7d48ae7ae44ea8f62d97d419bae8ced936604845e768f123baf215bbfbdceb40f37c36e26432b4a6968a20ec6e15876065a641f9ca3b03c55244435d2a948bbb84e2a20df0c7b6a8a185bc6d6f864c99b4c2f8a8f5eae4a6d64ec85fee27e8b29f30323cf71556033663919c8b29439f6aa2de9f2fc59320fd2730351d020e5410cdc34b75b9139ec3cf110a010d500dfe57c279e903b39de48026606d9787a6a5898b91c3c9075e4479cd4f949f459503bec33ad52f4880008343a8aceafda2537ba893a60a4ea4447b3332de90a21c7977ad45e6f99dd8373a591ce470571a402bf23de0783cd6363b719ae8c0a5e8a3605649121b0c56c991a32afa3d09b303d779a4890d09e6fa3c4dcc78cd3980ff0011dfcc98708f4c44a1c3af76eb245f23171ae5dca0b6416898f22a7ff637fefb6927df84e4bfc71d51d5be78cda7cb5ea01ef20fdb902d1b8e968d5f2c5b9b2737b319bb3338216e4ead98bf680bce5c9a44db6f16e95571626994d1507236633dc3c893e99c44f92990e20dc658941b35a967780d29834e6e05ec59540d6fbb33bd784dcfbea5a88deb48ffade4e6d8f521166e037ede33115947a26886336206499ddf91f635ee50afda10a760263bd5025db8e9820794b00c3a7d319df7f6bbca79eedef061908f205fed448129f99bd6c5f14cd425ec3a628492c2233589ee80c5f9cba4d019562a64b8182447a47730f18b38993ad5745a772e06a8f06b9a001f2979dabbbf0f20478456cee666cf712d8c8f9c16bca677341a76427975c9351472a75c13bd3e97a133e697374cc05e4aebea69bc500eae91e08bff1bfef1c4caf23bb195b32f5eacd51da9a449a11c02c1b260d0f688099666989f6b17a181adcd93d1dc6a2c5e46801244ee6d46a2f67d3a802765e698a6696d2cffd61500e56a3d606ec7ac99997815d8ef11c924842ef571446115fc71949862a6de80eb0bfa15d9cda693ff81305408b7659efe5ff3e2c75ac78adcd91daf120305da05c8f1d9e7aa37cacd0f49d2416bba4230848d8da2bf739b902eb0fb43d8eb7384da788e30554c4da8fa0b3867adc01bb24acd570f1d9e68eacaaa4d1ce20bde4c5f3a0b391c7e7e204575d1592498ff410b6dcdbd55eff1edb0eaa0d04593abb66acb65c7d66fd98be88b35b76e6bb3aaae5148de9784572758471c89f78d95d37a5742b4fa607a08ec9a938ed795a37bd1d3d835ede37fa72be5551da9b5296eb47251fea571ba377f818af7c38331865d4e84d539745d57dd3db7103f58942526db3c019d783aa4107411398b9ff4070fc0fa6a7bfc5e39f9c6d4b00027c5e2e0b76717e0920fadbbda9f67be41225c5b21e46a4a2f1027d1d1a28b6bf5296791499027c183586ce99f76442e39ae417dd51b5d36183db627635641fc9e77ba7d544b334a4c5ee38fdc94e11bce0c89f3ddf76c6466a5954a63926bcab40ab891dcc38dfd6d4d43fb710a7457b80e3c0549bd12cecd8bb89e7612c850", [[], [], []]}, 0x1358) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000080)={{0x8396, 0x6, 0x20, 0x40, 0xf1, 0x3}, 0x3f}) [ 668.041563] should_fail.cold.4+0xa/0x1a [ 668.045635] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 668.050749] ? __lock_is_held+0xb5/0x140 [ 668.054818] ? __kmalloc_node_track_caller+0x47/0x70 [ 668.059930] ? graph_lock+0x170/0x170 [ 668.063749] ? find_held_lock+0x36/0x1c0 [ 668.067826] ? __lock_is_held+0xb5/0x140 [ 668.071912] ? check_same_owner+0x340/0x340 [ 668.076251] ? rcu_note_context_switch+0x730/0x730 [ 668.081184] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 668.086465] __should_failslab+0x124/0x180 09:00:47 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0xce7, 0x0, 0x0, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958004e63f06da85422d63bc7d0db26"}) setsockopt$inet6_opts(r1, 0x29, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000000000000f00000000000000000000000000000001000000000000000000000d7200000001fe80000000000000000000000000000bff020000000000000000000000000001fe800000f600000000000000000000bb0000000000000000000000b846f905"], 0x68) [ 668.090708] should_failslab+0x9/0x14 [ 668.094513] kmem_cache_alloc_node+0x272/0x780 [ 668.099105] ? __kmalloc_node_track_caller+0x47/0x70 [ 668.104222] __alloc_skb+0x119/0x790 [ 668.107946] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.113955] ? skb_scrub_packet+0x580/0x580 [ 668.118292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.123836] ? ip_generic_getfrag+0x124/0x2e0 [ 668.128339] ? ip_reply_glue_bits+0xc0/0xc0 [ 668.132666] ? trace_hardirqs_on+0x10/0x10 [ 668.136909] ? raw_getfrag+0x15b/0x220 09:00:47 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = socket$inet6(0xa, 0x80000, 0x1) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000040)=0x1f) ioctl(r1, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 668.140802] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 668.145819] __ip_append_data.isra.47+0x2248/0x2a90 [ 668.150846] ? raw_destroy+0x30/0x30 [ 668.154579] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 668.160392] ? ipv4_mtu+0x37d/0x590 [ 668.164040] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 668.169502] ? find_held_lock+0x36/0x1c0 [ 668.173581] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.179125] ip_append_data.part.48+0xf3/0x180 [ 668.183713] ? raw_destroy+0x30/0x30 [ 668.187431] ip_append_data+0x6d/0x90 [ 668.191232] ? raw_destroy+0x30/0x30 [ 668.194952] raw_sendmsg+0x1db4/0x29c0 [ 668.198860] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 668.203969] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 668.208407] ? find_held_lock+0x36/0x1c0 [ 668.212482] ? lock_downgrade+0x8f0/0x8f0 [ 668.216635] ? lock_release+0xa30/0xa30 [ 668.220615] ? check_same_owner+0x340/0x340 [ 668.224954] ? __check_object_size+0x9d/0x5f2 [ 668.229454] inet_sendmsg+0x1a1/0x690 [ 668.233260] ? ipip_gro_receive+0x100/0x100 [ 668.237588] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 668.243129] ? security_socket_sendmsg+0x94/0xc0 [ 668.247886] ? ipip_gro_receive+0x100/0x100 [ 668.252214] sock_sendmsg+0xd5/0x120 [ 668.255939] __sys_sendto+0x3d7/0x670 [ 668.259748] ? __ia32_sys_getpeername+0xb0/0xb0 [ 668.264422] ? wait_for_completion+0x8d0/0x8d0 [ 668.269019] ? __lock_is_held+0xb5/0x140 [ 668.273092] ? __sb_end_write+0xac/0xe0 [ 668.277079] ? __ia32_sys_read+0xb0/0xb0 [ 668.281147] ? syscall_slow_exit_work+0x500/0x500 [ 668.286003] __x64_sys_sendto+0xe1/0x1a0 [ 668.290064] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 668.295079] do_syscall_64+0x1b9/0x820 [ 668.298964] ? finish_task_switch+0x1d3/0x890 [ 668.303470] ? syscall_return_slowpath+0x5e0/0x5e0 [ 668.308404] ? syscall_return_slowpath+0x31d/0x5e0 [ 668.313343] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 668.318716] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 668.323569] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 668.328754] RIP: 0033:0x455a99 [ 668.331936] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 668.351326] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 668.359038] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 668.366306] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 668.373580] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 668.380846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 09:00:47 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "b93102000000e30a6cb8acf03bc7d09b2600000000000000000d0000001000", [0x0, 0x2]}) 09:00:47 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = socket$inet6(0xa, 0x1, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000080)=0xc) r4 = syz_open_procfs$namespace(r2, &(0x7f00000000c0)='ns/net\x00') getsockname$packet(0xffffffffffffff9c, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000600)=0x14) setsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000640)={{{@in6, @in6=@ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}, 0x4e22, 0x2, 0x4e21, 0x7fff, 0xa, 0x0, 0x20, 0xff, r5, r3}, {0x7, 0x8, 0xf5a7, 0x9, 0xed4, 0x8b1d, 0x8001, 0xfff}, {0x5, 0x5, 0xdaa, 0x20}, 0x8, 0x6e6bb3, 0x0, 0x1, 0x3, 0x1}, {{@in6=@dev={0xfe, 0x80, [], 0x20}, 0x4d5, 0xff}, 0xa, @in6=@ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, 0x3503, 0x4, 0x3, 0x1f, 0x0, 0x6, 0x80000000}}, 0xe8) ioctl(r4, 0xab, &(0x7f0000000100)="cea1781c9068aaba671070") ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) r6 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x6800, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180), 0x13f}}, 0x20) 09:00:47 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f00000000c0)="cea1681c9068aaba671070") r2 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0xffffffffffffff81, 0x4000) ioctl$SCSI_IOCTL_DOORLOCK(r2, 0x5380) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000080)={0x3a4b1998, 0x36, 0x8, 0x81, 0x3}) fcntl$getownex(r1, 0x10, &(0x7f0000000040)={0x0, 0x0}) fcntl$setown(r1, 0x8, r3) ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0xff, 0x100000000, 0x0, 0xffffffffffffffff, 0x3, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e03d20f016238cbff4c48bedba30ba1507b1bb29ee38b71b351d15ce4ec82000200", "c3174cfe994a4dd11d2a2e1e2a72e0fb4a99938bfe8bf214ff8e583ea7b0003ff510bcddd4757451450c00", "42b08c752b259731fb91ee0e7d7f01374c58009e4ff06da85422d63bc7d0db26", [0x0, 0x9]}) 09:00:47 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = socket$inet6(0xa, 0x1, 0x0) gettid() ioctl(r1, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)=0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000140)=0xc) setreuid(r2, r4) ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) r5 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/qat_adf_ctl\x00', 0x321000, 0x0) migrate_pages(r3, 0x4, &(0x7f0000000300), &(0x7f0000000340)=0x3) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40082404, &(0x7f00000001c0)=0x9) [ 668.388116] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000013 09:00:47 executing program 4 (fault-call:4 fault-nth:20): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:47 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x6000000, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:47 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 668.484193] FAULT_INJECTION: forcing a failure. [ 668.484193] name failslab, interval 1, probability 0, space 0, times 0 [ 668.495489] CPU: 0 PID: 21547 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 668.502853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 668.512206] Call Trace: [ 668.514808] dump_stack+0x1c9/0x2b4 [ 668.518450] ? dump_stack_print_info.cold.2+0x52/0x52 [ 668.523641] ? kernel_text_address+0x79/0xf0 [ 668.528056] should_fail.cold.4+0xa/0x1a [ 668.532121] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 668.537233] ? graph_lock+0x170/0x170 [ 668.541035] ? save_stack+0x43/0xd0 [ 668.544662] ? kasan_kmalloc+0xc4/0xe0 [ 668.548557] ? find_held_lock+0x36/0x1c0 [ 668.552622] ? __lock_is_held+0xb5/0x140 [ 668.556695] ? check_same_owner+0x340/0x340 [ 668.561018] ? rcu_note_context_switch+0x730/0x730 [ 668.565953] __should_failslab+0x124/0x180 [ 668.570195] should_failslab+0x9/0x14 [ 668.573999] kmem_cache_alloc_node_trace+0x26f/0x770 [ 668.579109] __kmalloc_node_track_caller+0x33/0x70 [ 668.584041] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 668.588796] __alloc_skb+0x155/0x790 [ 668.592512] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.598137] ? skb_scrub_packet+0x580/0x580 [ 668.602460] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.608000] ? ip_generic_getfrag+0x124/0x2e0 [ 668.612495] ? ip_reply_glue_bits+0xc0/0xc0 [ 668.616814] ? trace_hardirqs_on+0x10/0x10 [ 668.621052] ? raw_getfrag+0x15b/0x220 [ 668.624941] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 668.629965] __ip_append_data.isra.47+0x2248/0x2a90 [ 668.634998] ? raw_destroy+0x30/0x30 [ 668.638723] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 668.644523] ? ipv4_mtu+0x37d/0x590 [ 668.648150] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 668.653603] ? find_held_lock+0x36/0x1c0 [ 668.657675] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.663213] ip_append_data.part.48+0xf3/0x180 [ 668.667798] ? raw_destroy+0x30/0x30 [ 668.671515] ip_append_data+0x6d/0x90 [ 668.675310] ? raw_destroy+0x30/0x30 [ 668.679028] raw_sendmsg+0x1db4/0x29c0 [ 668.682929] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 668.688031] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 668.692461] ? find_held_lock+0x36/0x1c0 [ 668.696529] ? lock_downgrade+0x8f0/0x8f0 [ 668.700701] ? lock_release+0xa30/0xa30 [ 668.704678] ? check_same_owner+0x340/0x340 [ 668.709001] ? __check_object_size+0x9d/0x5f2 [ 668.713512] inet_sendmsg+0x1a1/0x690 [ 668.717313] ? ipip_gro_receive+0x100/0x100 [ 668.721638] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 668.727174] ? security_socket_sendmsg+0x94/0xc0 [ 668.731929] ? ipip_gro_receive+0x100/0x100 [ 668.736255] sock_sendmsg+0xd5/0x120 [ 668.739972] __sys_sendto+0x3d7/0x670 [ 668.743787] ? __ia32_sys_getpeername+0xb0/0xb0 [ 668.748457] ? wait_for_completion+0x8d0/0x8d0 [ 668.753041] ? __lock_is_held+0xb5/0x140 [ 668.757115] ? __sb_end_write+0xac/0xe0 [ 668.761107] ? __ia32_sys_read+0xb0/0xb0 [ 668.765165] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 668.770884] __x64_sys_sendto+0xe1/0x1a0 [ 668.774943] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 668.779971] do_syscall_64+0x1b9/0x820 [ 668.783856] ? finish_task_switch+0x1d3/0x890 [ 668.788349] ? syscall_return_slowpath+0x5e0/0x5e0 [ 668.793283] ? syscall_return_slowpath+0x31d/0x5e0 [ 668.798215] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 668.803582] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 668.808428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 668.813611] RIP: 0033:0x455a99 09:00:48 executing program 1: r0 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x8c7, 0x204300) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000080)=0x1) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, &(0x7f0000000000)) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f00000000c0)) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000001800)=ANY=[@ANYBLOB="03000000000000", @ANYBLOB='\x00']) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0xb0, r2, 0x100, 0x70bd25, 0x25dfdbff, {0x9}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xffffffff}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x50}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x33}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x8, 0x2}}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0x4c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1=0xe0000001}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip6gre0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x670f}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bond_slave_1\x00'}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x1}, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000001900)=ANY=[]) ioctl$void(r1, 0xc0045878) socketpair$inet(0x2, 0x802, 0x1, &(0x7f0000000380)) 09:00:48 executing program 3: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x400000, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x60032}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0xbc, r1, 0x308, 0x70bd26, 0x25dfdbfb, {0xa}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfe4d}, @IPVS_CMD_ATTR_SERVICE={0x78, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local={0xac, 0x14, 0x14, 0xaa}}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e22}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0x21}}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2d, 0x1}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x2b}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3ff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1000}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7fffffff}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}]}, 0xbc}, 0x1, 0x0, 0x0, 0x24008011}, 0x4000000) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x46) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) 09:00:48 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x2, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:48 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x200000000000000, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:48 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x6c000000, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:48 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:48 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$KDGETLED(r2, 0x4b31, &(0x7f0000000080)) ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 668.816790] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 668.836176] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 668.843888] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 668.851155] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 668.858419] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 668.865681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 668.872949] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000014 09:00:48 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x3b00, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:48 executing program 4 (fault-call:4 fault-nth:21): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:48 executing program 7: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:48 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x40030000000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:48 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x3, 0x80005, 0x4) getsockname$packet(r1, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000380)=0x14) 09:00:48 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x4c0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 09:00:48 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x6c00, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:48 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x1000000, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 669.083654] FAULT_INJECTION: forcing a failure. [ 669.083654] name failslab, interval 1, probability 0, space 0, times 0 [ 669.094971] CPU: 1 PID: 21575 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 669.102336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 669.111690] Call Trace: [ 669.114287] dump_stack+0x1c9/0x2b4 [ 669.117924] ? dump_stack_print_info.cold.2+0x52/0x52 [ 669.123114] ? unwind_get_return_address+0x61/0xa0 [ 669.128050] ? graph_lock+0x170/0x170 [ 669.131862] should_fail.cold.4+0xa/0x1a [ 669.135931] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 669.141041] ? __lock_is_held+0xb5/0x140 [ 669.145107] ? __kmalloc_node_track_caller+0x47/0x70 [ 669.150217] ? graph_lock+0x170/0x170 [ 669.154026] ? find_held_lock+0x36/0x1c0 [ 669.158096] ? __lock_is_held+0xb5/0x140 [ 669.162167] ? check_same_owner+0x340/0x340 [ 669.166494] ? rcu_note_context_switch+0x730/0x730 [ 669.171422] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 669.176713] __should_failslab+0x124/0x180 [ 669.180957] should_failslab+0x9/0x14 [ 669.184762] kmem_cache_alloc_node+0x272/0x780 [ 669.189351] ? __kmalloc_node_track_caller+0x47/0x70 [ 669.194467] __alloc_skb+0x119/0x790 [ 669.198183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 669.203734] ? skb_scrub_packet+0x580/0x580 [ 669.208075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 669.213622] ? ip_generic_getfrag+0x124/0x2e0 [ 669.218127] ? ip_reply_glue_bits+0xc0/0xc0 [ 669.222461] ? trace_hardirqs_on+0x10/0x10 [ 669.226716] ? raw_getfrag+0x15b/0x220 [ 669.230612] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 669.235645] __ip_append_data.isra.47+0x2248/0x2a90 [ 669.240675] ? raw_destroy+0x30/0x30 [ 669.244412] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 669.250220] ? ipv4_mtu+0x37d/0x590 [ 669.253846] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 669.259294] ? find_held_lock+0x36/0x1c0 [ 669.263352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 669.268879] ip_append_data.part.48+0xf3/0x180 [ 669.273448] ? raw_destroy+0x30/0x30 [ 669.277149] ip_append_data+0x6d/0x90 [ 669.280936] ? raw_destroy+0x30/0x30 [ 669.284634] raw_sendmsg+0x1db4/0x29c0 [ 669.288514] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 669.293602] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 669.298033] ? find_held_lock+0x36/0x1c0 [ 669.302084] ? lock_downgrade+0x8f0/0x8f0 [ 669.306220] ? lock_release+0xa30/0xa30 [ 669.310178] ? check_same_owner+0x340/0x340 [ 669.314486] ? __check_object_size+0x9d/0x5f2 [ 669.318972] inet_sendmsg+0x1a1/0x690 [ 669.322761] ? ipip_gro_receive+0x100/0x100 [ 669.327096] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 669.332617] ? security_socket_sendmsg+0x94/0xc0 [ 669.337357] ? ipip_gro_receive+0x100/0x100 [ 669.341665] sock_sendmsg+0xd5/0x120 [ 669.345368] __sys_sendto+0x3d7/0x670 [ 669.349158] ? __ia32_sys_getpeername+0xb0/0xb0 [ 669.353829] ? wait_for_completion+0x8d0/0x8d0 [ 669.358400] ? __lock_is_held+0xb5/0x140 [ 669.362460] ? __sb_end_write+0xac/0xe0 [ 669.366433] ? __ia32_sys_read+0xb0/0xb0 [ 669.370481] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 669.376007] __x64_sys_sendto+0xe1/0x1a0 [ 669.380060] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 669.385073] do_syscall_64+0x1b9/0x820 [ 669.388943] ? finish_task_switch+0x1d3/0x890 [ 669.393426] ? syscall_return_slowpath+0x5e0/0x5e0 [ 669.398343] ? syscall_return_slowpath+0x31d/0x5e0 [ 669.403261] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 669.408612] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 669.413444] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 669.418617] RIP: 0033:0x455a99 09:00:48 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) fchmod(r0, 0x80) fchmod(r1, 0x45) msync(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4) 09:00:48 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xb00000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:48 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x80ffffff00000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 669.421788] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 669.441033] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 669.448727] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 669.455983] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 669.463236] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 669.470492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 669.477742] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000015 09:00:48 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = socket$inet6(0xa, 0x1, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40080, 0x0) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000080)) ioctl(r1, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:48 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:48 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x80ffffff, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:48 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x2, 0x0, @mcast1={0xff, 0x1, [], 0x1}}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, &(0x7f0000000040), 0x0, 0x20048090, &(0x7f0000000100)={0xa}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000026, &(0x7f0000356000)=0x1, 0x4) fcntl$getown(r1, 0x9) sendto$inet6(r0, &(0x7f00002a0b14)="f6", 0x1, 0x200408d4, &(0x7f000072e000)={0xa, 0x2, 0x0, @loopback={0x0, 0x1}}, 0x1c) 09:00:48 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xf00000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:48 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x34000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:48 executing program 4 (fault-call:4 fault-nth:22): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:48 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xa000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:48 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) dup2(r0, r1) 09:00:48 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0xa00, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:48 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0xffffff7f, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:48 executing program 1: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000300)='/dev/input/mouse#\x00', 0x7f, 0x40cb00) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000000340)={0x0, 0xfffffffffffff29a}, &(0x7f0000000380)=0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000003c0)={r2, 0x101, 0x85b, 0x5, 0x1, 0x9}, 0x14) r3 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000200)="c4", 0x1, 0xfffffffffffffffc) getgroups(0x2, &(0x7f0000000100)=[0xee00, 0xffffffffffffffff]) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) ioctl(r0, 0x1, &(0x7f0000000240)="efdca63a5f5f3f7a4b725bf52b9960fd0cc4e530ac3b0bb20cb8b2c1c7d12cca0955ce30db00838004e7ecf3ff6b9b6622db90b50e6f5a71b1f59e45ab4a3fc5b6d0b939d3c558520e0a2c1795d3ab7c0b1f9e4fe219629f2d1cb0aa0cf250014cf1be8039a809b8f28e45ec9611a32182afd9d3b42a380c4d8791baeae6e53f74166f9335fae68b5ea4d8d04eda1c") setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000000140)=[@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x10}}], 0x10) keyctl$chown(0x4, r3, 0x0, r4) 09:00:48 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0xfbffffff, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:48 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) lseek(r0, 0x0, 0x3) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000000)=0x0) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000180)={[{0x1, 0xeb3, 0x200, 0x8001, 0x7, 0x2, 0xa400000000000, 0x7, 0x7f, 0xffff, 0x400, 0x9}, {0x0, 0xfffffffffffffff8, 0x6, 0x9, 0x1, 0x21b, 0x5, 0xc00000000000000, 0x800, 0x1, 0xffffffff, 0x280, 0x7}, {0xb31, 0x91, 0x4, 0x1000, 0x60000, 0x81, 0x309, 0x2412, 0x7, 0x5, 0x10, 0x20, 0x2430e6bf}]}) ptrace$getregset(0x4204, r2, 0x3, &(0x7f0000000140)={&(0x7f0000000040)=""/233, 0xe9}) [ 669.843948] FAULT_INJECTION: forcing a failure. [ 669.843948] name failslab, interval 1, probability 0, space 0, times 0 [ 669.855308] CPU: 1 PID: 21634 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 669.862673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 669.872024] Call Trace: [ 669.874613] dump_stack+0x1c9/0x2b4 [ 669.878230] ? dump_stack_print_info.cold.2+0x52/0x52 [ 669.883406] ? unwind_get_return_address+0x61/0xa0 [ 669.888334] should_fail.cold.4+0xa/0x1a [ 669.892389] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 669.897484] ? __lock_is_held+0xb5/0x140 [ 669.901532] ? __kmalloc_node_track_caller+0x47/0x70 [ 669.906623] ? graph_lock+0x170/0x170 [ 669.910419] ? find_held_lock+0x36/0x1c0 [ 669.914471] ? __lock_is_held+0xb5/0x140 [ 669.918529] ? check_same_owner+0x340/0x340 [ 669.922842] ? rcu_note_context_switch+0x730/0x730 [ 669.927765] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 669.933044] __should_failslab+0x124/0x180 [ 669.937270] should_failslab+0x9/0x14 [ 669.941061] kmem_cache_alloc_node+0x272/0x780 [ 669.945636] ? __kmalloc_node_track_caller+0x47/0x70 [ 669.950738] __alloc_skb+0x119/0x790 [ 669.954442] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 669.959970] ? skb_scrub_packet+0x580/0x580 [ 669.964287] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 669.969812] ? ip_generic_getfrag+0x124/0x2e0 [ 669.974296] ? ip_reply_glue_bits+0xc0/0xc0 [ 669.978609] ? trace_hardirqs_on+0x10/0x10 [ 669.982838] ? raw_getfrag+0x15b/0x220 [ 669.986715] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 669.991724] __ip_append_data.isra.47+0x2248/0x2a90 [ 669.996738] ? raw_destroy+0x30/0x30 [ 670.000448] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 670.006238] ? ipv4_mtu+0x37d/0x590 [ 670.009858] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 670.015296] ? find_held_lock+0x36/0x1c0 [ 670.019358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 670.024890] ip_append_data.part.48+0xf3/0x180 [ 670.029459] ? raw_destroy+0x30/0x30 [ 670.033167] ip_append_data+0x6d/0x90 [ 670.036954] ? raw_destroy+0x30/0x30 [ 670.040660] raw_sendmsg+0x1db4/0x29c0 [ 670.044547] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 670.049641] ? zap_class+0x740/0x740 [ 670.053370] ? find_held_lock+0x36/0x1c0 [ 670.057430] ? lock_downgrade+0x8f0/0x8f0 [ 670.061566] ? lock_release+0xa30/0xa30 [ 670.065529] ? check_same_owner+0x340/0x340 [ 670.069842] ? __check_object_size+0x9d/0x5f2 [ 670.074332] inet_sendmsg+0x1a1/0x690 [ 670.078126] ? ipip_gro_receive+0x100/0x100 [ 670.082440] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 670.087963] ? security_socket_sendmsg+0x94/0xc0 [ 670.092706] ? ipip_gro_receive+0x100/0x100 [ 670.097022] sock_sendmsg+0xd5/0x120 [ 670.100728] __sys_sendto+0x3d7/0x670 [ 670.104521] ? __ia32_sys_getpeername+0xb0/0xb0 [ 670.109198] ? wait_for_completion+0x8d0/0x8d0 [ 670.113794] ? __sb_end_write+0xac/0xe0 [ 670.117767] ? __ia32_sys_read+0xb0/0xb0 [ 670.121816] ? syscall_slow_exit_work+0x500/0x500 [ 670.126651] __x64_sys_sendto+0xe1/0x1a0 [ 670.130704] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 670.135726] do_syscall_64+0x1b9/0x820 [ 670.139599] ? finish_task_switch+0x1d3/0x890 [ 670.144084] ? syscall_return_slowpath+0x5e0/0x5e0 [ 670.149001] ? syscall_return_slowpath+0x31d/0x5e0 [ 670.153940] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 670.159298] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 670.164134] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 670.169311] RIP: 0033:0x455a99 [ 670.172482] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:00:49 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:49 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x300, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:49 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = socket$inet6(0xa, 0x40001, 0x2) ioctl(r1, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$BLKSECTGET(r0, 0x1267, &(0x7f0000000040)) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x400000, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000700)=@filter={'filter\x00', 0xe, 0x4, 0x3b8, 0xffffffff, 0x0, 0x0, 0x230, 0xffffffff, 0xffffffff, 0x320, 0x320, 0x320, 0xffffffff, 0x4, &(0x7f0000000180), {[{{@uncond, 0x0, 0x98, 0xc0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@uncond, 0x0, 0x110, 0x170, 0x0, {}, [@common=@unspec=@ipvs={0x48, 'ipvs\x00', 0x0, {@ipv4=@loopback=0x7f000001, [0xff000000, 0x0, 0xffffff00, 0xff], 0x4e24, 0x2b, 0x2, 0x4e21, 0x0, 0x20}}, @common=@ah={0x30, 'ah\x00', 0x0, {0x3, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @link_local={0x1, 0x80, 0xc2}, 0x0, 0x8, [0x31, 0x31, 0x38, 0x24, 0x1b, 0x24, 0x3f, 0x3a, 0x27, 0x29, 0xa, 0x11, 0xd, 0x15, 0x2e, 0x5], 0x1, 0x4, 0x100}}}, {{@ip={@empty, @multicast2=0xe0000002, 0x0, 0xffffffff, 'ipddp0\x00', 'team0\x00', {0xff}, {0xff}, 0x5e, 0x2, 0x2}, 0x0, 0xc8, 0xf0, 0x0, {}, [@common=@addrtype={0x30, 'addrtype\x00', 0x0, {0x10, 0x20}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x2}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x418) ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000000080)) ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) r3 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={0x73, 0x79, 0x7a, 0x2}, 0x0, 0x0, 0xfffffffffffffff8) keyctl$restrict_keyring(0x1d, r3, &(0x7f0000000640)='trusted\x00', &(0x7f00000006c0)='keyring\x00') ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f00000003c0)=0x0) capget(&(0x7f0000000400)={0x20080522, r4}, &(0x7f0000000440)={0x5, 0x4052, 0x8, 0x7fffffff, 0x25a, 0x7}) ioctl$void(r1, 0xc0045878) r5 = getpgrp(0xffffffffffffffff) fcntl$setownex(r1, 0xf, &(0x7f0000000380)={0x2, r5}) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000001c0)={0x401, 0x0, 0x8, 0x80000001, 0x7f, 0xfffffffffffffff9, 0x8, 0x8, 0x0}, &(0x7f0000000300)=0x20) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000340)={r6, 0x9, 0x4, 0x10001}, 0x10) 09:00:49 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0xffffff7f00000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 670.191822] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 670.199518] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 670.206775] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 670.214038] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 670.221292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 670.228545] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000016 09:00:49 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x5c5b311ff2, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:49 executing program 7: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = socket$inet6(0xa, 0x1, 0x0) socket$inet6(0xa, 0x5, 0xffffffffffffff01) ioctl(r1, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') 09:00:49 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:49 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x1f00000000000000, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:49 executing program 4 (fault-call:4 fault-nth:23): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) io_setup(0xffffffff, &(0x7f0000000080)=0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x101201, 0x0) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/autofs\x00', 0x40000, 0x0) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vsock\x00', 0xa821d09313e51684, 0x0) r5 = syz_open_dev$amidi(&(0x7f0000000580)='/dev/amidi#\x00', 0x4, 0x40981) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r5, 0xc008551c, &(0x7f0000001c40)={0x4, 0x14, [0x8, 0x20, 0x6, 0x3, 0x7fffffff]}) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000600)='/dev/vga_arbiter\x00', 0x280180, 0x0) r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vsock\x00', 0x200000, 0x0) getsockopt$inet_pktinfo(r6, 0x0, 0x8, &(0x7f0000001b40)={0x0, @multicast2}, &(0x7f0000001b80)=0xc) ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f0000001bc0)={@local={0xfe, 0x80, [], 0xaa}, @ipv4={[], [0xff, 0xff], @broadcast=0xffffffff}, @local={0xfe, 0x80, [], 0xaa}, 0x3, 0x10001, 0x0, 0x400, 0xfffffffffffffffa, 0x100, r8}) r9 = syz_open_dev$vcsn(&(0x7f0000000880)='/dev/vcs#\x00', 0x3, 0x351600) r10 = openat$vsock(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/vsock\x00', 0x20c00, 0x0) io_submit(r1, 0x8, &(0x7f0000001b00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x6, 0x48, r0, &(0x7f0000000100)="6210598b0c0763119d137c8c54c7dea13d0e45ccd1edd1999e36c8df06d71d48b8f20bc13004afc928ece743c493482c30a516db277214b1b927c3db73fda4b3e567f1a8ceb225ed131f7abaaa31843cb1a1b221dbfdbfea4262c8bea78f48", 0x5f, 0x80000001, 0x0, 0x1, r2}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x1000, r0, &(0x7f0000000200)="935dbf620099939877632f92e087b32ba841e7bd4994a6e9710fefd9f50c482f0d0955800c9fabdbef14e49ed84bfc12ad2d092781ff850106f2075bfaf377b2442775483afcdb72f10ffcc001a083c4859cb78e84c8d20944ce513b9a41d83bc85b1d15468d8c00d9fc1ef9c0fc0a382aa40202c202909ce87b72a032cd26bd86412210d5e5f743207ecc4e268ec6221e2845cc60bd95f73aa6a687d9e306b9d8a6c9a3b918ad28b5569089338f86", 0xaf, 0x8, 0x0, 0x0, r3}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3, 0x9, r0, &(0x7f00000003c0)="a70df5813cb35f1174dfaf6a97506be39cf01bfe9337f2eb83a35fd4828dbff5135b0a407e369b4d34c855b8cfcd4ab548db2ec645a4b3a3132a4a64929063adf537bec58067f43fa8fe27b76a4dd24a2988e4ee91e0433e15923a54b34439532852792329f9da19fca6825890695b29bdee57cbd941ff433ead4904ae5ed5bb1c3f68477a086d2e0e5b87ae12", 0x8d, 0x4e, 0x0, 0x0, r4}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x9, 0x800, r0, &(0x7f00000004c0)="69ce17b3b7a227c2cb5cce6aace5d91df41c1d871501d21d0bf1b363b8aa3866ab03e28a36c678656a9a0b7eb3fa6979dff324a7e849776cd8b98a8bd948cbd22a7e214c61457814c13f963890425877efef5f3916636072e11280a879a79d01980288a0c4fc25f16b033176f2a8f2e2bdedeb64d090224b8266aca0d578e81f1c3a442dffc4391c0c1a4c17f97a5b5fb756395a566dcad705be6236434814e6df8c78a554085f22b9d1e8ee8a83ebdba9c0ec51ca86a0de50", 0xb9, 0x81, 0x0, 0x1, r5}, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x6, 0x1, r0, &(0x7f0000000940)="f70e662c900ff41b478aae34b9ea6a008cee9e7c92c06815cfd6f682356a2809594b942bee2fc2c5d42bab404cf30465e1c5e0c1c9a9c2515dd55cb441d4106ccf61af8a490c19e663a573b56b39062fc86827ee55fd2d3da34f4c043503bab72fec02055ebefa65b96487f8428bce35b64cf164473b1652db7fb303e38b4515ade67a38733557d956a02646f5c48f5e24a7c909c986ae00fb6c1c982fccc6c4a6c30b9a34db64308e61f666021caea26001963f7ecdcbf7a527f418b2d67c1e0154dffe089d9d1dd8a6c4eb560a671c40d7b7c9e70e8d502153d2267407d93cf7de3c4e2900b3d26fa4f22fe4b59d953299fc913ffa64f04fbd20f98f064591b43e21feb872e4f6d916fbd9e9c6f64a97eb4d0e2bb8c65e6819d4d7bd9ed8fce0cf2cb30ecc151c59082a1ed4ae8e5102346491d27087532e3054682ea3bedea7e0081f6f12ae71af329179f3a91c8b753c8fbde5d1bb2c3068cc7c99b7994c8c5d3c9ec2c4e2932436abc120f62df942055b262978b836fc1511a2b1ab5ae6e86eee19261397e5bc88658d20d8a7629dc2e74d557e260a3c0e4b5eaca1c772e95a6d416e3320b97eae6686120fc0ea6b8f0d83060d95efbb68aac2382c9ad0efc1470f53400d612f36694d90a1c6dc5717b83f70e9af1ec5524e62ecee0cf0bd04d4dcba5312bfc713fbc50931f5c4a1c86f5e9aac665f72441ddb4e00f0e2c3325d35ad4c15b10849387b59465d7eeb0aabecd5be30462d1d5f10c0c9536ff0ecf4ac31e489af4df29cc0b2665ec54dab56cd925faef9187592d57becaa8bff5fab093cf3f2fabddfe32ce77ab34a5c916f309fd45b60be94e499aabdda1399db6820ccdaec02b6df9d866603b7253a2ad9cf5e2ad9b16a1ab9e12c48008644d7314a56eb3d8d61a7555d96b6113cabc82fb8c2e964f4bb193ca761314477c34c4c315a6e658ab0afc4b698b3d18fda1048c23e9c71c309cbb39c89cdc7efd76e946b4200724f534261ec4d0762501ce0258f4a6a92e9e1e3394cd8d6b773c2d24f2c75c7c206bfec9844267c4d3197860e9d6369530d2be4ac2b91cff59b88ac62a43affdcf5c169aa1ff7fda350e45a71db037944bad8fc62ea52d5655ed3cb08b38972dc09edf108b51a28e59346a7b5dbbbbe35ab02201910c88ba356a38afa7fcd45321e9e0aa5768b1982dc24fbf0eb04a0e341b7ddd972332d0c67887d8f28a384cb3577b96ecd60a00872ffe6ea93d89339551b8ab65a243f0098f567dde89b734633ba94398e8fba9902bba86803bade3f6bbdb61083015594b91db4e79fca715a14264c9230507dbdb9b3530a3202159a96f27c2c5d6e32005dec17ae0b87212f95fab58cd392b7c60af43294bde3fa376e6465e51298a8ee4abf0bf94ca2e14f4f7147705a2480385436a91fa5ab9bd2ff140a4b45e6edee368b05c87dd08323d2bc926abf3b51ba612b953069b1d0ee975e6b2be34c91cd93122b69c51b10db73f14149f28c19b2bc768b0a799d3990a25b3b53f4a32718a3981b84702ece7dfcbffee52242bd50451e13e9942b34a4a562bbe6f3777bfb450e82319e381951ec8aef5933b990abf871346965e6d4cbf852d6ca2f96b410f85ef3931c7861428748b84b68c183054d434b356f474a6d5fa84c69b47a3a46996266b2a5f7acd8fc4ba0e3f7feb49ff14b8ce5877326d118a90ae63ced2a9156951b73d70cef1750759003936126583a87c6e60d3560d399afb396b91b923e0ae1267ceba920879816bac27cc8a9e49a13efc3bc3507d60a68aeeed28c69f7fca183da7913102682afd9c1e3f9b77dc946d4c7071a42472c9d6f2ef48c024091cfbf00726a242042dabf5879ebaee2ea7338bbb430adf9bc572b8e22c8448d748ec5b77f41603f4f8ef47f7971f059b029a7b8e7d982dca9e16c2a77f23859d8f281b72494082a650e0ddbddf01acce0a0805d35177cd42ae8ecdaab091fef7ec37ae8f3d7c3ddb9ea5a8be5577c48579f14cf4edaad0d45a762c813f465daa8d83dcb02b579680c6a4ec3f4cefd166b955251b646dbee90da241316250a1b286fdab4890c3e5b48d217d847ddf59c903d80af4c6a454533db2beb27d361be4ea265ae82817c938e2ee8412674b595f9b34a2a37c9e88c454f263dc3d25d62024efb8e8e2d901bfc57fadf3f504923aa4fabb5dd8eaea618ffdb373016f9156ae1f5df4e284ad741e22a43c0ab530c35c3647de36da19384a7c0d2f022d9f9a1f56d845e967ffd6b04c885b3a30198c31dae6a631b135f545ad93965676027e4b5f225896bfd55983b4b2b66c8ac99846d22ea68f4839f88d13af1286fbeadde0b09467845f2f0c56b32df67c5bbdb650acdf3862c686539f43d4f2f0d701fe1722484fe1d58aacc448d850bd044aaf8bbc1d2f737591fcbc750423a70c94225edc7f18ad097c778803457cca7d0028c5dd8409b5dd837ad1f9d466efbedeefb83d09c27aeadcc8eeb2794acabd8af0299d7d5f6cdefdc3cda979dbc60ba4ef75f66f021e4a2e5d7e5321e3c78714fad8e348302b4ffa9c5073d37cd69e1a0b9c6c382c2cda6ff1ba9026f98566e349d30c80315affce387f479e35e53e95eee5c404f2704f539a93e6a3c9b9a07730c90b829ba656c8a651af29a121c9afd3946f8277e7341960f2d1bbd331de52a6eb97df93fcbb22af2086a40b868093d69436e95548c15c57a4829b3dcd751a82116c7be76263faf47f0fa54a8ab522f6a2bc24d34e66bb8f32d74b7c120662049882a0c5e80f9028c386f047743291c9d7972e666ff61bf2dd9a32e32543caae3a64bfc0806a4c2b0655be060eb964fc50645cc185f3b912108aa829eea43448e0f531f77d5bbf374f0b43b88128581873f65da8a6f36fb468a9d8c6bb97726e34ab11d36fcd233c0fcf9484346939abe8843bd8f4010487cdce08414c20671dd39760fed0712d9db47942a42fa15bcd602df4a8492428a127035a05714e9e3123986771810903a89cf7c2e0ff9fc09c2081f46574a8169e160f932eb5b3f454de5fcd5b62d1a5a95ea644cd32c324f0b6398cc2289a3f30c1d4b2beb0b753f01cdc15202f5209a6d3a1a19d6b6d0f39d8f9b2554f623abb30f76adf8a944164c189625694846c012cd67da1f21474ad63badb4775bd5913ed763d5cd24ddad8abf64dbdbe99fea9068cacc9df1021bb6ececc442fbf66a2de244c3a51cc7fc5a93faccf880c474855f57d98f0e0a24b7b294513cd08087380275bf0bcdbd7e3c49125c12e48f02c397ccd8fd35fb9d14ab3b3bedcec44bb3f554c5ef144820f797c9df1a6777be6719234e8002b102f5aed69ebd9bd4a0c502db41d61ba91756aed8d518746e7f64aa0df1001262e0427929a85bbbf6681fbbedb8a68048aa97f68b21fb56f347711f97c69cccfbf80c1067bea25c2c36039859fda24160cf80d367ae7b1e6d2ae78601aa7ed56a649c411de856f72fc9d8d777b6b3dd29dd8456b9568bc08189c5a6aa88c992a77d5c45401499abde55ed2e8a9af8044bb5035335ed7f2985c899a8171c3ed76146f1f954b868f0af1933b91ca6a3ef9a24327daa63ea81aa3d5a2837ec6ef84b32281ce12fb26438b8a1fa1618f9f52f53ade2bef2d136d20cc0a707ec0235ea5af8af2f785b74a3bcdb67c5ff2c3adfde435fa74342929074b00fd5b5b186630d263d63e13e55f899c6119bc139c4463f1148ce4e74788f4990793d64535b9c3157bb8962454e6fb509023679ab7839462bf49660a52eeeb664180330ff391b0633dbb31b610c9e6f2351a3ab89a23dd932832055c5b436087d97c39cf8b8fe37d25f1eec40bea87f9a1d2658be68b87d9d23b936f9e731b898550586afb0e6ece5a39d10a00d2962e9bfd895e409d8f562581af641b3057440527a5ec72b5357199c1f5776221c92e5e5d30328b3176314b34b57ae888a1c544dd3f25d74e237b3cea3fe5a0e2d5e4dd1d52f96b20e984abe424a77f9244b8509d5353a4140058e5b96354ea7c711e4247dd410dfe3741a5c8b0b62fb5e3425a53363f12f5595cb3023e93f38fcbe57f4d27bd17983bea121095c6102c97ef81eeb2ad043e8fef1a5990b1ef400c74b0638493110d9d87b69189b46d451324cd6da34afa7154df16630842e6979a2abb8def3444759129dfcbbce82d9ca0589469f23ad3aa433880821ddf09a55fb0a59d999b7a2cf54e6aa343760ae3d0d29a80f276b2149fbf6c7cb15f1ef4f5173860eab07f75b7ee271c4996694549a8180867461e002e505ca16bd526ee9090d9a501da028fbd32a804a9b75e44d0418e78f52d89218b3a5329ba24edd5163f4cc0487cf8652668e6c242fbfdb98f304f7599fc23e306bdd8bd3dbf5564f127910a3ce3a86f64359c348165fd47061b9fb40bbac7225d56d6f15f3fb121491ed414cd7528b53881376930e6be97657e68ee141731cababda8250bcc09abb6b790e37e520009696e0b0986b41f101c06f52f23a7f1b6bd288abe2730fea912c9912d6076e8f8658ad99aa7216bedd29b1816e907aa855804f00ddf9247b7291172408d8e7f47ab67c5656955680e4e67448be2cf453d426106f0d7a86cf6447106021ba9fa46874f08c277043e0a6b46a77b70de522fd8f59968c26a5050478ec252c10179fb934682520dc71897667a1d03648d59e5fcd33496c8a591d64e7213f404eba9110b5d65e6895898096eab9fa53b338b572380a2c7cc53ce83d81b2dd8d3da89b3393c4f781148efbca8f65f46f6af98ddd0fe0781bbf397b6756478cff686fc4d63a88b9c6c37c852f69dfc133a94c35c30756b675ee1d9847c328bcbe78f481b4f66a1dccc7b6e5e540744f447126600525f176e6e7130902e5e5ec27031a6290852e14b6456e6e1eb6d1cd75c737c3245188d083e9ab137d351e84fc3f0afd66f7a1595c3ffceefa6ab0034fd91cd0f26b5c1561758a56472fecad92ef3dce2c4f8f280a544ed701b01deb95d161b4f25ada201155dabd82516d496afc553e359b8b14650f00700b8ebf8b49da4bbcd3413d89031077c78481c07a69eeeaa4f346786780cc39972b8e903166ab6f038c067da2735a84d9d10a71c7a55baa933455a9cec5e35a9183bf023952ef1daa80395edbb4d4837804d82ab6110f92f46107902a1390a4867f7f3dd6dfd8fb87777b6c245b15a1cee82335e34803309e9b51737ae535c9b58b4cbb815b81b624ed92813df8c21d05f85e51181d7ef71ca35ee93a8c45bc836abbe125a7d3764037fdf44407b15783ff0cf81ea4c8528b4c38c81cdfeed2216a63c4ffc56f5bb6a94179f2151ddab75a7479e7e86fd9b267d21cf581a3678b17b782dfe8110ba8a0b5fb729c1a3edf039bc2f3f20360e70c9ff384932714b8e634d3dbd9e4a4abbf859c690e898a720223b2c86431cec5734f98931f59915badf9ca7ea75e41becb03b585e1069c9dde3beeb2eb0550d7787d93a412b63a2a8e3c8128d58b7da8238dec35f56be95f0a6fe52e496a8ed7dfe85e7eb7265df9dfa5a860fee7adf2c29451fdb56dae086ea1bf7d249a690b3d4ed9d5b9e59538b9a11d889680b8a3d6a67df03f221d07373e2a49bf031ce9b8b189035286bde8955e52c083160cd52c84d704fac6c023d9b248e08e16984c7abfb7ba08843787ecdfcd2bc8f0fd1592a2ee3e0bfc871ae5921f8278b9f110ad135e46b9cc03bff8cfc3be590fcfded8594902dc95ac6971fca3a9e202749b2ecfc9b1b70b885d96d56838bb2ac785399570", 0x1000, 0x100, 0x0, 0x1, r6}, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x7, 0x6, r0, &(0x7f0000000680)="6ee42c6e0e5b2bc0da30dd9e4efc2684834db94231529da4faed74bd7cfb85ec242bcab343aea25144f5dcf4edc9fb2e08952762191c72628f2feee27ba020114fe98ca1383bfcd1caef04d996fed22528949df612baf04c2f3dbf67", 0x5c, 0x8, 0x0, 0x1, r7}, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x1, 0x80, r0, &(0x7f0000000780)="d5ffc2c0bf1464cf160b6eddbdafeb959e4c40a3168828b98a9e0fc7e7e412cfaa5220ab22c3162ef88e9967061cd473d4b21267a1147b032ededfa22f505708d7d1fb1e4ae7e03d512c733dc193d6489818172552224b7d5942ab992214d1630f8e87698ef30c000db513bd02b24f654160a5f5b1057e3f769a8b4d1b53f41683c3d2f9579a0f717a3369944dc4e79d7035c7900d788f6e798dcd2309cdc7da1810e03911f01987e334c6e225d731cb0fa55af14fd75ed1c9d68938df18b1dbcf68de189f91605fd75a9ab1b1b092bb208b9bdc451ec7", 0xd7, 0x8, 0x0, 0x0, r9}, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0xf, 0x2, r0, &(0x7f0000001980)="de676920124b7d09cd032eba655843a6bbe16294adc22296db5ea1bc9df765e20bc1c9ab5996e79b653fe4f75cf691dbe95192ead47f1f1896902c32a2dec6c06759710a6bf64a2659f715c68e9c08bcf2c96e33b06215a5bd6b50dd1c559a967b6737babbfdfd2248b5ac40bd4cec5c463815347d373186489eac620dc01942bba1bc15f31f40590cc2dd50a17c49daa6c333b65b91e215bb9dedbb85d26276a6b5a249ab434e686e5c529b457006a19360aa1ef143b3d579ea16d8c1bc535446913ea132e161988c6a16abb93c6b", 0xcf, 0x3c, 0x0, 0x1, r10}]) r11 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0\x00', 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) r14 = socket$inet6(0xa, 0x1, 0x0) ioctl(r14, 0x4000008912, &(0x7f0000000000)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r11, r13, &(0x7f0000007000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f00000008c0)="ba2000ec0f01df66b9800000c00f326635008000000f300f01cfbaa10066ed66b95d0a000066b8c800000066ba000000000f3064f6a644d12e0f017b17d9f066b9e20800000f32", 0x47}], 0x1, 0x0, &(0x7f00000003c0), 0x0) 09:00:49 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x4, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:49 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0xf21f315b5c000000, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:49 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x4c00000000000000, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:49 executing program 7: mkdir(&(0x7f0000001b40)='./file0\x00', 0x0) mount(&(0x7f0000000080)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000000a000)) chdir(&(0x7f0000000000)='./file0\x00') r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) ioctl$fiemap(r0, 0xc020660b, &(0x7f00000000c0)={0x7, 0x9e, 0x4, 0x9, 0x5, [{0x66c8, 0x4, 0x0, 0x0, 0x0, 0x402}, {0x5, 0x1, 0x250, 0x0, 0x0, 0x1000}, {0x3eba32cf, 0x83, 0x2, 0x0, 0x0, 0x100}, {0xfffffffffffffff7, 0x2, 0xffffffffffffff65}, {0x1, 0x1, 0x3b88, 0x0, 0x0, 0x2000}]}) preadv(r0, &(0x7f0000001200)=[{&(0x7f0000001100)=""/248, 0xf8}], 0x1, 0x0) 09:00:49 executing program 3: r0 = getuid() r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cuse\x00', 0x400, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000000)={{{@in=@broadcast, @in6=@ipv4={[], [], @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6=@mcast2}}, &(0x7f0000000100)=0xe8) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r0, r2, r3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) 09:00:49 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xdc050000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:49 executing program 7: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000000)="295ee1311f16f477671070") r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0xffd1, &(0x7f000070aef1)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff, 0xbb}, @broadcast=0xffffffff}, @udp={0x0, 0x4e20, 0x8}}}}}, 0x0) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000080), 0x4) recvfrom(r1, &(0x7f00000000c0)=""/251, 0xfb, 0x0, &(0x7f0000000000)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "8df0d47434cdbcd50af760189e41d163f0fc8a3fcd8091d7e462359ba12143866e68a9028c2ccc7c1fc5ae13c3f188e2e7d7b8b4d32be094067b9571df0821"}, 0x709000) r2 = syz_open_dev$adsp(&(0x7f00000001c0)='/dev/adsp#\x00', 0xf645, 0x80040) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000200)=0x100, 0x4) 09:00:49 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0xfffffffb, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:49 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x6c00000000000000, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:49 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0xfbffffff, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:49 executing program 3: getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000000)={{{@in=@loopback, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@broadcast}}, &(0x7f0000000100)=0xe8) setuid(r0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) 09:00:49 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:49 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x1f000000, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:49 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x100000000000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 670.758424] FAULT_INJECTION: forcing a failure. [ 670.758424] name failslab, interval 1, probability 0, space 0, times 0 [ 670.769734] CPU: 1 PID: 21704 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 670.777094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 670.786439] Call Trace: [ 670.789031] dump_stack+0x1c9/0x2b4 [ 670.792667] ? dump_stack_print_info.cold.2+0x52/0x52 [ 670.797859] ? unwind_get_return_address+0x61/0xa0 [ 670.802791] ? graph_lock+0x170/0x170 [ 670.806615] should_fail.cold.4+0xa/0x1a [ 670.810681] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 670.815788] ? __lock_is_held+0xb5/0x140 [ 670.819851] ? __kmalloc_node_track_caller+0x47/0x70 [ 670.824956] ? graph_lock+0x170/0x170 [ 670.828766] ? find_held_lock+0x36/0x1c0 [ 670.832833] ? __lock_is_held+0xb5/0x140 [ 670.836904] ? check_same_owner+0x340/0x340 [ 670.841229] ? rcu_note_context_switch+0x730/0x730 [ 670.846162] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 670.851444] __should_failslab+0x124/0x180 [ 670.855686] should_failslab+0x9/0x14 [ 670.859489] kmem_cache_alloc_node+0x272/0x780 [ 670.864073] ? __kmalloc_node_track_caller+0x47/0x70 [ 670.869183] __alloc_skb+0x119/0x790 [ 670.872897] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 670.878432] ? skb_scrub_packet+0x580/0x580 [ 670.882761] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 670.888299] ? ip_generic_getfrag+0x124/0x2e0 [ 670.892798] ? ip_reply_glue_bits+0xc0/0xc0 [ 670.897126] ? trace_hardirqs_on+0x10/0x10 [ 670.901367] ? raw_getfrag+0x15b/0x220 [ 670.905254] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 670.910275] __ip_append_data.isra.47+0x2248/0x2a90 [ 670.915312] ? raw_destroy+0x30/0x30 [ 670.919038] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 670.924842] ? ipv4_mtu+0x37d/0x590 [ 670.928474] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 670.933924] ? find_held_lock+0x36/0x1c0 [ 670.937996] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 670.943892] ip_append_data.part.48+0xf3/0x180 [ 670.948477] ? raw_destroy+0x30/0x30 [ 670.952192] ip_append_data+0x6d/0x90 [ 670.955988] ? raw_destroy+0x30/0x30 [ 670.959703] raw_sendmsg+0x1db4/0x29c0 [ 670.963602] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 670.968702] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 670.973136] ? find_held_lock+0x36/0x1c0 [ 670.977205] ? lock_downgrade+0x8f0/0x8f0 [ 670.981353] ? lock_release+0xa30/0xa30 [ 670.985328] ? check_same_owner+0x340/0x340 [ 670.989653] ? __check_object_size+0x9d/0x5f2 [ 670.994154] inet_sendmsg+0x1a1/0x690 [ 670.997958] ? ipip_gro_receive+0x100/0x100 [ 671.002286] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 671.007827] ? security_socket_sendmsg+0x94/0xc0 [ 671.012579] ? ipip_gro_receive+0x100/0x100 [ 671.016903] sock_sendmsg+0xd5/0x120 [ 671.020617] __sys_sendto+0x3d7/0x670 [ 671.024424] ? __ia32_sys_getpeername+0xb0/0xb0 [ 671.029096] ? wait_for_completion+0x8d0/0x8d0 [ 671.033684] ? __lock_is_held+0xb5/0x140 [ 671.037758] ? __sb_end_write+0xac/0xe0 [ 671.041744] ? __ia32_sys_read+0xb0/0xb0 [ 671.045808] ? syscall_slow_exit_work+0x500/0x500 [ 671.050652] __x64_sys_sendto+0xe1/0x1a0 [ 671.054719] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 671.059737] do_syscall_64+0x1b9/0x820 [ 671.063623] ? finish_task_switch+0x1d3/0x890 [ 671.068116] ? syscall_return_slowpath+0x5e0/0x5e0 [ 671.073043] ? syscall_return_slowpath+0x31d/0x5e0 [ 671.077979] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 671.083344] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 671.088191] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 671.093376] RIP: 0033:0x455a99 09:00:50 executing program 4 (fault-call:4 fault-nth:24): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) [ 671.096554] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 671.115935] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 671.123644] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 671.130911] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 671.138180] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 671.145443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 671.152708] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000017 [ 671.198012] FAULT_INJECTION: forcing a failure. [ 671.198012] name failslab, interval 1, probability 0, space 0, times 0 [ 671.209352] CPU: 1 PID: 21707 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 671.216713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 671.226054] Call Trace: [ 671.228632] dump_stack+0x1c9/0x2b4 [ 671.232250] ? dump_stack_print_info.cold.2+0x52/0x52 [ 671.237423] ? unwind_get_return_address+0x61/0xa0 [ 671.242337] ? graph_lock+0x170/0x170 [ 671.246126] should_fail.cold.4+0xa/0x1a [ 671.250175] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 671.255298] ? __lock_is_held+0xb5/0x140 [ 671.259344] ? __kmalloc_node_track_caller+0x47/0x70 [ 671.264430] ? graph_lock+0x170/0x170 [ 671.268219] ? find_held_lock+0x36/0x1c0 [ 671.272270] ? __lock_is_held+0xb5/0x140 [ 671.276326] ? check_same_owner+0x340/0x340 [ 671.280632] ? rcu_note_context_switch+0x730/0x730 [ 671.285545] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 671.290806] __should_failslab+0x124/0x180 [ 671.295033] should_failslab+0x9/0x14 [ 671.298818] kmem_cache_alloc_node+0x272/0x780 [ 671.303386] ? __kmalloc_node_track_caller+0x47/0x70 [ 671.308479] __alloc_skb+0x119/0x790 [ 671.312176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.317701] ? skb_scrub_packet+0x580/0x580 [ 671.322011] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.327536] ? ip_generic_getfrag+0x124/0x2e0 [ 671.332019] ? ip_reply_glue_bits+0xc0/0xc0 [ 671.336327] ? trace_hardirqs_on+0x10/0x10 [ 671.340551] ? raw_getfrag+0x15b/0x220 [ 671.344423] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 671.349427] __ip_append_data.isra.47+0x2248/0x2a90 [ 671.354430] ? raw_destroy+0x30/0x30 [ 671.358138] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 671.363923] ? ipv4_mtu+0x37d/0x590 [ 671.367540] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 671.372975] ? find_held_lock+0x36/0x1c0 [ 671.377035] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.382561] ip_append_data.part.48+0xf3/0x180 [ 671.387126] ? raw_destroy+0x30/0x30 [ 671.390828] ip_append_data+0x6d/0x90 [ 671.394611] ? raw_destroy+0x30/0x30 [ 671.398311] raw_sendmsg+0x1db4/0x29c0 [ 671.402189] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 671.407280] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 671.411688] ? find_held_lock+0x36/0x1c0 [ 671.415740] ? lock_downgrade+0x8f0/0x8f0 [ 671.419873] ? lock_release+0xa30/0xa30 [ 671.423833] ? check_same_owner+0x340/0x340 [ 671.428141] ? __check_object_size+0x9d/0x5f2 [ 671.432624] inet_sendmsg+0x1a1/0x690 [ 671.436409] ? ipip_gro_receive+0x100/0x100 [ 671.440715] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 671.446239] ? security_socket_sendmsg+0x94/0xc0 [ 671.450979] ? ipip_gro_receive+0x100/0x100 [ 671.455286] sock_sendmsg+0xd5/0x120 [ 671.458983] __sys_sendto+0x3d7/0x670 [ 671.462770] ? __ia32_sys_getpeername+0xb0/0xb0 [ 671.467426] ? wait_for_completion+0x8d0/0x8d0 [ 671.471997] ? __lock_is_held+0xb5/0x140 [ 671.476055] ? __sb_end_write+0xac/0xe0 [ 671.480027] ? __ia32_sys_read+0xb0/0xb0 [ 671.484085] ? syscall_slow_exit_work+0x500/0x500 [ 671.488917] __x64_sys_sendto+0xe1/0x1a0 [ 671.492975] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 671.497978] do_syscall_64+0x1b9/0x820 [ 671.501848] ? finish_task_switch+0x1d3/0x890 [ 671.506327] ? syscall_return_slowpath+0x5e0/0x5e0 [ 671.511239] ? syscall_return_slowpath+0x31d/0x5e0 [ 671.516157] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 671.521507] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 671.526336] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 671.531508] RIP: 0033:0x455a99 09:00:50 executing program 1: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000280)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xfffffffffffffffb) add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, 0x0, 0x0, r0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x10480, 0x0) syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0x0, 0x40200) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f00000000c0)=0x6, 0x4) keyctl$unlink(0x9, r0, 0xfffffffffffffffd) 09:00:50 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xdc05, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:50 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000180)=ANY=[@ANYBLOB="020f000005000000000000000000a6c7030005000000000002000000e00000010000000000000000"], 0x28}, 0x1}, 0x0) 09:00:50 executing program 3: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f00000003c0)=""/4096) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x0, 0x0) close(r0) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x23, &(0x7f0000000040)={@dev, @loopback, 0x0}, &(0x7f0000000080)=0xc) setsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f00000000c0)={@local={0xac, 0x14, 0x14, 0xaa}, @remote={0xac, 0x14, 0x14, 0xbb}, r2}, 0xc) 09:00:50 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x2000000, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:50 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x4000, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:50 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x400000000000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 671.534678] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 671.553906] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 671.561601] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 671.568854] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 671.576106] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 671.583355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 671.590605] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000018 09:00:50 executing program 4 (fault-call:4 fault-nth:25): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:50 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x48040, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 671.697356] FAULT_INJECTION: forcing a failure. [ 671.697356] name failslab, interval 1, probability 0, space 0, times 0 [ 671.708687] CPU: 0 PID: 21729 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 671.716052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 671.725398] Call Trace: [ 671.727990] dump_stack+0x1c9/0x2b4 [ 671.731622] ? dump_stack_print_info.cold.2+0x52/0x52 [ 671.736812] ? unwind_get_return_address+0x61/0xa0 [ 671.741751] ? graph_lock+0x170/0x170 [ 671.745558] should_fail.cold.4+0xa/0x1a [ 671.749626] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 671.754735] ? __lock_is_held+0xb5/0x140 [ 671.758802] ? __kmalloc_node_track_caller+0x47/0x70 [ 671.763905] ? graph_lock+0x170/0x170 [ 671.767714] ? find_held_lock+0x36/0x1c0 [ 671.771781] ? __lock_is_held+0xb5/0x140 [ 671.775851] ? check_same_owner+0x340/0x340 [ 671.780173] ? rcu_note_context_switch+0x730/0x730 [ 671.785102] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 671.790395] __should_failslab+0x124/0x180 [ 671.794636] should_failslab+0x9/0x14 [ 671.798435] kmem_cache_alloc_node+0x272/0x780 [ 671.803017] ? __kmalloc_node_track_caller+0x47/0x70 [ 671.808145] __alloc_skb+0x119/0x790 [ 671.811863] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.817400] ? skb_scrub_packet+0x580/0x580 [ 671.821726] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.827267] ? ip_generic_getfrag+0x124/0x2e0 [ 671.831769] ? ip_reply_glue_bits+0xc0/0xc0 [ 671.836094] ? trace_hardirqs_on+0x10/0x10 [ 671.840333] ? raw_getfrag+0x15b/0x220 [ 671.844223] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 671.849244] __ip_append_data.isra.47+0x2248/0x2a90 [ 671.854269] ? raw_destroy+0x30/0x30 [ 671.857990] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 671.863791] ? ipv4_mtu+0x37d/0x590 [ 671.867420] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 671.872871] ? find_held_lock+0x36/0x1c0 [ 671.876943] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.882483] ip_append_data.part.48+0xf3/0x180 [ 671.887065] ? raw_destroy+0x30/0x30 [ 671.890784] ip_append_data+0x6d/0x90 [ 671.894584] ? raw_destroy+0x30/0x30 [ 671.898300] raw_sendmsg+0x1db4/0x29c0 [ 671.902200] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 671.907302] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 671.911741] ? find_held_lock+0x36/0x1c0 [ 671.915815] ? lock_downgrade+0x8f0/0x8f0 [ 671.919995] ? lock_release+0xa30/0xa30 [ 671.923965] ? check_same_owner+0x340/0x340 [ 671.928288] ? __check_object_size+0x9d/0x5f2 [ 671.932790] inet_sendmsg+0x1a1/0x690 [ 671.936594] ? ipip_gro_receive+0x100/0x100 [ 671.940919] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 671.946459] ? security_socket_sendmsg+0x94/0xc0 [ 671.951214] ? ipip_gro_receive+0x100/0x100 [ 671.955536] sock_sendmsg+0xd5/0x120 [ 671.959253] __sys_sendto+0x3d7/0x670 [ 671.963057] ? __ia32_sys_getpeername+0xb0/0xb0 [ 671.967732] ? wait_for_completion+0x8d0/0x8d0 [ 671.972319] ? __lock_is_held+0xb5/0x140 [ 671.976390] ? __sb_end_write+0xac/0xe0 [ 671.980375] ? __ia32_sys_read+0xb0/0xb0 [ 671.984433] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 671.989973] __x64_sys_sendto+0xe1/0x1a0 [ 671.994033] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 671.999053] do_syscall_64+0x1b9/0x820 [ 672.002940] ? finish_task_switch+0x1d3/0x890 [ 672.007437] ? syscall_return_slowpath+0x5e0/0x5e0 [ 672.012364] ? syscall_return_slowpath+0x31d/0x5e0 [ 672.017300] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 672.022666] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 672.027516] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 672.032705] RIP: 0033:0x455a99 [ 672.035890] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 672.055269] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 672.062978] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 672.070245] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 672.077512] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 672.084782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 672.092047] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000019 09:00:51 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0xfbffffff00000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:51 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = socket$inet6(0xa, 0x1, 0x94eb) ioctl(r0, 0x4000008912, &(0x7f0000000000)="295ee1311f16f477671070") r1 = dup(r0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000100)="2957e1311f16f477671070") r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4f24, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) r4 = socket(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2=0xe0000002}}}, 0x88) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x29, &(0x7f0000000140), 0x4) setsockopt$inet_int(r1, 0x0, 0x17, &(0x7f0000000040)=0x165, 0x4) fcntl$setstatus(r0, 0x4, 0x40000) 09:00:51 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x500, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:51 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x400300, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:51 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:51 executing program 4 (fault-call:4 fault-nth:26): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:51 executing program 7: r0 = socket$inet6(0xa, 0x3000000000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) sendto$inet6(r0, &(0x7f0000000240), 0x0, 0x8005, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback={0x0, 0x1}}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) dup2(r1, r0) 09:00:51 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast2, @in=@multicast1}}, {{@in6=@loopback}, 0x0, @in6=@mcast1}}, &(0x7f0000000200)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0xc) setresuid(r2, r3, r3) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000000)={0x60000018}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 672.249568] FAULT_INJECTION: forcing a failure. [ 672.249568] name failslab, interval 1, probability 0, space 0, times 0 [ 672.260943] CPU: 0 PID: 21750 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 672.268308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 672.277652] Call Trace: [ 672.280231] dump_stack+0x1c9/0x2b4 [ 672.283849] ? dump_stack_print_info.cold.2+0x52/0x52 [ 672.289035] ? unwind_get_return_address+0x61/0xa0 [ 672.293953] ? graph_lock+0x170/0x170 [ 672.297744] should_fail.cold.4+0xa/0x1a [ 672.301791] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 672.306879] ? __lock_is_held+0xb5/0x140 [ 672.310927] ? __kmalloc_node_track_caller+0x47/0x70 [ 672.316019] ? graph_lock+0x170/0x170 [ 672.319810] ? find_held_lock+0x36/0x1c0 [ 672.323860] ? __lock_is_held+0xb5/0x140 [ 672.327913] ? check_same_owner+0x340/0x340 [ 672.332223] ? rcu_note_context_switch+0x730/0x730 [ 672.337138] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 672.342398] __should_failslab+0x124/0x180 [ 672.346622] should_failslab+0x9/0x14 [ 672.350406] kmem_cache_alloc_node+0x272/0x780 [ 672.354974] ? __kmalloc_node_track_caller+0x47/0x70 [ 672.360067] __alloc_skb+0x119/0x790 [ 672.363766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 672.369286] ? skb_scrub_packet+0x580/0x580 [ 672.373622] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 672.379144] ? ip_generic_getfrag+0x124/0x2e0 [ 672.383622] ? ip_reply_glue_bits+0xc0/0xc0 [ 672.387929] ? trace_hardirqs_on+0x10/0x10 [ 672.392150] ? raw_getfrag+0x15b/0x220 [ 672.396024] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 672.401033] __ip_append_data.isra.47+0x2248/0x2a90 [ 672.406038] ? raw_destroy+0x30/0x30 [ 672.409742] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 672.415545] ? ipv4_mtu+0x37d/0x590 [ 672.419156] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 672.424592] ? find_held_lock+0x36/0x1c0 [ 672.428644] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 672.434167] ip_append_data.part.48+0xf3/0x180 [ 672.438734] ? raw_destroy+0x30/0x30 [ 672.442431] ip_append_data+0x6d/0x90 [ 672.446215] ? raw_destroy+0x30/0x30 [ 672.449913] raw_sendmsg+0x1db4/0x29c0 [ 672.453792] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 672.458876] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 672.463283] ? find_held_lock+0x36/0x1c0 [ 672.467333] ? lock_downgrade+0x8f0/0x8f0 [ 672.471464] ? lock_release+0xa30/0xa30 [ 672.475424] ? check_same_owner+0x340/0x340 [ 672.479731] ? __check_object_size+0x9d/0x5f2 [ 672.484211] inet_sendmsg+0x1a1/0x690 [ 672.487995] ? ipip_gro_receive+0x100/0x100 [ 672.492304] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 672.497840] ? security_socket_sendmsg+0x94/0xc0 [ 672.502581] ? ipip_gro_receive+0x100/0x100 [ 672.506886] sock_sendmsg+0xd5/0x120 [ 672.510586] __sys_sendto+0x3d7/0x670 [ 672.514373] ? __ia32_sys_getpeername+0xb0/0xb0 [ 672.519033] ? wait_for_completion+0x8d0/0x8d0 [ 672.523711] ? __lock_is_held+0xb5/0x140 [ 672.527762] ? __sb_end_write+0xac/0xe0 [ 672.531727] ? __ia32_sys_read+0xb0/0xb0 [ 672.535776] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 672.541301] __x64_sys_sendto+0xe1/0x1a0 [ 672.545357] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 672.550358] do_syscall_64+0x1b9/0x820 [ 672.554229] ? finish_task_switch+0x1d3/0x890 [ 672.558709] ? syscall_return_slowpath+0x5e0/0x5e0 [ 672.563634] ? syscall_return_slowpath+0x31d/0x5e0 [ 672.568554] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 672.573913] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 672.578745] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 672.583918] RIP: 0033:0x455a99 09:00:51 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x4c00, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:51 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x2000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 672.587088] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 672.606327] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 672.614023] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 672.621273] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 672.628524] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 672.635775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 672.643027] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000001a 09:00:51 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:51 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffa011160601cc0dc2652b00140000fe8000000000aafe800000005e233f00ffff"], &(0x7f00000002c0)) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) ioperm(0x0, 0x80000000, 0x8000) connect$inet6(r0, &(0x7f0000000180)={0xa}, 0x1c) r1 = socket$inet6(0xa, 0x1, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r1, 0x0, 0x486, &(0x7f0000000040), &(0x7f0000000140)=0xc) ioctl(r1, 0x4000008912, &(0x7f0000000580)="295ee1311f16f477671070") setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)={0x303, 0x33}, 0x28) sendto$inet6(r0, &(0x7f00000005c0), 0xfffffdef, 0x40, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}}, 0x1c) r2 = syz_open_dev$audion(&(0x7f00000001c0)='/dev/audio#\x00', 0x6, 0x40600) ioctl$ASHMEM_GET_SIZE(r2, 0x7704, 0x0) 09:00:51 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x2, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:51 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x4c, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:51 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:51 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0xffffff7f, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:51 executing program 1: r0 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x34, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000180)={0xffffffff}, 0x111, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000200)={0x16, 0x98, 0xfa00, {&(0x7f0000000140), 0x2, r1, 0x1c, 0x0, @in6={0xa, 0x4e24, 0x2, @mcast2={0xff, 0x2, [], 0x1}, 0x6}}}, 0xa0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000040)="415ee1311f16f477671070") mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2, 0x32, 0xffffffffffffffff, 0x0) ioctl$int_out(r0, 0x80045700, &(0x7f0000000080)) fcntl$getownex(r2, 0x10, &(0x7f0000000000)={0x0, 0x0}) fcntl$lock(r0, 0x7, &(0x7f0000000100)={0x3, 0x0, 0x4, 0x8001, r3}) 09:00:51 executing program 7: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) modify_ldt$read_default(0x2, &(0x7f0000000040)=""/45, 0x2d) memfd_create(&(0x7f0000000080)='selinux&md5sum\x00', 0xffffffffffffffff) mq_timedsend(r0, &(0x7f00000e6000), 0x0, 0x7, &(0x7f0000e0b000)={0x0, 0x1c9c380}) mq_timedsend(r0, &(0x7f0000000080), 0x0, 0x0, &(0x7f00000000c0)) 09:00:52 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x34000, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:52 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x6e09000000000000, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:52 executing program 1: r0 = accept$inet6(0xffffffffffffff9c, &(0x7f0000000300)={0x0, 0x0, 0x0, @local}, &(0x7f0000000380)=0x1c) ioctl$void(r0, 0xc0045878) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket(0x17, 0xf, 0x8000000000000) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000000)={0x0, 0x100000001}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000140)={r3, @in6={{0xa, 0x4e20, 0x3, @loopback={0x0, 0x1}, 0x7c0}}}, &(0x7f0000000200)=0x84) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}, 0x14) r5 = syz_open_procfs(0x0, &(0x7f0000000280)='net/fib_trie\x00') r6 = openat$dsp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x20000, 0x0) sendto$packet(r6, &(0x7f00000003c0)="df80ae07f15e85b31c0b2933c35212ca3417ba8d64e6c18b641d0efb09274c4e9bdf3e13f12a13c60a3f152576312afb87ff5ce293df65ed8befbe1f6dcb9f7d96f24bde9f964f44697d264e989801d5f505b2c86daf947e623cd6f05029f9e20513336439a168d62455923a7864b67df877ccd9bc315561b5bc105edf4a5a41b9297971d3fc4cc712dfcee9a897d71f8fa6e5d68a971226", 0x98, 0x800, &(0x7f0000000340)={0x11, 0x2, r4, 0x1, 0x2, 0x6, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x14) ioctl$LOOP_CHANGE_FD(r5, 0x4c06, r1) sendto$packet(r1, &(0x7f0000000040)="5c92fd3e464d6f44327d66954625", 0xe, 0x0, &(0x7f0000000100)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}, 0x14) 09:00:52 executing program 4 (fault-call:4 fault-nth:27): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:52 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x8dffffff, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:52 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0xffffff80, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:52 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x5, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:52 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x5c5c1fdc5d, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:52 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x20000, 0x0) sysfs$1(0x1, &(0x7f0000000000)='/dev/kvm\x00') ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 09:00:52 executing program 7: bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000040)=0xfffffffffffffffd, 0x4) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r2, 0x810c5701, &(0x7f0000000180)) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$KVM_SET_CPUID(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0100031c6829db206eddae080000000000010100c00000000000000000000000010000000000000000"]) 09:00:52 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:52 executing program 1: keyctl$dh_compute(0x17, &(0x7f00000000c0), &(0x7f00000001c0)=""/190, 0xbe, &(0x7f0000000000)={&(0x7f0000000280)={'rmd128-generic\x00'}, &(0x7f0000000040)="38eb57907c0419d0e16fc83648636896bb756c7a7b65d91938de658feb53645eeeeca600313db08e769f189dcdd2612f5e1f9b4050a70664b9079deee2bdc30a0ef30311da3b0fbf797fcbd2b9ce9c9acbd50afbf48f80349142a71f167aa873334fcb6fd6060b8a6cac26583af963660c1842ef00000000000000000000", 0x7e}) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f00000028c0)='/dev/vsock\x00', 0x5c1000, 0x0) r1 = dup2(0xffffffffffffffff, r0) setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000100)=0xe082, 0x4) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000002480)={{{@in=@broadcast, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@mcast1}}, &(0x7f0000000180)=0xe8) sendmsg$netlink(r1, &(0x7f0000002880)={&(0x7f0000000140)=@proc={0x10, 0x0, 0x25dfdbfc, 0x10000}, 0xc, &(0x7f0000002800)=[{&(0x7f00000002c0)={0x21c0, 0x27, 0x400, 0x70bd26, 0x25dfdbfe, "", [@generic="73c8a471f55e71a86e9c168bbc5f95a55de0", @nested={0x164, 0x3b, [@generic="0f675eca43006512a18c5e058de4dc16192d7c5d28a1bdf3d79734be7a3f6ff176c20049aa6a29b4d4d51acaaaccd73cfcd3514c085223406e475fb392d4578ebc51443aa4d15eb34a82c60d6401951e713e701d591a0b78cb8d88e156c5a72622eb593bc80fd25a79d0e2834cee9cad4ee77b4c3f69ce510a46163bdf8e4751765f46c68e0085f316421269054150328514df2d334d29fa329a69945344d26c0de16a5a3c376c47", @generic="96c8c3046f5aac81e94d5ad025b7a688c8247b54c71184560cfe20d2c2e0ddd18a4aedeb3abe5301c4d7b77f0acedc0988942f01145c9f69ce92823b0e565db56a58203165e74f74e868ce573a620e0626d1d9ed7c0c888e8862f46c5d8f5d07f7b746e4b421741edbc3bacd3eced3e2bfbb4af53bf56387bd17521a2fc7d3e3fcd15a0e589a0e9a1fd8504f003e6be841ec21dde25662c9248a1d527eff30fa6a724bfa", @typed={0x14, 0x3c, @ipv6=@local={0xfe, 0x80, [], 0xaa}}]}, @typed={0x8, 0x4b, @ipv4=@remote={0xac, 0x14, 0x14, 0xbb}}, @nested={0x2018, 0x8b, [@generic="7373a6746245cd35417238959cde8b980ac3df826b1fdca74699fe7888a11d66ab7f959d73d5d3051d77f844610dc1239fa7b318fbb301370360294fce609c629eec7edf8c5e16cdb01b90667208475dfc92c19520f0277c8fd4aee700ee69be5070652ceb04cf500ec287b5250f479532f9c9d99d6df9452294b55cac031efb208cd3134a2d39096e4595b68bd40768b7fe002117029fcf636d9ee04a86cbebd01d12e31f1b539db5cdcc8e078be9c4d5feebf5cae169db2203b038c804466018ad4609e195edc28607e8a9c5cbac8163c44946ae71e7da845778dd3c77fcbfaa5c82730e1c20c2ecbdecf40adfca2f7fbb350de2a664fcfebb2266725318d480e3bcbcbad8f5ed705e0cbda8e4a2d06ede9d5b49386097df0e4a75926f30d8a05de61ff1b27f903a1af18d34d9e6580a7cde49e8f69ce06a1f0d17b6a07dde7cbab22ce3883ce38dc8085071b9bad72aadbed9585d4099199fb73db45984949d6660129f6606625c1e1b005e60352f4c50f558422d1739554f12b93b39ee75c97f23c30c38d68e99676721698e6d793858f91b95b8d1d0d1324a05113856f0b512cf25d8be8b67f3dfc166f1cedcd7eaf0f0d4c3fceddee8a2b9064c5a8cae9b8c7ef5c4a7eaf16f5205c594676d15f29be854603e4a581aa6384e91144094ea311b83a9bd780eab5d45f4eac50685229ec8e0036b24187a32a2a0157efda5f23a8873dbb58824b748b05e5bd6dbd6ebd2feeb838ebcf2beca6d6557b67fc2a8bf2e9e9ab420a18401eb2ccbf4395462bdaf641f22ade903851568f99a15a12905bdf74fdf677326ba7833b22df7bfdd449df3ed127e5b8059fa2af3f97d2e4bd122211f2592820c5134541b40f18f577ce8cb327c0e4cfb5b96a3a27cc6e0afe2ee692d163335b14e9474c6fc5c8e1c7c981e770d6fdaeec2b6368105f00b65b7378579ab8582eb6198bc0d5996528277a8ef16003a1a3ba2c7c2555b8d2c484f1ddbd9934cfba07058df1694f0bea765661b63bded0d8524afb1c8b3638ea2c5ae32829947b99eaf5dc423987cf793ea533386488cdb7b4a3e8f7ab6b1d6a23482e7fc5609d9e546c1a92bff43d2a4dd3053554491ab2868817863a236f38331dbdf81705042f9a77432310437e287f205dd10818ea5f9fcdf28a3c8b4e3b0e530be813fe599a6ef791f48c3c9945c5e12a09eb3db662f4920ea86ca0178a39a0158cce3ffeeba8c17a20e95c9ec0ce92c6b5a7fbd729056c7c6c44b1892ec3e9cda7eb10d4867ede8cb7d88d5d15c8d2bd660caf79e54be654a1544dbd848cea97ca7b4f1fda3f61328ef3bdd1bb923918fe2ba459f21a39f4c1692ed34b8e38948561c62973856a326228a8ada7d3ea76009f0cda14bb32994180509b93eca2873543a4b8675ed451840362c9be69be144eb536a18ebe8b46efd7a89320a62102cf111af80bb3db0305d578e9cc7930946e4e935f27c9f4d0e04b8adde5f22d3f4fa403501fe2d2d16e0d1b8298e6c863c1eccc96ae832f5064771992114a376ae9a88903a033ef0caeeaa4ed68179c53329a6575fcc48908f9e4568bbcfe4d2ed5626d893aedfa87cc061a0ec4aa18684e688d5beb927f26f588e5872ab3b87c6207b2142747c8392bbfda07b509ca3bbfc2c9b10cd7d56e1659229fed619857ab5c73d1e58ccf118770c04b91de6c2968e260f71579d2006216d6a29ecdc45b0b5753c52f156f7ba8c082144b0a1afbcc464695ef2cffa45a2e96a3abc6ba8d5763c257eefdf28f09075932636d6e9a081c41539492b23c71e304291521d215af070d6557983a5c2c793cc0ca9b252262c2c2ceb228300058bea84d6ebe46ee2da30e5d562d57f63a2f4775443c53e36b1e74ebb25addff6c9435f5aef3d9e09d56585671a45f6199ec4692d0c67d6fcf726640c8441cd6b809f80f10b0461c18a337f3da58df1bb8ee1180d98ff372832e7d201fc30580b1ff754241e268007f536cbcf652d5924749071df65b0189748ae201a3f54a5275b6fe05060815a24fbe1c54100479c9ea42e27865de8ba232e912d6d6879b778e37985a7531f3e8f798e14cafe6e402f9cea59771219479f3073e8cda8b81dbc06a59b0e824d7c2d6dd2acd14bda9b77cd77bac7c8e841089f6ddb7a3c552a3d356c4edbf5df52915472c1b8305c531303fc4cfbb5e3ad0414350ff8f919d0bc55b5c785ef33faa8438ec46542c6a9238f16c40115934478d3a7d231898c699768acaeb51f6c389271fd6ec3a96bc61f2cf6df45f6d0818a5c407d714fcfb4f49328f674901c93c80ea6a61f4a34722bc30e3b4884144a45abbf26fcddf39bf6743bc077306bf4326868e8d02e294639dcd720e390a5629fd3bea1b3015a33a0950db18582db5fb21fd9e82458301e93d1a94662ca26b584ca5241918a90d63be30deaf66a2fd6104a0724dc4c10f678d98466d048d9a324184f4ccef1f0de98bdf45d05b299e0681a51b65d4a2b4bd9baa620ecaa2509795908e27a4ea1bc000af77691e14e63f6cfdd8c33472e6ea24a39256cc1b876e1b764e31956506374816d2538d8fa94637a5187004ef0d35dc576f978279eefbf0dacecb6343c0b4c0cfa51816cbd69bbb5f925c210b17dfa0dfcd2e48c090cb9568637b7eecd32e5506f873263172a71fa3395f7f5f4927c876034a026e243bff53a92c9a34a3afd1647e5272cf3f62475919588d25c563eeaeb90033d6ea2a61ab6230e7e0d20107c3c320f212fae38045926bbf9f874d264ff3abeec59d856d983e56d66269b9f33529a52672be840b84a8fe61f7c4b641cfc1a83f6a25709f71d08210ca51c15702ea884f6c9e1995ae41fb1fc4a1452282ed4c2b6ca3029163b6bf5b1ef53a6499bf7816d054a045b1f4ae2c1ea3f602f317ed3799b729288fd4af4adffa6511bcfe0788bff47f06fcc2ee1889680ff5fdae43852209ac4d7631e30b96cadda0360847cc6a3cc5d92ba7e3891cfb4d9c4c7c1196aaec60928907361173beeb2665bd8c7c4de9a602b183e671442e136e19c6b3d15101c3fa70a2b8e11c6b0e7314fe624d4218b864db99fd48f4c6dc914da49fabb716bcacb48c21e153bf3bfea98a0b070750113a38879cd7a442d4d065b8228dfa2b90b7982ca758aadec07fa5b73cbda7f22e6fd7fa32fa2d8515fae6e9a1f66b1709400de476cd9bb72bfa0dc744befead4c071e0ed374a53def9ed9012392a5968b558fb97210c2febaa5fdab3569e157c5002ff5fc425d08224508ffec2a8228915579cb1d5729826236e1a28e80250abbc99add99705a4777fd6819f29522e24603fbc9a1fd2662e3ef3bce096d13288b4168dc0685c04456781234c2fa2d01d26667535ccd94dd0bed03a58a267cda495e6b5c3bb9086dd38eb8cc7997f3abf52c40f3295b877b762a307d54337aa7496902f0b7a7fe423765d2ac80dc3c4e199333a70d4119a997ac4655cb6b8242c20c3f00ad2d0933601bbbc7d2cb97c2f589ada40689aac297dbc8e8de5400a14b43e0e7abf6a1c2974682ffc9aad1e3e17218f49467adcd567a69396c6125dd5e625956719c930fa5dab31e0b1b99190ef7795ef6b456a635b351f9f3368d8926d0e7eb79119810250aa9a98a0b0766c56d3e86dc5eac16fb576ebe265ed91634160e782d052befc4220889d1e8b5a59a3d9a2cee63c21b9e7ae7e0696f234c87e445f6d966ae7b8576cc87f9661025b9eef81827157afab8f0279a5ba34edd57846b157f7b719ae00ef4e0dd23ed95f2d9331a971ba36d7f908cc045299c62a2f1ef3f0ba2b3977163d883f2763d16f4bf9ae60c4e62dbf26d6e2a78fb190227453b17201a4c5735d42857ec7647e2d54b03652220ebe459d5c9383410b54dd5a71d84254aa7ce20a1927cba3f65c49bcbf699d8b851b045bc34e54d0bc39a48cd0c164d993e8a6ea42f08e51377e27a12ee7b47c55bdf0e4f54be15027bba53477f06269b072b76ab6b8477fd622e40befd9f3413f0588fdab1e65731fd25d69d576180f9d3c201d24110a48165d25631fa7545c8cc47e9d1f94d38c09601bca83c7da18391b1aa778c0b830f05be9207adc807ac656921832201f1dacde525e9e4e45a841dad4fb1e003b4dddbe022c14f786ca8fdd3c1c1a18371023e996f9da6cc9ae1531b6ad7aa7f55781bd276aebb912c3205a776ad31d1f105aec8685d8b917bcc82c94414a23124a5fceb688e9887d4c4e748344989a28e6940914140974f2e3a8ebf73129232d037bcba7a26aa36dfbcc61de8612ef6b024e6af3d9ebcae41d70a99162868c5c17959ed2d8c6409575742c636a4f9fa64776649eeb9239ba840f8bbeaba172789bcd56133f0fb759fd15d9ef74f8449d8889ead6231a69995e5e6979f12da8b813925ee97ef91fbd92eb73a3c7b1bbd81da6ec444af887c01d8d862129ce00468d1d994f926072331f839d7650c618f3200982c8f79e316d99fbc9a63cb3cac1cf93183426460b143069b0904be7006528df40ff621497c8d8898c205da5b736c36b7c8c709ca85306cfcf19642c803de78b493c6bc9594f7daad9b1e43353b48013b68b75065b2b6f6c73bb96baf0de46373546fd3a417f3565fd747393a66d66c0f436a746b3e6ac1980e4fffd2e76c7c9a5fac6955a5d993443781b0e5116ced4bdb5ed884c8fca4a30d068452d1c0da7b71225893842393ae88aa5efce660bc5a4b84f22e55bc84355281a3f25b484f0aab18518510c0479f8e4099bc3e894e4d3a7958db8f51e7963c43d3f8178754d36eaba3f5df8507b915de6b7400c109bce8e7231ad0315da7d6b1775b0516d49c3cdc783c2dbe3923b072d080e97c942ed8eb7d19273ac9f84c6525a193ee0a1f082099c5e1ab16c89ceb55cf2497c8604a31f0968f4559d08293ff1794340248747103876c18d21ea769125e4b12d42756ab64749d316d33cf2e3055270605e651429c44c036c4a406fda97f63ebb0439625af4c10b0e12a2198f8bcbb7904f57ee10140f61fcded02d5fa7f285f885f00fe67fa71e7ef3abae4c392e6271bb5a428ea7a00858f7df711b8b57777cdb5e3ffbae078491aebe2c234018b4fb14dab8c2c414c803b43a86513e6d282f4f974c1b28864dd966577ff6f807c636fed8ad936071d565c80bc54aca9b980e141f0eb0fbd4d26c7ddefbac855e8783743ab920abec3113a198290c8aee4c1ec45c03dd7fddc0f1bd82afff72a69621b41911a9216af0d1161875f3fa132dd03e8b6f7c295af1062410518070350fef68cb4e9ba6ca8581dbbf31f840370761da731aa7836c96442a973a3da91805bbb00b6d08e7b5e2cfdf7979a5aec6210479928c5b35d87d6d1dda8c56dbfd1f1dfb049c76f1bd99959a32ffbe46c28e230cdcc88ab9671531cbf7345ae0e4da1142c15cd93fcf24c958a58fe19fedae752746d049e9d20f75cbb2762c0c699eaeb1225b7a3c2d3dea8e2232c0c9ad7e75ef4b81fe76aac0e284993a847fb434f2d54a5ee276861f821dde738e480fd69af4b4c536dfef3b209599730a77e6a93fc5264598e93e0e0d540884eb7aeb694d272d8adb0507b47469c9b368313e723cc975e11b2f8ce139eaa28c4bc25a3a7bf45bae9e6117896a35da56b57573897a072846aed921aa6d9782f608c07d45abbef63d8048aae05ffe46d6a7a891a55025a83b9d6a5e4f298031c5424c41e248a83fc23e9a5a618253a6ccd3bfeda6c3f5fc9c29ba508ae9f7ec90e8482479a6219e24a6dee512379dc472f1388a03b3", @generic="00017af4361b4289593f92121d86ac77a32213e5f8064a899434104e0cdb3c6f9596ed3f5ab63b8d0d224a25a2e8137c503b483c4f8ca7b2be8b803dceccde5c960ed8a79eb2b2f8e17705adb9e2e530dd8a9504132dcc2bacbcaa8091f536436cd6e74733ff07b4ff61ef62859e0522f4a06ecfbccc812bc4042fe67e27dff04eefce0b68afef1bf1d6596ec1d416910aa17c6547916999855288913854a2ee0e0f377d5175fa2421510d819d9a16d94283ac8e284b932e7b674800b9e57717e96c7abe81f828526195f5b069ac2885ba7b2b500dab303137e8e2629761b9e8e4a88b2c789bc999c6e7ecbee54f6479c583ac56aff9486d001d5814e271703aca706467eef6cfbcb3283fecdd26c4fc706c98bf1fce567f3272444dc228f4b45f5805e3c5717ff0375a5514c89e6797a46e135a5d354292680a426820a7848a6e0dd5ded7828b66f8811aa44aab956815fe23097295e60cd9c65117ef7a3fbe70adae5e5db8bdadca9a6a20a8d7c6802c3fe65d13e67533c069ff9e14a7f97f5f21dd585ddffe41f47283a4d6caa9de66f9afb08f02ea739ba60a4b440b32f80890c1fe832605f8e194282385ed19d8cefd4b5713eae9049c07fb4d47c3e0afc38091bae230d07fa967d19627e66f521df121ef274bab9184a0073279de8e44b4465c643aaf377bf491235e57f30f584afb31f56152f17f0f3a7067c60e951353e72e19ee31f0512e7d6303d3d9aff1837551c46634cd766544ce8f1185626267cebcc13f519498cb74558cf602eb324fbaba87366b3d53b025011909c53b9052f5f8fc5149c52bdb8d83e88abfcb2b6954200c7b9bf57c9e8384cd4e9f98956a90f35a25b51f404c6bd86f9e9bf2e2e08492a664a74152e1dae977fbe4465b161a7e40144e7383560b8ea286282449baa85e2de40591bccd75b05171b4263fec3ea04d6241facbeaa053c42e293c10829d95d42c4f51b1b48b15b918bb3086aeb6457e571a9fe9668c6a80eb4ce6d44f314f4e87645b9484d84e4fbd06d6be42ebfc8a9e16669c67dd0fc9068f7098e630aca3f6a448bcce7d235cb2f9e21e678278836b5c7713d11cbc0d01dce7d8960075566581606cb8767e1ce84af0995efe33d2bc8e872f0b5bf5373c3a0a1cdd921fc96c7082cb81aed7edeeb0ebcfdbdae632220005043b9ce4e7696e3e0014fe4ba8f69ab7c64933a26559fbfa969bcdbb0e034a58a9a5dd6f61f4139b0802024f12297b3451b391b89b98924f513be6675718e49879ad37efb115637cebc92975dc7656e0dc8d9873af490bb292578f8635b0706c8a3de819fafd061d3c3e104813e3494ed4913cb8423f6de8adbd31fbf28ceafc1b4c1fabbe90df3b5dc695135864cd4d5f52662a7e27e5cc45f62d89ad2d85a65007077d241967e53db7f19c8c8c898a0143722853d539887829a72f2fc9fb9d2951f7a1a849ccd2b01cb2da8b6e5560141acc6a03d1e28baa5828ba588635010ad3890ca503589d0d8a80ed5a1d681f0bcf138d6e16ca7ebe633af75a79a4ec775da40d2ee0fd0836cb0dd04885147f143eab03aaf5ff8191e7421739dae7ebe543ac37753f09ec7e0bec912143d1c1beed736d81e6567603d7bfc48f63bd1400c6091eaf9d84c59f0cf56d9ec35637489eae51f87651f4cee0c226c7253b82bc691180fd6f15361be7779c01d1a5ed0b0dc2b6689a959c88cc316a6ec8028a9a4069ac56dd3150c93150d8609ace3cdef63596a7a2d73a527845d627a6d750a46be108b1a64b2f86ed545a6eb2be4273c6b759efd940a7d27c583ffecd875475a29636577d114a0a15be7c5b7e1aad51b567b0ba647a538166613031a50d3ec7a0854c5650b7b6dbdca77741bce2ca85e322d9caacda16dff9870a8c71840586e9dedc94fe866364ef0fddedffc161baf48001c028c31c6fb843903ca4fc275031fbb90586ddd718915d987dbb3a53a45bc2c920c02fa24b7c3ebf4eb0ca00cd19e3aba9bbf1735495f68931ffe68896af9df60c5f8954a079f228909fc85a72e58396ba67b55108cc2c6b1d61dc01ccef0c77daf869abd2e9a385a04c294e93e87c23ab7c369e9f8b1c4393e9fd543e2bf90545e82d838baf99a8f0443247e916e5e7ac0b1fc3047bed214c7e87b4dd3cde9052bd59de8616738a0bdf1f48805ce0b156f5f77ce5e2c46c23481b5be5b25ad975c465be083b10b009457b36f97161254199a0d819167ab994fef36d902dcb04743b1cfcad096654a4c76333d18c6047f3319117ced195139715fc8648f81232b1ce86fe8c0b1e3fa7e99cebb3b196284a8cfa74382192cffe910511421d9bfe8ae712882f414cb51fb2bd45272d6867cd785d3d2dcb6a99ddb7cfd6d0e0a651c17339afd68e8c5102d5eb5ee63bbdcbd70a67bf1fad4a3bada41fdc991ee92d8bb9e846394be46545044dc245782682b6e3e5e7b6bf7bc5c8710ee83c0755fe0a02f239755e4faca750fefe1b4749a8a2c9aecc8f811d386b467c7ae69868de5dfdffeda4c7a1b4478800431eefbddcff68f375c6feb3755bb0cd2a564212494cec927f49164d333426d3b69b4f5fb1b7a7142ef05813704ad7825a2d2f0809c818d3f2505eeda1606c4e98d872367dabbf6aa2ea0164d5076309d6fa88e54f2033d96494271094e11e6a7229df2f69afc31891134b887abec296eea01b62508dc5df7bda9952c4750ccfccb2c769f14e419eee64d7b88e72027d422849073313a78f3c37b4d6f70b61bc55bfafbd3a5047d79e9fe66b7a50c437a653663c7df49b26d677633e86dfaacb700d94d7eeb3689101d896e461218058f11e07424742e6863164f57eca759372db011fb2ffb9fb7547ce6ce780ab8ed994adb83e55072b1d4e4682a9add733a1ef60692e2345134f08bad032be162489cc332a6698d56913c65e698453c285ff6012d366bec5828a310a665ae11c317b11e29454a49ae52ba0dd8a0104b57d1e6c711216b414e7dcd86d3d7f3920e7202cd4b602893a049ef1b95e8c6fb426ac8a33da3a3c4518b0be46589334ddfd79502483b9a52e148220cd24fc91c039f8905f0240a3e92d9df8925453e7c3687960fa7dccdd2d6a3e4cf7ca2b5d55d5364ecf8990fa65a5bf5d0dccc86d0c07e8054ed1e16f08d74664aabd251363ecafea57e98f8709ef0f5ef80a323d17e4bb0e8da99262d6c6f0c042244c0314dec57f1f866f0fbfa023b3fdce8f5c81446943bca8717372f3ab4cd55bbee95697ecbfd06a84165f6eea3cfc90bd5751f6103a0d4996badd2e5a88539e3578c363e6cf455aad1d7bba51ca85d92e4dc5d06d3c6868d170c0b8bb008f5a1201311b3096592b3df76d48b1bb21fbc26c4b31f80505daf074b213d5809f0ff2c6c1202b3e1b929302f12e7a64ef6cd3e720825002cc46238628d797fad5948bc75ab0b3159f8334704c43437279e0954768429426c0670b09bcbc1fed577ff6b353120051d230fa779d980d294e5c9f33c05fac30d7b5d9b12e3e0953851e61a98b777911e57d3b9133216859af3238e3d5fadb5005ba391c4ce96be9f84acfa749e6b16dd5f69be1a375b45497fbb3bf069120eec827ba82b74edc5a67d3c69abd3e9a29f37ae2c2ba4a914a3241d50ead8d3e3f260ce778b18645629f3b169d011d661ecee5374a226e2f321f370056f81b5504d788a1ef0302ecb5c004a3a4e038ac6e5c1a678b6c35ff8a6d76dabe900bb0dd4e978144238b96f83ecaa89aa0ec20586e34fd3587011c8f50d2cd08ea4bed5f69822a686c04f4d8ce73bf966c1fe363d63204e908b208a2602f75a8f9d6c195aaf428cf5578e320fd7ae54ac487af0638d61c1ff198958d2ad6b9169b743fd508d5ba357c3c89c687dacb545a6de9e00a11f11fc9defc50ac18523fa605c79e959e2269a5b542357eabc3f91dce8b3b52465d224ae9e2fd3e4b319310c247abeba1d4c84be2c1ac1fc35808953de0f07858211f2876acea272f41d3a2a543e9fad4e9eb9901ae3c08575439fb5c789628b593f167c0e43d6dd2782e81bd2bf3c760470e11132e72576c3b1535be9a758b4697619026b5e9844f6025e84a7b6816cd8eda7f1781d5e52b5f31557ccb8048d2aee1b20ec79389fc21fa91b1262ea105eeda63e18a6f2e864a916cd01a33b9169fa623bdcf79b2fdc08567da5c4bcca7a3c4a2c4b398fd7231a7c4296c1ac1e7ec96170734041cbfe6307cbd8cb4e0294ace33c618349c1d9d7a37c6b35b679bd7ab63f6a179335bc1ebd6aa70b6262e981af661d8d1e438e0adef5a1b6622ca0f6face828bb1614f32c3cb1f44ba25e501adf69d6397d35fe85a6111419dce6197261590c0f08bff61968426db7a651094f5d31c9310989d9cc4a1cb7286636661c0d015a5e6e403a2a34d6ad7e5061d2dfdad3aadc873c79c115322a01ea6242eb84c668c66e0a2c42a655ac639c45c84eaf6c811cbd4bea1e6383736ee3f98f49251162b416bb3a0dbe94bbf18c304b6067f77067ce9f992318f8cff413d95011499314a9a62fdd43acc2d5f1bb5b06a2a80f738f7e55a1a1bd1348b865343310faa14e200ed730c1b27407bab2422b0f21ad0072cfc459871d9d15fae8dd5ed2d04f5669076a2688c524251ddd910443b057ce6fedf3f22e0bb90e46e92a18a0cdff04390159e0d984b1f0c65b4a9965e88f092535fb5fb7b3ebb72d22bf7e41b374f70110364b9afae5e61cee961b95aeea2093e9d4135087512278c89870d32e5a8276495cc87fd211bb4cc7899f0bd24f36d90a323957f8c01100c4ad841cc9bdd0e927b9d089845cde16a3be2b8ece45728889c613c17f864624bcbd64f1c55c57a84cfe1e8dc3a76c6e43cce5284ad34d6a0b6bf4356a372ae4a72022b3214b34de3946ce1ae043ec97555be7612578056c16e24412014737603753bc96c85df9f8dede7a8aeb397c5f86f30fb2277c76334c6e09863e7ef4508d6124de1de941896ef1beeb3843cbb600d7b8c2b45abf84ef52fb9359e058df337c38270180d1806cad7859086705dbed8cefba64809701ab3300a503f0ccb1ad47e0b06c1d9425e51c2cdb743f9f98566d8eb207cca9931fadb08360ad404eb7c6427f8b4f6453efabbfeafbf70748a761b26734072c66ae2a09b7daee78dd16d6f94bf4fa0b4deefd5e7609ed0cb45e15c86386a0f64e1e263f769a9876bafcbc308ce7da557b4780e07b04ec3eec76c50dc1238e8e603125cb68a97bcfd3a4aae9f22aa532bbab4695280c17b57a457a00fd86cb28bc1ab308e34d0b45d6fa98466b278d3e73774224ea67aeaad4a500a16c034a7ab643c9fcde0d5fa85f59163c34c389308dee867cc81af96f8180d8c18bd68e500f290715d6e30838df9050e80255c80466b3cc95a8552ed1133a3a1ee037740f4fd60d4f356d51206a0f219cea5cb3a1a6d9dcf5b3190bab7ef4d957025e6c8f63ea3fa449798a3a8876b43f5e015e35b0fd453676a886cb1de0bc09f3d65abe5146e1dacba40a3df073bf01806738402dc08f048d68cab4d328af3be2dbfe2040494db51261c11a2e74dd567bd87da106846ac0395b81b464511852df77076e3f4f5bd167cd26650784e7993c1ba504d8bcf9a59d7964c7975d44b6bc42617e3cede59e8ee91e187a28ca97caba56b55076ea3c8c402c21e895252614b19a15c83a8a04a371aed2669209f166c85bf2c7b46156c08579cdec2c3f3f860810f43cf8e3bce6ff44dd17a2a28be2d70b6c8a56f722f51acf9f8e3a77b10d7a5b341a48", @typed={0x14, 0x32, @str='rmd128-generic\x00'}]}, @typed={0x14, 0x88, @str='rmd128-generic\x00'}, @nested={0x4, 0x8}]}, 0x21c0}, {&(0x7f0000002580)={0x280, 0x2b, 0x400, 0x70bd2d, 0x25dfdbfe, "", [@generic="e22402f9d88f570066fe9a18e30b73a8db2bffbe3be233a9e52b7d627a6600ff39ec61c034077e347c621b095fa8ff6f24055d752929520159709b028f5e478111c0b435ed21e79ccf6c2a9397de2edb5a5dea0f45cd5ed46f0c68374fcd43470cb302c6b17f8cf142dd6e578faab64dae6c3a4c5ba77bf5d3778ff02d1e6ab0a5d376b561d725b6e61ea5c6b20dee06155d481b060890af9a492c9fcb15f556bb24ec7fc9003b554d72961631692b3acc9f828d0cc8feb5be2391a39f12aeffc7", @nested={0x1ac, 0x26, [@typed={0x8, 0x37, @uid=r2}, @generic="9a16490abc9b53974e9860d57491aa7c2da08fdc11a1a48e033cae1f066a800de5c524d18b4830cdbcbe2796f198a12ebe2813a039b9f81b7f82f8b1384ef4a8345414f54c1a4dd719a2a612c856734d1329b3703c720bbd158fd30e4401bfa2b48d89cf25db6191bc7c320f06eaac95a8b2baaf2834876e38ed2da13fc5dbe9d79cc5e2cc6ab7b7068475cc420654194a40c56a8ca9396aa9d68ef7baef5ebc6896234754", @generic="9c0cb7293e37", @generic="d91b3837f8a52a145d4565b81a83d42ef5b71f30c5dce6bafa2e781d921d436502ecaab64cd274caaa77ba84201cf5e7162fe7ee296d5a6963503d727beb1b9c22493bbf4c959573b1800937611053f51701f43dfc6f2b2f", @generic="120eeab41e67027649fb225ba742d459b83077a9c10bb8327e9d837b996fc6041629609adc84535e493d55ab29f1d96f8dcf2e91bc4c327a970aa1354bec712603d0896392e5fa72141fdeb4aa0090bbf42a89a55b6e629389f4e7f65c0b8e28b86ede4ce7f5c8e9fe9dce1b529fa13508df7a03950eb154c70c3ffa1714182c5f7aa80f93bcc7424546d0b8b63f70d68d760ed24ec6a2e073ec52"]}]}, 0x280}], 0x2, &(0x7f0000002840)=[@rights={0x18, 0x1, 0x1, [r1, r1]}, @rights={0x20, 0x1, 0x1, [r1, r1, r1, r1]}], 0x38, 0x20040014}, 0x8000) 09:00:52 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x200000000000000, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:52 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x100000000000000, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:52 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x4000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:52 executing program 1: socketpair(0x10, 0x2, 0x40, &(0x7f0000000080)) r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000280)="5210d18341ef027159849b890ec9253d69a0038f602d9408116482eb486b1bdc0f26096cda998c7b654d9674e256e7c4f9765f802f4ad51eaf327b61f70463f29961fb831d79e02d16f163f89d36dc7016732b1e813c82fadfd3ed329d29503275237adcefb70d68b62d4c0bd5044c9fa7b746eb4a74352d83ea320b2a9493387bc3110bc653312f6a8ad97a3592cdaa0e382ca9afeb0ec027bf7d0fc5517b5422dc63a7b2135d931dea5a5c52382c01c421fc0237df527ea967c8aedd1fed2c86cd3d47912d9aab750130babdd3550bc1018813d86f7a533d0fc23310faf651e7be7e6e81cd890e3699a3a393f03792e85ce9fa126d043bb1a05f4f71d1a1659c302e0d02e2a54321e3e3c13775fee190abeaecbb78e7a79c6ee1e1eec6e3a8129896baaf91f370efcb5fb16366fe381f7429f61691e55fef30f80e2e667703b9e08d8e671d7342781895cb9f69804e0d368344beddc575c289a2e402d498edc40b8a2c12be38f1250ff76cceb0373be7948b7d5239b32fc45e6f20658e34c44968c2fe1ec912b9a91d5af91041bdf3d35848646a0f9087da937bb3e9c362fc3cca855e2346f5aff673acee35c82204b7b4c15d19c6333b47c8ebea174763b6a620905f96c0d43a75067357d7958ecc786ec306308fca68c6c8a0d1f0c6b2cf0e56103a67a07bba4e5523da5f70749e607a7b45b1c7145ac6edd9147a2066456537238cdb865957758b6e3b3bdeb6bb165af236cc4cc7e9f7a990b02c97a057b7e9d430328747bd7ca1dd9c1264c4ca8abb3697da0611868f1e920de2a23510e1551c095118d7dce8b1a90fc035463f9aa39b1b4e3e38ba1a8327cc92923cd25fdfb9c533c04f1ffa5e12b0ae2712018dc89beb5aa7c74956a8fb40d8e98c4662f1006516dfb5187d5ad351774c522d3aa8e9f149f3e8c2eb247f51fe73335754cedb66de4a3ca7783e8c19eac633796f68e9069ba641d582e4a64a1786fb98273191b115272fea6994d4c1ee64e60a6dec0cdad4cbee5724a7119eeb6acd0a908a79895a62be35f3a042d564be70c1073b00bf257560a37acb64e92cdac4967ac3222d590e5a3244204a2b4ca7222b6761395a6c2d0502be3e3a4c5b290b3c8954a2846366f73cea27644e8482a2615940fcaca0adda85cd3ed5ee9608b5ab89082ab7656314482033c126fd19351e6dcb4f2f765654897d48011ae1619ae370c9b19dfef3825a9efd445f419074cd7e49cc753d1a68eb8ddc3f017792cf249923824a7c4e17b715b5595ea7d621acbb8be717f7fb3ea449756901b8ef4f0c0ec737500ebc3660db80ef1fbb7ec2418ed8139a43a4c0ff301a228eed82b3f785f995fbc4d49766e57a5174fa4fc1e22cb2aee3ebc957f348d9b5394f23282f7330eb2aa4e68497757ea021dfa95da062d8efe499eae998c96f532c98c7baad8b8d9924061b25561626ba9ab24fdf7c4b3b213cf48c4aa2fb300b6272b05ec84bf7c1d01a40687a09329511e1e9f583ab4c5ad3132ecfbe058bf954143652b1b8697a634c1b6728daf019345f0ba61526044edb7e7abdda35f9473c47645f9a5690582ab5d0adc914ec833cf9971db03d63ff7ee9c5dd79042fae71f6e2e82cb6527afefc85d8e48d6b7952663b5d5ae0d0bb5d518dd4a7d5a7c33b00dde70301d7953830ced82656f2852936ff2feaafa9e2858f477750e4024d82b2f8502120479d465b92c3bb5d43cbd1b5008341bf20e4efa38c1ded0ee0ba295d879623d32d18c5c3a0e2d54e1c2b2d85a25062d85c21341e8ca86fbbf4d09e951301b26f3e3ecd2fd69161d655883df3cb412915749335ca47f0a73bbc70d220ade706aedded36632376b436cff1f9c659bacbb558d2959b09978c211ad0807baef3860d25d5b435d263c25f48605d1284f85aecb8299fd9acbee1f43fda460f23a221d84831a7ead8ac02fb802494e3698fc6fc90ebc458bad26c074e38df6604d4a604dfe762e5e102c8a0687d32f49944416cb2fe1aacd70aa523625a105b1be6e6620a8821c065d5f4db97cdc05536fb54cf51060b8e8457556f570d678ad1e29fb36147e17911a2154e28618f1226c5cf6aecbcda61c37e50989d44426385251d65426b613dba4333a3683f61007f3351afbb450fc002442b4ab71de31cd5ae5f2a0fac30f155ed84efab138b1c57548f8a82d98271efd5c27cf9e476bfa6c3c623aa70580961aed6218c306b22e29014b95dc0d800bb16bf8deb09411cee892efca182767b1fa00c0bc13cb02ad94f565efc096f9f1e6a2d32b274f825cd3283e786dd30baff03d508afd98c95eea0ed5dfa842633357ba83206e297444132dbbdbd600605c035dc9e9c6019c95c887ff25fb2fb90b4a0075399bd9169464afcabe6164a351300e5963c97b91b02310deab0e5069b7e3f0bed22d31525b5d052e5287bbcdb3c4d6c41f29407ffa7821f03b3df30a6578aa644fc9a5871fb537b21e4ebb96039a80bbc11efab7dc0e005ee209fbcee126219db67a4403fe782352944f475de98289b1dd0e054e24bbf5d080d953c7868a6d1873d2dc5836d7875d627c9341534ab320547cb9a7643e782e6089a13e4274fbdb6dcb58ef2b8066442d2228478e29065dbb8188fe36d51618a1ed5a102248e5b01db60d1c42b8bbf959cca384531804183baf068c466f747f87abca778aba63f917981fa3a7df54ecb4a31e849aae9b17724ffa8f1ff0de8338f52fb0f9c4d56f66e1ddbc8bce296a4c813e8cdf477ff50b4f7cf1661a037b5d586f0f7f4f5f4247082a6ddbd230a561c57d0df48803a8c12b7b77eb47bcce2d0edd477aea854bb79d2fa0bd34d87ffeb16c412a81f2b0fc22e8ef1b53dbf2d20ff97906adfcb6e16214bc664a7420f76426022c4073db0a927f9763b3c5186305083fa36ed98f22b376b25c4eb73be4fee0e4d1a7ef4fae8cc40ec483ce36293022af8938543cf4a892f209b614dc55269d8ce285af326f63eb60d2609b52088e2e386bd0ddb1cf99c346491cc7b71374ec6f6f0a97e0715677c2819ba16426e1e3c281af3fc3b6731b00e872c1af268d2c5092681c8cbc2e4a4dcca92afab8b2331a36069769c81651c977a2d0989b606ce1bafa95818331f47b418134092ae37b2073822aab2c5ad1d9c48e488be920540effbc9fea4fdfc18947dab8004da428b055af0b3416eaafbf8b090398a43d7f294ac8a46f01b929b57935340e6b2e6a779b2b073c5cc5398d53cb2e9a6436a34ab904f760805d03d4df87191f3f57ddede62d0f55f83be4cae468d227a02ec2bbf47a32f8a87323712a8e4ee269e809465d8c1c3f194413d3b40c35dc84e4c6264a19f4254bff506f000a14f6e640f58eb3041365aca367d9d8f5b32f914fec17baf582babfd4d7e8023eed5880773c62f9cc130bc34dbeaeaa18e913e0ba33370d34df9430601a8f4f60a13238c7cb7ed58e438a48150d75ce22fd581cd109b1334c5452eb5104889e8dcb7285e5709f3aa0bab347804e37240d7a8dd5de77ce48779a565a22d7184938fdd037a397deb953b5b7726f737958acb76cb35c38b35ee0c68d840179bfb0698c3c9dd3ee68fe10281b50df75a58392af808f99ab39bf1b10027bd9c69f9767367be2d336229a18573e68aabadfb7003c7ad4bc55c265f9d5c08173a3c012a1370f367d663da679c5ea85d823e0a602fe3d93c63933c8503d185202332f379fff17dc7e5ddcd446d0d59760abc6a9743b0c5b0c4311df26ef1df82c4adb8dae1e1634a98f8f769474b56e36873436b96ad257615c1e1ad91bb188874c7332684f12541369bc7f6161d43cd3522445543cf658d654bdf474c0a2ee3375dfd66984f5d64b09659200fe23ecaea74d956644def76244df99c2913c09bf52dfc2d571917fc991096d784b40c96533bf9b0ae8246d53f43a46d5e061d5ccad40128397602ee6767ec9e64a9e93d5daf152810217acfac5a96383a1bb4d455ac736b79bca73faca1ebbe9b63c5d4da39b1defe31fac36d225ef39f2971e3a2402aa7f107a2f0d6cab71712decbb21333ed92649eb3ca596b0f65ad8d7a3af8d9d25ea11595c0e3dc45edf8c99dd8b8f86ea562a634e8fc916d1dba751329b458b5dc2836a5428ea293eee8ce759dcf73f445fc5ce34f7557409a99d2d3891a7b1b285abd4ca50a7b99a370824f5ac6b007f7844c3f72a39a3d66386bdc39d32522e5a4b13375e5507c207da6d56560d5ed589992645b252c45b24bbbe08c496a98c82bec54633d53eabacce5479b85dfce8abf9525ba300ae4e4d1c8ba0e3e473203c4d20ec28c2c9b89a503886e3426b731fdbb44128a7a9bb2e4935ef985e797f1e03880d1d99f04a2e36e94b9b7c8ec4a14571a8ebb902965630006f2465ecd41bb01ac344059b8994e174f691a38caf61dbc3d667c0cb9c37fea1fe34d0e3986552d7bf2b1e84d12e6629b71955012fc56a90f30737fcdf7ed20863a42b16ee20d21d3684b2532f291a100bed6afc9b8a3d6826a9fb502304bf0e5b0d9d19d08b6efc3bab350bfddf9412f55c725dc4b0b34faaf3947019d74f6a3738cb92a07e80213244f71dfaa7492e2e7f63ebc65956a62f8a60343ea115d29991219afcf3afcdcfc541d968cfea29f48ff8dd62f7650636a241e017b76e56dbc63b906537ce5d65b56f700fa011595f030839d76d32a5f740e6c74e893d4e6bfcc318c4f805a1ff5a9e49bab94225e486e5f3dfc3fcfaea51fd23b2db5a40989e6b3f643642b53b39e5268ae197096592e3f0f7cc401d7eb77e5c616a06c74193d1c60046d20aaa4cd68ab1e6c68287c9263364aa8cffd274c4721872d9b37f01d08bc8cb9fee9bcd25f3d695ab2f56173f48f6d1407e4418aaa18d21c0284a2ff0156babf46c7593556cc150f16a2f8e3c76301a669ba1c25c3b56d6a737c282e9a847d60a1f4dd8b7e34fa6612ce5b6bfb5f8dae1dea0fb6bc8e991f87bb9640ab1ae59c3bacf09b3af12bb887faf80c065fac2b1e4b525394b72f5fd12bbac41bb531ecc2f66ee6bdc271fec63f336d6bb08aa0bb577af5935e3966de4e691553684228079f45c48a8cf28e69394794ba8a25e2e4b64522ef96e66675aea8b3062769e89432ecf9098d0712fc3f8f69b53eb5d989e684be82373a76d47fd5a16043d44ed2c46418136e6c1928dba940f44d5dbfb133351f691a8fb1cb62ae632a55178228a1d6c751e905f5c154eeb90a53d1e3d38ca54dfcc4a16961a53bbf40364b6ec03c259b424367ea6b6b9fdbcaf77476fdac4365ee1a4b002efaf0061d4db82f225b6b0572d59ccf06e512784196db2770d2685d5975221bec4c110ddade6cae82853635e9af1f3a1f4691460963bebc1ea64ba59d6b3d1c9d37d4c9a90f159ceed9ffa21272b1718e26f3dfa066c165e67130b5e85a3668a139cced9872998cb3e0a7ecd43dd3cb48c544a8d2b8feac8aff464808759e4fb8024c614489c521bee00a62b97c958805bdae358a359dba4cff560bfa8404ed80b9a2487009ba9bafe43c7cbe7d384f0cc5b0593fd617fead47d2d08dfb024000e7a7dbcc44ceb8dea7dc19ba14afb11013d10da12694e631cdc0a9027e9ea9ff4b3ba1af4eb7fd37872bf8b5aade1100bad47bcfbcfa4c46acb30b6259e4d45f85a9bb3cce649521a279ab100d87b428aa8c533d68f5882c4aa8b226fa033707f6021b35cd50d9102ca4c79bc2d0d5104dc0059d47f27493c30fe04ebbcb22bfc245929dc323048377dca272b27a53be961b9b2cabb57e56", 0x1000, 0xfffffffffffffffb) keyctl$setperm(0x5, r0, 0x8) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f0000fb6000)='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000200)='nfs4\x00', 0x0, 0x0) 09:00:52 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x4e200000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:52 executing program 3: r0 = socket$nl_generic(0xa, 0x5, 0x84) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000}, 0x6) setsockopt(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000), 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000140)={"62726964676530000000008000", &(0x7f0000000100)=@ethtool_cmd={0x7, 0x0, 0x709000}}) 09:00:52 executing program 7: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x10000, &(0x7f0000000080)="2957f477671070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000007000)={&(0x7f0000001000)={0x10}, 0xc, &(0x7f0000007ff0)={&(0x7f0000009000)=@newsa={0x140, 0x10, 0x301, 0x0, 0x0, {{@in=@broadcast=0xffffffff, @in=@rand_addr}, {@in6=@loopback={0x0, 0x1}, 0x0, 0x32}, @in6, {}, {}, {}, 0x0, 0x0, 0x2, 0x1}, [@tfcpad={0x8, 0x16}, @algo_auth={0x48, 0x1, {{'sha256\x00'}}}]}, 0x140}, 0x1}, 0x0) [ 673.464214] FAULT_INJECTION: forcing a failure. [ 673.464214] name failslab, interval 1, probability 0, space 0, times 0 [ 673.475481] CPU: 1 PID: 21813 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 673.482832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 673.492177] Call Trace: [ 673.494768] dump_stack+0x1c9/0x2b4 [ 673.498400] ? dump_stack_print_info.cold.2+0x52/0x52 [ 673.503586] ? unwind_get_return_address+0x61/0xa0 [ 673.508601] ? graph_lock+0x170/0x170 [ 673.512406] should_fail.cold.4+0xa/0x1a [ 673.516470] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 673.521574] ? __lock_is_held+0xb5/0x140 [ 673.525637] ? __kmalloc_node_track_caller+0x47/0x70 [ 673.530743] ? graph_lock+0x170/0x170 [ 673.534550] ? find_held_lock+0x36/0x1c0 [ 673.538616] ? __lock_is_held+0xb5/0x140 [ 673.542685] ? check_same_owner+0x340/0x340 [ 673.547010] ? rcu_note_context_switch+0x730/0x730 [ 673.551947] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 673.557224] __should_failslab+0x124/0x180 [ 673.561478] should_failslab+0x9/0x14 [ 673.565281] kmem_cache_alloc_node+0x272/0x780 [ 673.569863] ? __kmalloc_node_track_caller+0x47/0x70 [ 673.574971] __alloc_skb+0x119/0x790 [ 673.578685] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 673.584223] ? skb_scrub_packet+0x580/0x580 [ 673.588597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 673.594138] ? ip_generic_getfrag+0x124/0x2e0 [ 673.598638] ? ip_reply_glue_bits+0xc0/0xc0 [ 673.602959] ? trace_hardirqs_on+0x10/0x10 [ 673.607196] ? raw_getfrag+0x15b/0x220 [ 673.611083] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 673.616114] __ip_append_data.isra.47+0x2248/0x2a90 [ 673.621139] ? raw_destroy+0x30/0x30 [ 673.624860] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 673.630661] ? ipv4_mtu+0x37d/0x590 [ 673.634292] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 673.639745] ? find_held_lock+0x36/0x1c0 [ 673.643818] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 673.649363] ip_append_data.part.48+0xf3/0x180 [ 673.653957] ? raw_destroy+0x30/0x30 [ 673.657672] ip_append_data+0x6d/0x90 [ 673.661470] ? raw_destroy+0x30/0x30 [ 673.665251] raw_sendmsg+0x1db4/0x29c0 [ 673.669151] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 673.674254] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 673.678687] ? find_held_lock+0x36/0x1c0 [ 673.682758] ? lock_downgrade+0x8f0/0x8f0 [ 673.686910] ? lock_release+0xa30/0xa30 [ 673.690880] ? check_same_owner+0x340/0x340 [ 673.695204] ? __check_object_size+0x9d/0x5f2 [ 673.699710] inet_sendmsg+0x1a1/0x690 [ 673.703515] ? ipip_gro_receive+0x100/0x100 [ 673.707842] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 673.713378] ? security_socket_sendmsg+0x94/0xc0 [ 673.718135] ? ipip_gro_receive+0x100/0x100 [ 673.722459] sock_sendmsg+0xd5/0x120 [ 673.726174] __sys_sendto+0x3d7/0x670 [ 673.729979] ? __ia32_sys_getpeername+0xb0/0xb0 [ 673.734647] ? wait_for_completion+0x8d0/0x8d0 [ 673.739232] ? __lock_is_held+0xb5/0x140 [ 673.743303] ? __sb_end_write+0xac/0xe0 [ 673.747287] ? __ia32_sys_read+0xb0/0xb0 [ 673.751345] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 673.756889] __x64_sys_sendto+0xe1/0x1a0 [ 673.760949] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 673.765966] do_syscall_64+0x1b9/0x820 [ 673.769858] ? syscall_return_slowpath+0x5e0/0x5e0 [ 673.774787] ? syscall_return_slowpath+0x31d/0x5e0 [ 673.779731] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 673.785105] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 673.789956] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 673.795142] RIP: 0033:0x455a99 09:00:53 executing program 4 (fault-call:4 fault-nth:28): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:53 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x5000000, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:53 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x8, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:53 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0xfbffffff00000000, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:53 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:53 executing program 1: r0 = socket(0x10, 0x7fe, 0xfffffffffffffffa) sendmsg$nl_route(r0, &(0x7f0000000100)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000002400)=@bridge_getneigh={0x28, 0x1e, 0x601, 0x0, 0x0, {0x7}, [@IFLA_MASTER={0x8, 0xa, 0x9}]}, 0x28}, 0x1}, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x58) getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080), 0x10) 09:00:53 executing program 3: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040), 0xfffffffffffffd98) readahead(r0, 0x49, 0x5) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x100000000, 0x0) getsockname(r0, &(0x7f0000000180)=@can={0x0, 0x0}, &(0x7f0000000240)=0x80) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000280)={'vcan0\x00', r2}) clock_adjtime(0x0, &(0x7f0000000080)={0x6, 0x2, 0x7, 0x1, 0x1, 0x400, 0xfffffffeffffffff, 0x7ff, 0xffff, 0x5, 0x8, 0xfffffffffffffffe, 0x5, 0x0, 0xef, 0x7fff, 0x7fffffff, 0xffffffff, 0x4, 0x7, 0x7, 0x9, 0x4, 0x0, 0xffffffffffffffc1, 0x9}) 09:00:53 executing program 7: r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mknodat(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) getgroups(0xa, &(0x7f0000000040)=[0x0, 0xee00, 0xee00, 0xee00, 0xee01, 0xee01, 0xee01, 0xffffffffffffffff, 0xee00, 0xffffffffffffffff]) syz_fuse_mount(&(0x7f0000000340)='./file0\x00', 0x8000, 0x0, r1, 0x0, 0x0) name_to_handle_at(r0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000240)={0x8}, &(0x7f0000000280), 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'bond_slave_1\x00', 0x820}) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000280}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={0xac, r2, 0x300, 0x52c8, 0x25dfdbff, {0xe}, [@IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x7}]}, @IPVS_CMD_ATTR_DEST={0x38, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x800}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast1=0xe0000001}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblcr\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sh\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x10}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}]}, 0xac}, 0x1, 0x0, 0x0, 0x1}, 0x24000000) [ 673.798325] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 673.817703] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 673.825412] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 673.832679] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 673.839944] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 673.847217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 673.854481] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000001b [ 673.968991] FAULT_INJECTION: forcing a failure. [ 673.968991] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 673.980846] CPU: 1 PID: 21859 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 673.988208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 673.997558] Call Trace: [ 674.000150] dump_stack+0x1c9/0x2b4 [ 674.003787] ? dump_stack_print_info.cold.2+0x52/0x52 [ 674.008987] ? graph_lock+0x170/0x170 [ 674.012798] should_fail.cold.4+0xa/0x1a [ 674.016862] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 674.021980] ? trace_hardirqs_on+0x10/0x10 [ 674.026215] ? lock_downgrade+0x8f0/0x8f0 [ 674.030367] ? kasan_check_read+0x11/0x20 [ 674.034511] ? rcu_is_watching+0x8c/0x150 [ 674.038655] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 674.043059] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 674.047466] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 674.051879] ? is_bpf_text_address+0xd7/0x170 [ 674.056375] ? kernel_text_address+0x79/0xf0 [ 674.060788] ? __kernel_text_address+0xd/0x40 [ 674.065289] ? unwind_get_return_address+0x61/0xa0 [ 674.070223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.075766] ? should_fail+0x223/0xbed [ 674.079664] __alloc_pages_nodemask+0x36e/0xdb0 [ 674.084388] ? __alloc_pages_slowpath+0x2d90/0x2d90 [ 674.089405] ? save_stack+0x43/0xd0 [ 674.093030] ? kasan_kmalloc+0xc4/0xe0 [ 674.096919] ? find_held_lock+0x36/0x1c0 [ 674.100986] ? __lock_is_held+0xb5/0x140 [ 674.105058] ? check_same_owner+0x340/0x340 [ 674.109394] cache_grow_begin+0x91/0x710 [ 674.113463] kmem_cache_alloc_node_trace+0x692/0x770 09:00:53 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000180)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000380)) mount(&(0x7f0000d04000)='./file0\x00', &(0x7f0000903000)='./file0\x00', &(0x7f0000000340)='\x00\x00\x00\x00\x00', 0x100000, &(0x7f00000002c0)) mkdir(&(0x7f0000001500)='./file0/file0\x00', 0x0) mount(&(0x7f0000000f00)='./file0/file0\x00', &(0x7f0000000f40)='./file0/file0\x00', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000f80)) mount(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000280)='overlay\x00', 0x20000, &(0x7f00000001c0)) r0 = socket$key(0xf, 0x3, 0x2) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f0000000040)={'teql0\x00', 0x7}) mount(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)="62012600", 0x2000, 0x0) [ 674.118576] __kmalloc_node_track_caller+0x33/0x70 [ 674.123516] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 674.128281] __alloc_skb+0x155/0x790 [ 674.132018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.137566] ? skb_scrub_packet+0x580/0x580 [ 674.141891] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.147432] ? ip_generic_getfrag+0x124/0x2e0 [ 674.151926] ? ip_reply_glue_bits+0xc0/0xc0 [ 674.156249] ? trace_hardirqs_on+0x10/0x10 [ 674.160496] ? raw_getfrag+0x15b/0x220 [ 674.164382] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 674.169402] __ip_append_data.isra.47+0x2248/0x2a90 [ 674.174422] ? raw_destroy+0x30/0x30 [ 674.178146] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 674.183948] ? ipv4_mtu+0x37d/0x590 [ 674.187575] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 674.193025] ? find_held_lock+0x36/0x1c0 [ 674.197113] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.202663] ip_append_data.part.48+0xf3/0x180 [ 674.207242] ? raw_destroy+0x30/0x30 [ 674.210956] ip_append_data+0x6d/0x90 [ 674.214757] ? raw_destroy+0x30/0x30 09:00:53 executing program 7: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$PPPIOCGMRU(r0, 0x80047453, &(0x7f0000000180)) setsockopt$netlink_NETLINK_RX_RING(r0, 0x10e, 0x6, &(0x7f00000014c0), 0x10) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f00000000c0)={'bpq0\x00', @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040)={0x0, 0x0}) r2 = syz_open_dev$audion(&(0x7f0000000640)='/dev/audio#\x00', 0x1000, 0x900c0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000680)={0x0, 0xfffffffffffffff8}, &(0x7f00000006c0)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000700)={r3, @in6={{0xa, 0x4e20, 0x93e8, @mcast2={0xff, 0x2, [], 0x1}, 0x7fff}}, 0x41f2, 0xff, 0xfffffffffffffff9, 0x2, 0x80}, &(0x7f00000007c0)=0x98) r4 = syz_open_procfs(r1, &(0x7f00000001c0)='net/xfrm_stat\x00') setsockopt$netlink_NETLINK_RX_RING(r0, 0x10e, 0x6, &(0x7f0000000000), 0x10) recvfrom$unix(r4, &(0x7f0000000200)=""/225, 0xe1, 0x103, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e22}, 0x6e) r5 = accept4$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, @multicast2}, &(0x7f0000000140)=0x10, 0x80800) fstat(r5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_route(r0, &(0x7f0000000600)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f00000005c0)={&(0x7f0000000400)=@ipv6_getroute={0x184, 0x1a, 0x400, 0x70bd29, 0x25dfdbfc, {0xa, 0x30, 0x80, 0xa7f, 0xff, 0x0, 0xff, 0x1, 0x1000}, [@RTA_EXPIRES={0x8, 0x10, 0x2b}, @RTA_ENCAP={0x118, 0x16, @nested={0x114, 0x61, [@generic="148dab7d9de5fbbabcd1628da39d0ea94049f4a9113717ad23c25def47c095f0a5ea66c8e61d37077d0c2721a854833eba3443f7ef1a05933a474b8ed4ebf2c1528445aab822216411c6adfb2624c46698b53380c949b7292ddbfea98a74e7b48499bc6673c7df9f4baa4a3241648e6a69c39360f2ea0797e127c345abb3b94a6bb713c90b84748895001973a8e3cf212af252e0241e1461419993dd4ae6354fd38cb50a2d283430ae9792b58fa7ccfd5cc6b21b7c3800e2df51604176f0490df96d015a2d1471fdafb2b21f934b6de251fd0a943c17c58182b8a8d791b5c300433bf2fd16e7a8205dcca6a4025fec39d07430d8cf", @generic="8d41d680161523ed4918c48a9e6ce008d86af58276d1413bbc07e7"]}}, @RTA_ENCAP={0x1c, 0x16, @generic="d74a16c4e1f4841dd1e3105732e7b44a657744f071f7"}, @RTA_UID={0x8, 0x19, r6}, @RTA_PREF={0x8, 0x14, 0x4}, @RTA_GATEWAY={0x14, 0x5, @dev={0xfe, 0x80, [], 0x14}}, @RTA_EXPIRES={0x8, 0x10, 0xfffffffffffffff8}]}, 0x184}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) [ 674.218474] raw_sendmsg+0x1db4/0x29c0 [ 674.222372] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 674.227473] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 674.231925] ? find_held_lock+0x36/0x1c0 [ 674.235995] ? lock_downgrade+0x8f0/0x8f0 [ 674.240144] ? lock_release+0xa30/0xa30 [ 674.244117] ? check_same_owner+0x340/0x340 [ 674.248457] ? __check_object_size+0x9d/0x5f2 [ 674.252962] inet_sendmsg+0x1a1/0x690 [ 674.256772] ? ipip_gro_receive+0x100/0x100 [ 674.261102] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 09:00:53 executing program 1: perf_event_open(&(0x7f0000000140)={0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000080)={0x10}, 0xc, &(0x7f0000006e40)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c00000032f506ba0000007af7e91600400000007f8a6b79477c6165f226b300682da3b0a17a2458b8c7d7350a0f29191dc6c9d009919be88eb5f1e0652741e3bc45ae2ff021b391d65c34bfa40bcd10aac5c679ce730caf08c59d099a8d16c856c1e3c59fbe5317d60eb6a854ea1d2a0311f99c2bf0c58cf5af0d6e06f10266b579a08c3d2c317a4c81003ce8b6b3b0b95e5224b5a5378e5e9e", @ANYRES32=r0, @ANYBLOB="0000000000000000080011000000000004001400"], 0x2c}, 0x1}, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x40, 0x0) [ 674.266642] ? security_socket_sendmsg+0x94/0xc0 [ 674.271397] ? ipip_gro_receive+0x100/0x100 [ 674.275719] sock_sendmsg+0xd5/0x120 [ 674.279459] __sys_sendto+0x3d7/0x670 [ 674.283267] ? __ia32_sys_getpeername+0xb0/0xb0 [ 674.287937] ? wait_for_completion+0x8d0/0x8d0 [ 674.292520] ? __lock_is_held+0xb5/0x140 [ 674.296591] ? __sb_end_write+0xac/0xe0 [ 674.300591] ? __ia32_sys_read+0xb0/0xb0 [ 674.304654] ? syscall_slow_exit_work+0x500/0x500 [ 674.309497] __x64_sys_sendto+0xe1/0x1a0 [ 674.313559] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 674.318580] do_syscall_64+0x1b9/0x820 [ 674.322470] ? finish_task_switch+0x1d3/0x890 [ 674.326977] ? syscall_return_slowpath+0x5e0/0x5e0 [ 674.331911] ? syscall_return_slowpath+0x31d/0x5e0 [ 674.336846] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 674.342240] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 674.347094] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 674.352283] RIP: 0033:0x455a99 09:00:53 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x9000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:53 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x7a000000, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:53 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:53 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x18, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 674.355465] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 674.374838] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 674.382548] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 674.389814] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 674.397079] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 674.404343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 674.411609] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000001c 09:00:53 executing program 1: r0 = socket$inet6(0xa, 0x201000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="0047fc2f07d82c99240970") r1 = memfd_create(&(0x7f0000000080)="7d10", 0x0) fallocate(r1, 0x0, 0x0, 0x4d) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x51, r1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) r2 = fcntl$dupfd(r1, 0x406, r0) ioctl$KVM_ASSIGN_DEV_IRQ(r2, 0x4040ae70, &(0x7f0000000000)={0x7f, 0xe8, 0x7fff, 0x2}) readv(r1, &(0x7f0000002640)=[{&(0x7f0000001640)=""/4096, 0x1000}], 0x1) 09:00:53 executing program 4 (fault-call:4 fault-nth:29): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:53 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x6800, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:53 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:53 executing program 7: r0 = socket$inet6(0xa, 0x7fffc, 0x1ff) ioctl(r0, 0xffffffffffffffff, &(0x7f0000000280)="025cc83d6d345f8f760070") r1 = open(&(0x7f00000000c0)='./file0\x00', 0x20001, 0x6) ioctl$EVIOCGBITSND(r1, 0x80404532, &(0x7f0000000480)=""/4096) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-net\x00', 0x2, 0x0) r3 = pkey_alloc(0x0, 0x3) pkey_free(r3) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffff}, 0x0, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r4, &(0x7f0000000340)={0x8, 0x120, 0xfa00, {0x1, {0xae6, 0x7, "49c66ace9ca9eb5527fb79a82c591a609204ac89475730e76752ba7a0396fec869424c123c6279b0e73b86c4345700761165f3b2680a316e3ba7646c63c679c17f9840a7f662af438fdd8eed79c7696781105575c94dc54de7960f281d9c76651417a52669239dfb46cf5f4d3f566fd16671edee226fcceae2c5515761e9f3ac7c23d473267fad2b54dcc4f87a08eae3fae974e6a57b9ac8915e5925bd28cd801c18f457781c2ab69f039c17e1471fa67b00faf73522f08950afa30d4dfc05ef592ecf46c38f9fd25f73d555bfab44d671f8069628c1e0b9e394ee48b32200074a3e7bff1ccfc0e59c9fae13a10d9554f49edae4a397691daa658b3ee6f4ea9a", 0xc0, 0xff, 0x7f, 0x4, 0x5, 0xffff, 0xfffffffffffffffc}, r5}}, 0x128) ppoll(&(0x7f0000000240)=[{r2}], 0x1, &(0x7f00000002c0)={0x0, 0x989680}, &(0x7f0000000300), 0x8) socket$alg(0x26, 0x5, 0x0) 09:00:53 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0xfffffffb, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:53 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1a, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:53 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={&(0x7f0000000340)={0x10}, 0xc, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001800010e00000000000000afda00000002000007000700e30c000900080000000dae", @ANYRES32=0x0, @ANYBLOB="080004000000075f"], 0x30}, 0x1}, 0x0) 09:00:53 executing program 3: pipe(&(0x7f0000000100)={0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffff9c, 0x84, 0x66, &(0x7f0000000180)={0x0, 0x8}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000200)={r1, 0x48, "c4c7b9c312d69ba51f2cbe478d597e2f55b215deb1e65ab4342be18f3a45948af797ab6601119307d4d0b1b768576b498d1538393f76f21107502a15e20848ed41bc58ff18d4b2c9"}, &(0x7f0000000280)=0x50) prctl$seccomp(0x16, 0x0, &(0x7f0000000140)={0x1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0xfffffffffffffff9}]}) syz_open_dev$amidi(&(0x7f00000002c0)='/dev/amidi#\x00', 0x8, 0x4000) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) getresgid(&(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000380)) select(0x40, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)={0x0, 0x7530}) 09:00:53 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 674.655139] FAULT_INJECTION: forcing a failure. [ 674.655139] name failslab, interval 1, probability 0, space 0, times 0 [ 674.666524] CPU: 1 PID: 21903 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 674.673886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 674.683235] Call Trace: [ 674.685835] dump_stack+0x1c9/0x2b4 [ 674.689481] ? dump_stack_print_info.cold.2+0x52/0x52 [ 674.694679] ? unwind_get_return_address+0x61/0xa0 [ 674.699617] ? graph_lock+0x170/0x170 09:00:53 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000000), &(0x7f0000000040)=0xb) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/sequencer\x00', 0x0, 0x0) r2 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) dup3(r1, r2, 0xffffffffffffffff) write$binfmt_aout(r0, &(0x7f0000000300)={{0xcc, 0x2, 0x9c5, 0x2ee, 0xe0, 0x5, 0x2e, 0xffffffff}, "a9d6b7813a38ca755085e8", [[], [], [], [], [], [], [], []]}, 0x82b) [ 674.703446] should_fail.cold.4+0xa/0x1a [ 674.707531] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 674.712646] ? __lock_is_held+0xb5/0x140 [ 674.716716] ? __kmalloc_node_track_caller+0x47/0x70 [ 674.721826] ? graph_lock+0x170/0x170 [ 674.725647] ? find_held_lock+0x36/0x1c0 [ 674.729716] ? __lock_is_held+0xb5/0x140 [ 674.733788] ? check_same_owner+0x340/0x340 [ 674.738110] ? rcu_note_context_switch+0x730/0x730 [ 674.743046] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 674.748327] __should_failslab+0x124/0x180 09:00:53 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet6(0xa, 0x1, 0xfffffffffffffffe) ioctl(r2, 0x8000004000008912, &(0x7f0000000100)="295ee1311f16f477671070") r3 = dup2(r0, r1) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x3) ioctl$TCSETS(r0, 0x545d, &(0x7f0000000040)) [ 674.752561] should_failslab+0x9/0x14 [ 674.756364] kmem_cache_alloc_node+0x272/0x780 [ 674.760943] ? __kmalloc_node_track_caller+0x47/0x70 [ 674.766066] __alloc_skb+0x119/0x790 [ 674.769789] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.775338] ? skb_scrub_packet+0x580/0x580 [ 674.779664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.785201] ? ip_generic_getfrag+0x124/0x2e0 [ 674.789698] ? ip_reply_glue_bits+0xc0/0xc0 [ 674.794024] ? trace_hardirqs_on+0x10/0x10 [ 674.798269] ? raw_getfrag+0x15b/0x220 [ 674.802156] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 674.807177] __ip_append_data.isra.47+0x2248/0x2a90 [ 674.812201] ? raw_destroy+0x30/0x30 [ 674.815940] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 674.821745] ? ipv4_mtu+0x37d/0x590 [ 674.825378] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 674.830836] ? find_held_lock+0x36/0x1c0 [ 674.834909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.840452] ip_append_data.part.48+0xf3/0x180 [ 674.845034] ? raw_destroy+0x30/0x30 [ 674.848747] ip_append_data+0x6d/0x90 [ 674.852548] ? raw_destroy+0x30/0x30 [ 674.856268] raw_sendmsg+0x1db4/0x29c0 [ 674.860167] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 674.865270] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 674.869702] ? find_held_lock+0x36/0x1c0 [ 674.873773] ? lock_downgrade+0x8f0/0x8f0 [ 674.877921] ? lock_release+0xa30/0xa30 [ 674.881893] ? check_same_owner+0x340/0x340 [ 674.886217] ? __check_object_size+0x9d/0x5f2 [ 674.890719] inet_sendmsg+0x1a1/0x690 [ 674.894522] ? ipip_gro_receive+0x100/0x100 [ 674.898848] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 674.904386] ? security_socket_sendmsg+0x94/0xc0 [ 674.909142] ? ipip_gro_receive+0x100/0x100 [ 674.913475] sock_sendmsg+0xd5/0x120 [ 674.917191] __sys_sendto+0x3d7/0x670 [ 674.920999] ? __ia32_sys_getpeername+0xb0/0xb0 [ 674.925676] ? wait_for_completion+0x8d0/0x8d0 [ 674.930262] ? __lock_is_held+0xb5/0x140 [ 674.934332] ? __sb_end_write+0xac/0xe0 [ 674.938316] ? __ia32_sys_read+0xb0/0xb0 [ 674.942800] ? syscall_slow_exit_work+0x500/0x500 [ 674.947660] __x64_sys_sendto+0xe1/0x1a0 [ 674.951726] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 674.956744] do_syscall_64+0x1b9/0x820 [ 674.960629] ? finish_task_switch+0x1d3/0x890 [ 674.965127] ? syscall_return_slowpath+0x5e0/0x5e0 [ 674.970060] ? syscall_return_slowpath+0x31d/0x5e0 [ 674.974995] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 674.980370] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 674.985242] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 674.990433] RIP: 0033:0x455a99 09:00:54 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x6c, 0x0, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:54 executing program 7: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x40000, 0x0) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000040)) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000080)) ioctl$int_in(r0, 0x5421, &(0x7f00000000c0)=0x7) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000100), &(0x7f0000000140)=0x4) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000180)) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f00000001c0)={0x9, {{0x2, 0x4e24, @loopback=0x7f000001}}}, 0x88) setsockopt$inet_mreq(r0, 0x0, 0x24, &(0x7f0000000280)={@broadcast=0xffffffff, @dev={0xac, 0x14, 0x14, 0xe}}, 0x8) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r1, 0xb12, 0x70bd2b, 0x25dfdbfb, {0xd}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4880}, 0x40001) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f0000000400)=""/96) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000480)) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000600)={0x1, 0x5, 0x4, 0x7, &(0x7f00000004c0)=[{}, {}, {}, {}, {}]}) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000680)={0x7f}, 0x4) getsockopt(r0, 0x5, 0x4, &(0x7f00000006c0)=""/4096, &(0x7f00000016c0)=0x1000) modify_ldt$read(0x0, &(0x7f0000001700)=""/101, 0x65) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000001780)={0x6, 0x0, [{0xa57, 0x0, 0x5}, {0x2da, 0x0, 0x5}, {0x4000099f, 0x0, 0x435b}, {0xa96, 0x0, 0x1}, {0xbff, 0x0, 0xffffffffffff1128}, {0x8a, 0x0, 0x3}]}) sendmsg$kcm(r0, &(0x7f0000002c80)={&(0x7f0000001800)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x4, 0x0, 0x4, 0x3, {0xa, 0x4e20, 0x80000001, @empty, 0x1}}}, 0x80, &(0x7f0000001980)=[{&(0x7f0000001880)="360611a55e124b0ba74a4cfa9f1aced4aa1d29971f9d8cb4c62cc16491be2dd7b73a41284e52c36d4122e5daeb5d76d28ce902ad5f28e2980f266f0b7861cece3e607264efb3bc89caab75a41e60f90e7c69bb881093331768f29336ff7b3c8a0ce248696a4ce3512afc5b8b09f4835d4e36192b13eb69a3bd96328e6ceba5de0ed4551f50d6ecdc079c58a8faf1a6d19150064802b8568431e22e3a7a73abad7cdebda745b47b20914c81dd41f2cb33b4e10f888c8a6b15b1cdef72c5b001321240b36932b4980db094518a5658ff841c", 0xd1}], 0x1, &(0x7f00000019c0)=[{0x68, 0x1ff, 0x21cc, "0f0f9bf3d7132782f379509585222550b048077ae470bcbd53f99115e3ceb90a9ae3d5cc6fc669144bbf6a134279c73ed9d2794553a56916f28cce1209602b54aa65def0ba7b654141ca13fba32004322fc74f566204404e"}, {0x40, 0x1, 0x8, "122007de2a370c3f90cb222db142e879b550ad1bb066f2e41e8404e9a76b29a592c46df976e51f082e"}, {0x78, 0xff, 0x5, "e012fd4c21eecf8cf5daf1c53304e4b5863d674648f27b68e3b0e926bd24043fc2be5032043fb8a71238ed9c9010ead80bd34c1277887ba7bebcff5613ea95b5411fcc3746e57c5a0818406c27116602e793df4838ef9c9da4a306c74df4eaa8fb1a27d0049ba456"}, {0xa0, 0xcc3d5420f71d33ce, 0x3, "9d55bba28aa563e3edf518c583a6300b47809a7990d06306fe241a32b1cb1890849e5130ba5b95f4271104d052deec3ba0011e1daabe0d89ef38f893cfd4f1c956c8fcab31963861fdb36d7249892d3a328f7dd66b020d8076dfefb32b064beb0d7cc2de06209982bd9c4e50b8a4d8b10e4d6e6cc830f363b8548dd7c79cb9c2fbb3ed843952d994c494"}, {0x1010, 0x10e, 0xf6, "be3ac4325f312b112b4e532031fcda2d02c867dac8e0640d981e4c8eb5546add36b2ee4a992113b8fc4b88fba7a95e18a120b5565719207e0c223b3fa6ae87f6e349c9e19e7d55e198924ac993d2ee70dd666777865224516b8a50757bc65b874282b2da1c6c45c095d721c329ad9695fc16d809278f3516f3e8686dcb9035163652e0c2aa9d5e79ffc6c258c85ddb6b5b0318e80eaca6bc1de1c95e731116e1bc8ea835da7b3685eaeb9cd0f28b7575a9432964fa09167f6c2da665d11e18d41a2aa0b90cc30866209c55bd2509ce6bf02533d02628f72e107608a8607553f3eaef538d5780241d276b42c65a0cd8800aa9bba29227071d1a4122d9ed3fbb9642b204e86ef99eb5eacc8700e470979590de3ef661268181732f8ea2e11f4fe2b9f59d2e03da016bebc25659ce461f8c0be8f5d7c34e72c1d3adb27bdfc62d6202498bdffceade8e7782085b47d43eea03db67d2be5ce535f496de6cb7635fe44bce2c9a7c6a08aa8ed3d09968f72f3f382ca86fff21ac087ee5092603e155a8cee9b26919116740ea3ffbe0f64737f4d335a9f4ac3f52a099cbfe093d45b8e4849c6f3ffa74ae8d50fc29014d0faeba84c255f52ac423319f12bca16b97e1b9bc6264709758a57ab6f7cafb2074a8bd37fe1895d2d247af962ce4d5579e999ecff72357eb58d9c346a0fba6f99030af89de16659128d2020a630c43e477b7978e9498f39b26f6dc0fe498ebd5987151cea3afb856e14328e324fe177ebadc9aa310551ee6155287cd5f3c0a64bf26707c3bb2397c5492a5439cd1a3c73b0e4f806fa149659b150e7a96a8656863ff7f3b960d209fc11a2eb03725aee0e1c0fc25c80ec704e96d108348b71069929062adb3a9f47be078a0c8db6186edd2d466f22777429013d9a85307e0b0cf61faf6c8843f09833a907363267fa18e7d3e1b3d9c1747710221eb32e39591db2cb6954bec13f6921ec61a18a072a5c8a997f03c369d72627085b808c1d6e54e022dddcf956b8bffcc6f98631f64968c568adf1018c0c232314c46755984ad33330af5a1e8e032039115f6a410fe6eb71072ec3d3214f0e0c7adbdeea633fecf59ec60dab7f893fcb1a66209b6496a09ed6d8b7c6e5dbc7c5e4863c538e124204d26ccbfd6e17c46de4362fed6079d80b8b3105fcfc80abaa172b91085632bb09fbb19f83b1233706db92f509d6f95a523fa4231407e7c1a3e7604fa3738091f777750db63bf70ed856be14012ea9830b87449574ae1acce7c4b63631e352fcd0c5fdf4fe8ff3a9002d4ad560582c077fcc4fc4054633bf361c808f66b82c776cc6841f7a56ed5a457371581114f4df43b10026477878f619bc955eee93ada9cf8e9d01de5a69d930e78039d12e7d9c7a3aafbc781ff859d670d5ad85eff5addc34a5e15b90d6c0285d1e5127362c1f2eb178f911128daa6b21f65f3ce114b7e65caf6af93283fb504f84dcfaa489f96b013a8c23e2890eca12c5d59d4b269deb1aba48994042f8ec30dde8fa90e39c2baebf5c4e32eccd520a18a03fa7c012eb0673def75345a328ca37c1c1dc947a3673649ad912ead596749c814e988452e1675c9e6e1f9d45e5d665928f94eb7c4fb111b603082a585400d38407c1d4e585729f1850a845e0160228f0035c2fc6adb5bdf4ef03264d6a5114f44fe6beb23777cff924e7502fc0d9078401b1962a836c88d0a056c72bf1268bb5d3822b8df859dbdb50e6b0270d93b92314f7027ac705fdbf8942736b06db7cb0b7ec2b73bc29a7380068b82bf2ddb708057008dd81bde87fa2d017e6f247004c8a7053eeda881627ba507bbf96dcd38066573daf51656072d4d068aaf3bbc010ea59097a1c38ee33e2eca275d5b3a8f7cbe6a3ec06991bcbd4a573660db0a83371456416ccdb08ddea515315eea17459a01683412a09da57004661521df4a9123501c98a18fc81101a6252b5f00c9537f5d5391339ba2f138439e7533a6c12b920a1d6f04eac8d1f241acc983c9a30c0f48199d070c6788c04e143eff731a33156360729c26f4541a6024a3d18fd561ecb494110e1eb9ad4011cb8f4173128bb0782539da2087a3f1c9755af82af4a8ce47d0537154cff40896bb3a7fbc3d9fb0667f3d330b50aec4f7cfb839851b0ed18e3e3ab3ffbedac8e3427ee48836d1db031f765a405dd62d6903a6d6a739f11518f5fa79feabe6da02356856c2c3bb21403f10d3dee674edd3ea9999273f5a13f67f573b4cbf55653db3678e6bb512ee7c1948010ac7a675cab65abc32c01cf69ad5492d835c429f067fbce47d500b14ab4de79add964c3998431c191a2d193c6bf0b249b5388b4f293711cd8b5d232831c73243de402c863c732c38418551d5a043e02af0e08db4200e82ea2453a6068b4a484e6f4a57fdf5a846cba3f03750dfab04d9d370a1e6490e7d0a1b58ea4b75f9c22784e79f8f39e629eda7cd3b84ff30e935ec3be8d4736efb9b06633424eb9629aa9a4555ff8cf4bc9aa14c3dd47363ea188fea9f9ef65ba55e4ad45f0c3d7962b12fff51293de63f8c750176edf565c7ad23ce67db99dcc2b83e62962a38d1d47f16bc60f44505a5429254f40b9167ec8032bade08150a9b0751f34ad9d6adba19d6bf3f5cf0c0739569db366aee0af164e092c2d47749267e2c3689c4fcd9c3f2aee6d8e7a6c17929b2b65670878642fdf1e4c49a3f22f357d61b3bbfcc039175d79877b91951946c071bd9e1936f879bd59afd76dd73d30843c4bd652ce2afadda7ebe32c9526c6c026aeda86fc05ce8eb14ba5b630bca26153513876c774d94a1e472470b746d7dd46fd7479e072c5eca751fe32dae1ad0aed25f45a26e34d4fdbd2d2a813df2c53e12727c3e899d35122206a313caf430b5d461a135e500110de305ffc2992d3433acc114a04e88806bdd3f63f4cd27b29e00b1ef132f40e834c7bf3051f4d4ecace631defa8b43284f0bc4f6af7f84617f31055b8bcf9bf7d1e07ed6d7cd4420225fc5d8171060bad8b187239e6ea4fbcb3bb73989656432c2b6bf2bd71d1fcdb81d4ca2b9f652c29d95c1db1c0f173bed6dd797b0975920e465d19784d9bc1b96312f313f233ede342dfdb46d81e0ff221a0955fadb7192627c10c82d382f06c860ba583b750f330a1c1dc4b28637eabc0d7e99f5565b397e384e539f7f25e4542f717f781fc102cd2c349b7e1c41f8dbf797080fd04a0b9ef6fc5c565ae75b5500a80089829825b48b724e3803271718e519fec786d70c7f6920fb4c5a969720ec25414c39bfd382aeca4e0d40a4498d1df8360d63760c670b6d79491dbacf80d985b01ffc642c231d9b339f4d8fda50e10b1c742436dd6ea40a51eb6c1a25adbc0679be76e72ae2707f74327d2b8ff4826b025179c290b929dac40addfb1afd4129ad9f511287002992590799d65d2f4e4784738e76697efd8906e0c151a990e27969fe9c188cdac36de7a21fe00d0ee00a05defa3d149d748aee74e0164adb5985f75fec4051242550871153b65b3c5224b631ff68be1ae303c4862bb0e9a0137e062037534c1e43d28e7592d7fc008fee3e820a94999b44e64eed13894813b4d92a78976c1fa69c6dd9cf2a622b1f1365d4e2393073a373bd3ca0a4702982068d88be236ec3213ac584071681abcc347491b99acd61b8f4f6d5c27bbe78b86565973e3ac1408287ee9a2863ee69a1df1f271f54d162ea51471d709212ceedc25e49a61259480074481e1cdf9cd0fa0f5e3b5fbf88f40ee770410e5fb25f3cb6970c51daf92e6ef98dce913290991aae303cdce039474ec05ae34ddc868344612d4210b6b7c57543f439866423d0db963d05389a94ea6c599945b4e640036cd4b922163fb415c52598285c19dce18592930e5dc41e0208e45027a531206e7988f4dead84c10553dbbe1fd39d679d5778aa2e9e7a5837b1efdb576732ad6d2d2fc12e62c1e8c9c799f853cfcd13ac631c0ad306e929cf9cb7649a12fe302b8bd96ba149f26d3a8fc03770c2d78e2c36019f82de195cedfb708d64042cfbd5da3eb4ecb07a9c9a8eed9075f203739970506d756888465f377ee345f510bf446949e0a8aab77985ed5d9f7f2098a92ab306c125d07d1ed9b2216f9579b276bdbc1f50ab741e920aa3d8357e82b2a93f7d34eda46fc8e66139db72d6ec4c011073a05f5039410c5d65eaf4fa30ddb6d6644f7da2664694256a7f95dfa5a18ad08de10ffc7b20c4765aebcdcbc2e0753486d8d70b9bd9d06d3fa0e9a2065733d923af403260704c1f2c9a3d58c07b8f50bdc00d686c23ed4003dde29ee12547f77fd0e1a9cab70633fb1ed77d77483fbc4e3834a0289fd6863e51876c34e517ee05e8146abf463b4ef4ec3f76eec85a6c7daf909ca0b1b0881d9384bd9b72c02f3fb407bfba32667b31cdfe03f6db28fb65c97c37f7451337de753b7d887b4c874e497be60cd4a8ecfca558b36f573bde57ce1ec2e2da2b1df9ab99402490c12b31408e7f483f40401377a577acfa5d43f231b1094542804bfe9aaef8f9402b61a4e3cb2bdf300868e928769b3adab5a3f092c87ea40aa3f7afac07658c43aba399c29924b4c08f9599b29eb1be417284e0eb1c6ebb0315d25ecb2ddc2b743fb1ea1de528e595073e67cc6e7bd597f14e8854ec1c129ab79adf877e8b3447fed3b1eb031e1e24e86284f716690304f5238dbcd51a435fa1738c94648b63b74bac90075a4bdfdcb49cabd67ae48511c79d8198f7722ede4943324413e4a70e37d3f5718e3d2062b70463dcb3585b030f17a7eae3a639126a176b0c246535a448562a26f7def8df0fdad1d7c90b4b9c28afa4581d82cf36a344a3603f6ab19f82c6b8c27067b44f15badd301c5c18b3bdf72cd0c36d99a52d3cb0a0dba9a4a7d03881a61e6284e1dc0f388f0fa0fb6dda9bb2125833b3259040e7cc6d6babfa1e1eedd03b72361d9091544f2c28fd366e5faa5ae76aa2d29941b60948176435ff2ea43196918d4e0eb8ab9449af8ed4b3bde5d8c255f0cbf7401adaa35bc8d6a864eee7a4255e1ff71c85d481af69eb1e62222f8d6a65b34953e219d6bb0b8dd582049db9513a07d6fc5f5960266cd9ecd2856812f624b04af43c9579813bb9eaeb4dc1cb57e27afd75de6f9cd45f365ff59403d9fb610ea3bae2467a947da3fa8fe88893ad5e4045653642899cad7560978f5fc61f7dce654d2b5843fdf1638b2d97b9c2ddc90a849731e2d72d330b0c0076495f111965d7334d62eeb8ced9e2fdac34907d9fff205e09aea3d285cca23501fedd15a89719bb84740d981c48f428e52ef865085c128ce53f7fdcc3e6d876ed0b931d4d613a893dee8f50b8be619fa038da30a9e312acb95c80f411c279f160563adcd30d9a0d52598c42f0ba3658a0b103a186f934e0689075de357d7999f7b76549300117a6c98c390ef2148eb725bc53412af448e20580cb95fd7d12b66e210b74554fda34c78c368b9bab8bd7f06b90f78b2beeb2c0ab114e182d07733f39dedef29915ddfc5dfbd11c5e0a10e09722f81f4a7127b1f9b07e9973c6884cbea3d70dffb3d2f99acded53f922f19ee9aaa6fc326b1024a63cc90eb8000cc68e2bf1bb124eb6dc44c77f3c6adf027205878073d16a3b0f01bb4abbdef189e78fdbc9900a178b6a2e13d876ce23cd5bf8dcd6f5b772ea924d7f583444f7988002b0c89baca1b5ed25a9317c46ad90385d73486c621b18ba5a4aa80376b68e6f63a674d5d71fc34c9506249be1fafa977fb8bfbdb01dd29c62fa"}, {0xc8, 0x10e, 0x3, "c7163a1cadd5fc20d8549c676a33299b66c0936bf5f5b53644607439110c26f514c336ffec4d972fcbfcacb7e705b398c3630885c8103cc45f4f6971afb2c081c3836c098c6406d924c192f65ae45e3cfee9b69bb17e0c64bc3ac12c406d0187ac699d534188b5bc0c6ff5cb25050fdddee3fb122c5ac13ac73fcca859b1e0cf564726a7a59d277882f9a34dce92e60d6cb8872d26791926b59b6073054b00e88e168b4c828a9638edb66ed9127a3d3909d66f4dcdf4cb"}], 0x1298, 0x4000004}, 0x10) ioctl$SG_GET_ACCESS_COUNT(r0, 0x2289, &(0x7f0000002cc0)) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000002d00)='/dev/vsock\x00', 0x600a80, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000002d40)='/dev/rfkill\x00', 0x1, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000000, 0x24813, r3, 0x0) fdatasync(r0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r2, 0x4008ae48, &(0x7f0000002d80)) r4 = syz_open_dev$vcsa(&(0x7f0000002dc0)='/dev/vcsa#\x00', 0x2edc3d06, 0x640000) openat$cgroup_procs(r2, &(0x7f0000002e00)='cgroup.procs\x00', 0x2, 0x0) ioctl$KDGETKEYCODE(r3, 0x4b4c, &(0x7f0000002e40)={0x2, 0x7}) setsockopt$inet_mreq(r4, 0x0, 0x23, &(0x7f0000002e80)={@loopback=0x7f000001, @multicast1=0xe0000001}, 0x8) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000002ec0)) 09:00:54 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x2, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:54 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0xffffff7f00000000, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 674.993614] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 675.013002] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 675.020715] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 675.027980] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 675.035253] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 675.042518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 675.049782] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000001d 09:00:54 executing program 4 (fault-call:4 fault-nth:30): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:54 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1ff, 0x200) ioctl$SIOCGIFMTU(r1, 0x8921, &(0x7f0000000080)) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x6c, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}, &(0x7f0000000140)=0x100) close(r3) close(r2) 09:00:54 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xfffffff5, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:54 executing program 3: r0 = accept(0xffffffffffffffff, &(0x7f00000006c0)=@ax25, &(0x7f0000000740)=0x80) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000780)={0x0, 0x1f}, &(0x7f00000007c0)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000800)=r1, 0x4) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r3 = request_key(&(0x7f0000000340)='keyring\x00', &(0x7f0000000380)={0x73, 0x79, 0x7a, 0x1}, &(0x7f00000003c0)='dns_resolver\x00', 0xfffffffffffffffc) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='tunl0\x00', 0x10) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r2, 0x84, 0x19, &(0x7f0000000180)={r1, 0xfff}, 0x8) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x1f, 0x2840) add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000300)={0x73, 0x79, 0x7a}, 0x0, 0x0, r3) getsockopt$IP_VS_SO_GET_VERSION(r4, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40) 09:00:54 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x74, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:54 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1300, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 675.211307] FAULT_INJECTION: forcing a failure. [ 675.211307] name failslab, interval 1, probability 0, space 0, times 0 [ 675.222623] CPU: 0 PID: 21927 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 675.229984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 675.239340] Call Trace: [ 675.241938] dump_stack+0x1c9/0x2b4 [ 675.245576] ? dump_stack_print_info.cold.2+0x52/0x52 [ 675.250775] ? kernel_text_address+0x79/0xf0 [ 675.255201] should_fail.cold.4+0xa/0x1a [ 675.259269] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 675.264379] ? graph_lock+0x170/0x170 [ 675.268268] ? save_stack+0x43/0xd0 [ 675.271941] ? kasan_kmalloc+0xc4/0xe0 [ 675.275835] ? find_held_lock+0x36/0x1c0 [ 675.279903] ? __lock_is_held+0xb5/0x140 [ 675.283977] ? check_same_owner+0x340/0x340 [ 675.288301] ? rcu_note_context_switch+0x730/0x730 [ 675.293232] __should_failslab+0x124/0x180 [ 675.297469] should_failslab+0x9/0x14 [ 675.301275] kmem_cache_alloc_node_trace+0x26f/0x770 [ 675.306398] __kmalloc_node_track_caller+0x33/0x70 [ 675.311358] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 675.316117] __alloc_skb+0x155/0x790 [ 675.319833] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 675.325374] ? skb_scrub_packet+0x580/0x580 [ 675.329698] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 675.335234] ? ip_generic_getfrag+0x124/0x2e0 [ 675.339728] ? ip_reply_glue_bits+0xc0/0xc0 [ 675.344050] ? trace_hardirqs_on+0x10/0x10 [ 675.348294] ? raw_getfrag+0x15b/0x220 [ 675.352191] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 675.357211] __ip_append_data.isra.47+0x2248/0x2a90 [ 675.362237] ? raw_destroy+0x30/0x30 [ 675.365961] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 675.371761] ? ipv4_mtu+0x37d/0x590 [ 675.375391] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 675.380840] ? find_held_lock+0x36/0x1c0 [ 675.384913] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 675.390453] ip_append_data.part.48+0xf3/0x180 [ 675.395041] ? raw_destroy+0x30/0x30 [ 675.398755] ip_append_data+0x6d/0x90 [ 675.402555] ? raw_destroy+0x30/0x30 [ 675.406271] raw_sendmsg+0x1db4/0x29c0 [ 675.410171] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 675.415270] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 675.419701] ? find_held_lock+0x36/0x1c0 [ 675.423770] ? lock_downgrade+0x8f0/0x8f0 [ 675.427941] ? lock_release+0xa30/0xa30 [ 675.431916] ? check_same_owner+0x340/0x340 [ 675.436254] ? __check_object_size+0x9d/0x5f2 [ 675.440755] inet_sendmsg+0x1a1/0x690 [ 675.444559] ? ipip_gro_receive+0x100/0x100 [ 675.448883] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 675.454420] ? security_socket_sendmsg+0x94/0xc0 [ 675.459177] ? ipip_gro_receive+0x100/0x100 [ 675.463501] sock_sendmsg+0xd5/0x120 [ 675.467214] __sys_sendto+0x3d7/0x670 [ 675.471016] ? __ia32_sys_getpeername+0xb0/0xb0 [ 675.475755] ? wait_for_completion+0x8d0/0x8d0 [ 675.480341] ? __lock_is_held+0xb5/0x140 [ 675.484414] ? __sb_end_write+0xac/0xe0 [ 675.488404] ? __ia32_sys_read+0xb0/0xb0 [ 675.492472] ? syscall_slow_exit_work+0x500/0x500 [ 675.497316] __x64_sys_sendto+0xe1/0x1a0 [ 675.501376] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 675.506398] do_syscall_64+0x1b9/0x820 [ 675.510283] ? finish_task_switch+0x1d3/0x890 [ 675.514777] ? syscall_return_slowpath+0x5e0/0x5e0 [ 675.519706] ? syscall_return_slowpath+0x31d/0x5e0 [ 675.524639] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 675.530008] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 675.534855] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 675.540042] RIP: 0033:0x455a99 [ 675.543223] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:00:54 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x200000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 675.562777] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 675.570484] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 675.577748] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 675.585014] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 675.592279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 675.599545] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000001e 09:00:54 executing program 7: r0 = socket(0xb, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") r1 = memfd_create(&(0x7f0000000100)='*GPLGPL.vboxnet1\x00', 0x6) unshare(0x2000400) fchmod(r1, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) nanosleep(&(0x7f0000000040)={r2, r3+30000000}, 0x0) 09:00:54 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000040)="295ed277a4200100360070") close(0xffffffffffffffff) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000000)={0x2}) 09:00:54 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:54 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x80ffffff00000000, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:54 executing program 4 (fault-call:4 fault-nth:31): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:54 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffff00000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 675.724410] FAULT_INJECTION: forcing a failure. [ 675.724410] name failslab, interval 1, probability 0, space 0, times 0 [ 675.735876] CPU: 1 PID: 21945 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 675.743240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 675.752589] Call Trace: [ 675.755182] dump_stack+0x1c9/0x2b4 [ 675.758814] ? dump_stack_print_info.cold.2+0x52/0x52 [ 675.764006] ? unwind_get_return_address+0x61/0xa0 [ 675.768939] ? graph_lock+0x170/0x170 [ 675.772752] should_fail.cold.4+0xa/0x1a [ 675.776823] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 675.781930] ? __lock_is_held+0xb5/0x140 [ 675.785997] ? __kmalloc_node_track_caller+0x47/0x70 [ 675.791102] ? graph_lock+0x170/0x170 [ 675.794914] ? find_held_lock+0x36/0x1c0 [ 675.798985] ? __lock_is_held+0xb5/0x140 [ 675.803066] ? check_same_owner+0x340/0x340 [ 675.807400] ? rcu_note_context_switch+0x730/0x730 [ 675.812339] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 675.817624] __should_failslab+0x124/0x180 [ 675.821868] should_failslab+0x9/0x14 [ 675.825678] kmem_cache_alloc_node+0x272/0x780 [ 675.830273] ? __kmalloc_node_track_caller+0x47/0x70 [ 675.835394] __alloc_skb+0x119/0x790 [ 675.839113] ? find_held_lock+0x36/0x1c0 [ 675.843182] ? skb_scrub_packet+0x580/0x580 [ 675.847519] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 675.853065] ? ip_generic_getfrag+0x124/0x2e0 [ 675.857568] ? ip_reply_glue_bits+0xc0/0xc0 [ 675.861905] ? trace_hardirqs_on+0x10/0x10 [ 675.866161] ? raw_getfrag+0x15b/0x220 [ 675.870062] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 675.875091] __ip_append_data.isra.47+0x2248/0x2a90 [ 675.880213] ? preempt_notifier_register+0x200/0x200 [ 675.885327] ? raw_destroy+0x30/0x30 [ 675.889059] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 675.894863] ? __schedule+0x884/0x1ed0 [ 675.898758] ? ipv4_mtu+0x37d/0x590 [ 675.902406] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 675.907872] ? find_held_lock+0x36/0x1c0 [ 675.911971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 675.917520] ip_append_data.part.48+0xf3/0x180 [ 675.922111] ? raw_destroy+0x30/0x30 [ 675.925830] ip_append_data+0x6d/0x90 [ 675.929633] ? raw_destroy+0x30/0x30 [ 675.933357] raw_sendmsg+0x1db4/0x29c0 [ 675.937263] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 675.942376] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 675.946811] ? retint_kernel+0x10/0x10 [ 675.950708] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 675.955727] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 675.960496] ? retint_kernel+0x10/0x10 [ 675.964397] inet_sendmsg+0x1a1/0x690 [ 675.968205] ? ipip_gro_receive+0x100/0x100 [ 675.972539] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 675.978080] ? security_socket_sendmsg+0x94/0xc0 [ 675.982841] ? ipip_gro_receive+0x100/0x100 [ 675.987169] sock_sendmsg+0xd5/0x120 [ 675.990891] __sys_sendto+0x3d7/0x670 [ 675.994704] ? __ia32_sys_getpeername+0xb0/0xb0 [ 675.999377] ? wait_for_completion+0x8d0/0x8d0 [ 676.003973] ? __lock_is_held+0xb5/0x140 [ 676.008051] ? __sb_end_write+0xac/0xe0 [ 676.012038] ? __ia32_sys_read+0xb0/0xb0 [ 676.016103] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 676.021650] __x64_sys_sendto+0xe1/0x1a0 09:00:54 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xfffff000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:55 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xffffff8d, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:55 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xffff000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:55 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 676.025718] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 676.030744] do_syscall_64+0x1b9/0x820 [ 676.034638] ? syscall_slow_exit_work+0x500/0x500 [ 676.039489] ? syscall_return_slowpath+0x5e0/0x5e0 [ 676.044424] ? syscall_return_slowpath+0x31d/0x5e0 [ 676.049365] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 676.054733] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 676.059586] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 676.064775] RIP: 0033:0x455a99 [ 676.067963] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 676.087334] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 676.095031] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 676.102283] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 676.109538] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 676.116791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 676.124043] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000001f 09:00:55 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x5ddc1f5c5c000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:55 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffff9c, 0x84, 0xd, &(0x7f0000000040)=@assoc_value={0x0, 0x1000}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000000c0)={r2, @in6={{0xa, 0x4e24, 0xdd, @mcast2={0xff, 0x2, [], 0x1}}}, 0x5, 0x1c00000, 0x9, 0x7fffffff, 0x3}, &(0x7f0000000180)=0x98) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, &(0x7f0000000000)={0x4, [0x0, 0x0, 0x0, 0x0]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 09:00:55 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x300000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:55 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x40030000000000, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:55 executing program 1: r0 = memfd_create(&(0x7f0000000000)='^md5sum-procuser^+{proceth1\x00', 0x2) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000040)=[{0x3, 0x5}, {0xb, 0xc7}, {0x2, 0x7dd7956c}, {0xc, 0x4}, {0x4, 0x4}, {0x8, 0xbb80}, {0x3, 0x401}, {0x4, 0x4}], 0x8) mmap(&(0x7f000053b000/0x2000)=nil, 0x2000, 0x3, 0x40000002871, 0xffffffffffffffff, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r0, 0x4068aea3, &(0x7f0000000080)={0x7b, 0x0, [0x5, 0x5]}) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000040)="025cc83d6d345f8f760070") r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'veth0_to_bridge\x00', 0x0}) bind$packet(r2, &(0x7f0000000000)={0x11, 0xdcf9be0c0c9a94cc, r3, 0x1, 0x0, 0x6, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}}, 0x14) close(r2) r4 = socket$inet6(0xa, 0x1, 0x0) ioctl(r4, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") mremap(&(0x7f000053b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00000cc000/0x4000)=nil) mmap(&(0x7f0000000000/0xfd8000)=nil, 0xfd8000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 09:00:55 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:55 executing program 7: prctl$intptr(0x1c, 0x3c1) r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x6ad, 0x0) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000040)=[0x0, 0xfffffffffffffffa]) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$RDS_RECVERR(r1, 0x114, 0x5, &(0x7f00000000c0)=0x1, 0x4) getegid() 09:00:55 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x80ffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:55 executing program 4 (fault-call:4 fault-nth:32): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:55 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2000000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:55 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4000000, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:55 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'team_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=@ipv6_newaddr={0x40, 0x14, 0x721, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r1}, [@IFA_ADDRESS={0x14, 0x1}, @IFA_CACHEINFO={0x14, 0x6, {0x4, 0xf77}}]}, 0x40}, 0x1}, 0x0) r2 = accept(r0, &(0x7f00000001c0)=@hci, &(0x7f0000000000)=0x80) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000240)={@empty, @empty, @loopback={0x0, 0x1}, 0x8, 0x7, 0x7, 0x100, 0x0, 0x100221, r1}) 09:00:55 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x3300000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:55 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) r3 = openat$cgroup_procs(r1, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) getsockopt(r0, 0x8, 0x81, &(0x7f0000000180)=""/63, &(0x7f00000001c0)=0x3f) r4 = dup3(r3, r2, 0x0) write$cgroup_pid(r4, &(0x7f0000000140)={[0x30]}, 0x1) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r4, 0xc0045520, &(0x7f00000000c0)=0x5) 09:00:55 executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, &(0x7f0000000000)) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x20000, 0x0) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f00000000c0)={0x0, 0x401}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000180)={r2}, &(0x7f00000001c0)=0x8) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0xb}, 0x1c) ioctl$VHOST_SET_VRING_BASE(r0, 0x4028af11, &(0x7f0000000080)) [ 676.701640] FAULT_INJECTION: forcing a failure. [ 676.701640] name failslab, interval 1, probability 0, space 0, times 0 [ 676.713066] CPU: 1 PID: 21999 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 676.720431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 676.729785] Call Trace: [ 676.732388] dump_stack+0x1c9/0x2b4 [ 676.736031] ? dump_stack_print_info.cold.2+0x52/0x52 [ 676.741237] ? kernel_text_address+0x79/0xf0 [ 676.745662] should_fail.cold.4+0xa/0x1a 09:00:55 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KDSETLED(r2, 0x4b32, 0x8000) dup2(r0, r2) dup2(r2, r1) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 676.749739] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 676.754863] ? graph_lock+0x170/0x170 [ 676.758687] ? save_stack+0x43/0xd0 [ 676.762322] ? kasan_kmalloc+0xc4/0xe0 [ 676.766220] ? find_held_lock+0x36/0x1c0 [ 676.770295] ? __lock_is_held+0xb5/0x140 [ 676.774376] ? check_same_owner+0x340/0x340 [ 676.778710] ? rcu_note_context_switch+0x730/0x730 [ 676.783658] __should_failslab+0x124/0x180 [ 676.787913] should_failslab+0x9/0x14 [ 676.791722] kmem_cache_alloc_node_trace+0x26f/0x770 [ 676.796843] __kmalloc_node_track_caller+0x33/0x70 [ 676.801792] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 676.806560] __alloc_skb+0x155/0x790 [ 676.810275] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 676.815808] ? skb_scrub_packet+0x580/0x580 [ 676.820125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 676.825654] ? ip_generic_getfrag+0x124/0x2e0 [ 676.830134] ? ip_reply_glue_bits+0xc0/0xc0 [ 676.834450] ? trace_hardirqs_on+0x10/0x10 [ 676.838672] ? raw_getfrag+0x15b/0x220 [ 676.842569] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 676.847576] __ip_append_data.isra.47+0x2248/0x2a90 [ 676.852582] ? raw_destroy+0x30/0x30 [ 676.856286] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 676.862072] ? ipv4_mtu+0x37d/0x590 [ 676.865685] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 676.871123] ? find_held_lock+0x36/0x1c0 [ 676.875176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 676.880702] ip_append_data.part.48+0xf3/0x180 [ 676.885271] ? raw_destroy+0x30/0x30 [ 676.888970] ip_append_data+0x6d/0x90 [ 676.892756] ? raw_destroy+0x30/0x30 [ 676.896453] raw_sendmsg+0x1db4/0x29c0 [ 676.900332] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 676.905439] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 676.909857] ? find_held_lock+0x36/0x1c0 [ 676.913912] ? lock_downgrade+0x8f0/0x8f0 [ 676.918047] ? lock_release+0xa30/0xa30 [ 676.922011] ? check_same_owner+0x340/0x340 [ 676.926325] ? __check_object_size+0x9d/0x5f2 [ 676.930818] inet_sendmsg+0x1a1/0x690 [ 676.934604] ? ipip_gro_receive+0x100/0x100 [ 676.938913] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 676.944995] ? security_socket_sendmsg+0x94/0xc0 [ 676.949738] ? ipip_gro_receive+0x100/0x100 [ 676.954054] sock_sendmsg+0xd5/0x120 [ 676.957761] __sys_sendto+0x3d7/0x670 [ 676.961664] ? __ia32_sys_getpeername+0xb0/0xb0 [ 676.966334] ? wait_for_completion+0x8d0/0x8d0 [ 676.970905] ? __lock_is_held+0xb5/0x140 [ 676.974958] ? __sb_end_write+0xac/0xe0 [ 676.978924] ? __ia32_sys_read+0xb0/0xb0 [ 676.982972] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 676.988507] __x64_sys_sendto+0xe1/0x1a0 [ 676.992552] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 676.997554] do_syscall_64+0x1b9/0x820 [ 677.001423] ? syscall_slow_exit_work+0x500/0x500 [ 677.006249] ? syscall_return_slowpath+0x5e0/0x5e0 [ 677.011165] ? syscall_return_slowpath+0x31d/0x5e0 [ 677.016079] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 677.021429] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 677.026267] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 677.031437] RIP: 0033:0x455a99 09:00:56 executing program 1: ioctl(0xffffffffffffffff, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r0 = syz_open_procfs(0x0, &(0x7f0000000380)) getdents(r0, &(0x7f00000003c0)=""/229, 0xe5) getdents(r0, &(0x7f0000000040)=""/202, 0x45a40b78) [ 677.034607] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 677.053857] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 677.061550] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 677.068805] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 677.076058] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 677.083307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 677.091027] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000020 09:00:56 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xc0ffffff, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:56 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6c000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:56 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) r3 = openat$cgroup_procs(r1, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) getsockopt(r0, 0x8, 0x81, &(0x7f0000000180)=""/63, &(0x7f00000001c0)=0x3f) r4 = dup3(r3, r2, 0x0) write$cgroup_pid(r4, &(0x7f0000000140)={[0x30]}, 0x1) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r4, 0xc0045520, &(0x7f00000000c0)=0x5) 09:00:56 executing program 4 (fault-call:4 fault-nth:33): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:56 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x4000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:56 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0xfbffffff, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:56 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) unshare(0x2000400) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") memfd_create(&(0x7f0000000080)='{#GPLvmnet1-bdev\x00', 0x3) r2 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r0, 0x6) connect$inet(r2, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10) getsockopt$inet_int(r2, 0x10d, 0xf, &(0x7f0000000180), &(0x7f0000000040)=0xffd8) 09:00:56 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 677.238319] FAULT_INJECTION: forcing a failure. [ 677.238319] name failslab, interval 1, probability 0, space 0, times 0 [ 677.250057] CPU: 1 PID: 22039 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 677.257421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 677.266772] Call Trace: [ 677.269366] dump_stack+0x1c9/0x2b4 [ 677.273001] ? dump_stack_print_info.cold.2+0x52/0x52 [ 677.278195] ? unwind_get_return_address+0x61/0xa0 [ 677.283131] ? graph_lock+0x170/0x170 [ 677.286938] should_fail.cold.4+0xa/0x1a [ 677.291003] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 677.296109] ? __lock_is_held+0xb5/0x140 [ 677.300170] ? __kmalloc_node_track_caller+0x47/0x70 [ 677.305358] ? graph_lock+0x170/0x170 [ 677.309164] ? find_held_lock+0x36/0x1c0 [ 677.313226] ? __lock_is_held+0xb5/0x140 [ 677.317295] ? check_same_owner+0x340/0x340 [ 677.321616] ? rcu_note_context_switch+0x730/0x730 [ 677.326542] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 677.331822] __should_failslab+0x124/0x180 [ 677.336070] should_failslab+0x9/0x14 [ 677.339877] kmem_cache_alloc_node+0x272/0x780 [ 677.344460] ? __kmalloc_node_track_caller+0x47/0x70 [ 677.349570] __alloc_skb+0x119/0x790 [ 677.353286] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 677.358822] ? skb_scrub_packet+0x580/0x580 [ 677.363150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 677.368684] ? ip_generic_getfrag+0x124/0x2e0 [ 677.373180] ? ip_reply_glue_bits+0xc0/0xc0 [ 677.377505] ? trace_hardirqs_on+0x10/0x10 [ 677.381746] ? raw_getfrag+0x15b/0x220 [ 677.385633] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 677.390655] __ip_append_data.isra.47+0x2248/0x2a90 [ 677.395676] ? raw_destroy+0x30/0x30 [ 677.399411] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 677.405213] ? ipv4_mtu+0x37d/0x590 [ 677.408846] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 677.414294] ? find_held_lock+0x36/0x1c0 [ 677.418366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 677.423907] ip_append_data.part.48+0xf3/0x180 [ 677.428489] ? raw_destroy+0x30/0x30 [ 677.432203] ip_append_data+0x6d/0x90 [ 677.435999] ? raw_destroy+0x30/0x30 [ 677.439716] raw_sendmsg+0x1db4/0x29c0 [ 677.443617] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 677.448717] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 677.453150] ? find_held_lock+0x36/0x1c0 [ 677.457217] ? lock_downgrade+0x8f0/0x8f0 [ 677.461367] ? lock_release+0xa30/0xa30 [ 677.465338] ? check_same_owner+0x340/0x340 [ 677.469661] ? __check_object_size+0x9d/0x5f2 [ 677.474159] inet_sendmsg+0x1a1/0x690 [ 677.477960] ? ipip_gro_receive+0x100/0x100 [ 677.482282] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 677.487824] ? security_socket_sendmsg+0x94/0xc0 [ 677.492580] ? ipip_gro_receive+0x100/0x100 [ 677.496901] sock_sendmsg+0xd5/0x120 [ 677.500619] __sys_sendto+0x3d7/0x670 [ 677.504425] ? __ia32_sys_getpeername+0xb0/0xb0 [ 677.509098] ? wait_for_completion+0x8d0/0x8d0 [ 677.513681] ? __lock_is_held+0xb5/0x140 [ 677.517755] ? __sb_end_write+0xac/0xe0 [ 677.521738] ? __ia32_sys_read+0xb0/0xb0 [ 677.525799] ? syscall_slow_exit_work+0x500/0x500 [ 677.530644] __x64_sys_sendto+0xe1/0x1a0 [ 677.534690] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 677.539691] do_syscall_64+0x1b9/0x820 [ 677.543564] ? finish_task_switch+0x1d3/0x890 [ 677.548043] ? syscall_return_slowpath+0x5e0/0x5e0 [ 677.552954] ? syscall_return_slowpath+0x31d/0x5e0 [ 677.557872] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 677.563222] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 677.568052] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 677.573225] RIP: 0033:0x455a99 09:00:56 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x100000000000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 677.576396] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 677.595626] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 677.603321] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 677.610576] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 677.617827] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 677.625078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 677.632328] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000021 09:00:56 executing program 3: msync(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2) r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) write$binfmt_elf64(r1, &(0x7f0000001380)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000000000000000000000071ef4b80000400000000000000000000000000000000000000000003800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b6060000000000000300000000000000d0170000000000000000000000000000000000000000000000000000000000000000000000000000c67e9b7900000000000000000000000000000002000000000000000000000000000000000000000000"], 0xc9) sendto$inet(r1, &(0x7f0000000280)="a24576bd64c94d53ae2f27d2fd1505cdff04e1226411c0e5457f107e92ada69c269d980697ce40d8c2f1cd9489d3444bcd197ece288dab60194b40b22c9f87b45d4d0bad757bad882ba420126cbe0249b61e04e0f8dfe7b88ce7f2bb36c097a9094f1f230800a306e5b700fdf2", 0x6d, 0x0, &(0x7f0000000000)={0x2, 0x0, @loopback=0x7f000001}, 0x10) sendto$inet(r1, &(0x7f0000000180)="90b9e93d033a7bd55c273f40ffd48e60797c3e1cf1c1b304016b3833b39078dd6a68c5cb7da95e7d8a3e1421cb9ee0c94df3310c6d9f3e1c1a5cbf7edf4c6c7feadfccf58697f9fe78e4275d35b150a770b2d6838964fad99d44aa9e32d5a163597989d52b7bcb31225b9f2dfa87ec2311ddb4c3a9b5dbaf39838d20ca669de8ab4d6f2b7dddc3c3177703fd13b6c88ac38c4b29576a371200e0ac8428e2c40e8b6c102283c9c65b2fe404805b49589fb6f0eeaa41299141f0430e70bed81397dce7677168368893963a930939302c5516ab6b4249c8f8f4379b06e2", 0xdc, 0x20000000, &(0x7f0000000040)={0x2, 0x4e24, @broadcast=0xffffffff}, 0x10) 09:00:56 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:56 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:56 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x4], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:56 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x400300, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:57 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KDSETLED(r2, 0x4b32, 0x8000) dup2(r0, r2) dup2(r2, r1) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 09:00:57 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:57 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x700, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:57 executing program 4 (fault-call:4 fault-nth:34): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:57 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x2, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:57 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0xfffffffb], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:57 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000461fa8)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(ccm(seed))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00004f7000)="649c47ad46390dc86dae79fa409d4d54", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg(r1, &(0x7f0000003dc0)={&(0x7f0000001bc0)=@can={0x1d}, 0x80, &(0x7f0000003cc0)=[{&(0x7f0000001c40)="06", 0x1}, {&(0x7f0000002cc0)="323bb6d8de7ddf1efea719f069a08f887b00b916c06dd1bf80969f9c5d1514", 0x1f}], 0x2, &(0x7f0000003d00)}, 0x0) io_setup(0x9736, &(0x7f0000000140)=0x0) io_submit(r2, 0x1, &(0x7f0000bd9fe0)=[&(0x7f0000617fc0)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f000007d000)="b3b03996ff05abb1e8b1c24b50898d8f", 0x10}]) r3 = dup2(r1, r0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000000)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@remote}}, &(0x7f0000000100)=0xe8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x7fff, 0x8000}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r3, 0x84, 0x5, &(0x7f0000000240)={r5, @in={{0x2, 0x4e21, @rand_addr=0x1}}}, 0x84) setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000180)={r4, 0x1, 0x6, @random="db2c9c91d28a"}, 0x10) 09:00:57 executing program 1: syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0x2, 0x200) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00001ec000)="08077790", 0xffffffffffffff81) r1 = socket$inet(0x2, 0x806, 0x4) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000000)={0x0, 0x8001}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000240)=ANY=[@ANYRES32=r2, @ANYBLOB="060085000e388e969889b26290ab2f8bfc0018528ca9ce69c90e4a347c10635b60b94c891a896b15997e0bdd7a17fb45275d5a08568a8e7c4cde20c69eb4fde0164bc6def72bd40c9737bfc88706519e0f19beffb1a38c3ff02fa5c12ec60117d0fa4850795a43842f443eef25b468aedce1532a2865a7b94585ae1e6b122bc7e8aa6532f12663da84db2d26f251ee97cc045788dcf3f901f5091d673a1964a802668e18b0fec0c13e59c1c30000b14c941326e73414d4a28d544e6432a37499ec1e3abf757fceed7e478fc56272031d171b2a4955ebb412c55a8d07ddf66c445f9a962132e58f5e248118291c78ebb99e93098ff015b7fac7d8c115230106addf66ff7197106de96ba7e783b749f44a384b7081e3e875af6ffe4510b90cc582497213ac22e514c1"], 0x8d) r3 = accept$alg(r1, 0x0, 0x0) io_setup(0x1, &(0x7f0000479000)=0x0) io_submit(r4, 0x1, &(0x7f0000738000)=[&(0x7f0000f73fc0)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f000079a000)="16", 0x1}]) [ 678.010211] FAULT_INJECTION: forcing a failure. [ 678.010211] name failslab, interval 1, probability 0, space 0, times 0 [ 678.021677] CPU: 1 PID: 22082 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 678.029042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 678.038393] Call Trace: [ 678.040986] dump_stack+0x1c9/0x2b4 [ 678.044728] ? dump_stack_print_info.cold.2+0x52/0x52 [ 678.049919] ? kernel_text_address+0x79/0xf0 [ 678.054332] should_fail.cold.4+0xa/0x1a [ 678.058396] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 678.063505] ? graph_lock+0x170/0x170 [ 678.067307] ? save_stack+0x43/0xd0 [ 678.070943] ? kasan_kmalloc+0xc4/0xe0 [ 678.074836] ? find_held_lock+0x36/0x1c0 [ 678.078924] ? __lock_is_held+0xb5/0x140 [ 678.083089] ? check_same_owner+0x340/0x340 [ 678.087410] ? rcu_note_context_switch+0x730/0x730 [ 678.092361] __should_failslab+0x124/0x180 [ 678.096612] should_failslab+0x9/0x14 [ 678.100425] kmem_cache_alloc_node_trace+0x26f/0x770 [ 678.105556] __kmalloc_node_track_caller+0x33/0x70 [ 678.110495] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 678.115249] __alloc_skb+0x155/0x790 [ 678.118953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 678.124485] ? skb_scrub_packet+0x580/0x580 [ 678.128796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 678.134322] ? ip_generic_getfrag+0x124/0x2e0 [ 678.138801] ? ip_reply_glue_bits+0xc0/0xc0 [ 678.143108] ? trace_hardirqs_on+0x10/0x10 [ 678.147328] ? raw_getfrag+0x15b/0x220 [ 678.151200] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 678.156205] __ip_append_data.isra.47+0x2248/0x2a90 [ 678.161215] ? raw_destroy+0x30/0x30 [ 678.164920] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 678.170704] ? ipv4_mtu+0x37d/0x590 [ 678.174319] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 678.179754] ? find_held_lock+0x36/0x1c0 [ 678.183822] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 678.189344] ip_append_data.part.48+0xf3/0x180 [ 678.193910] ? raw_destroy+0x30/0x30 [ 678.197613] ip_append_data+0x6d/0x90 [ 678.201399] ? raw_destroy+0x30/0x30 [ 678.205103] raw_sendmsg+0x1db4/0x29c0 [ 678.208984] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 678.214071] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 678.218479] ? find_held_lock+0x36/0x1c0 [ 678.222532] ? lock_downgrade+0x8f0/0x8f0 [ 678.226663] ? lock_release+0xa30/0xa30 [ 678.230629] ? check_same_owner+0x340/0x340 [ 678.234934] ? __check_object_size+0x9d/0x5f2 [ 678.239418] inet_sendmsg+0x1a1/0x690 [ 678.243206] ? ipip_gro_receive+0x100/0x100 [ 678.247517] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 678.253043] ? security_socket_sendmsg+0x94/0xc0 [ 678.257785] ? ipip_gro_receive+0x100/0x100 [ 678.262093] sock_sendmsg+0xd5/0x120 [ 678.265793] __sys_sendto+0x3d7/0x670 [ 678.269581] ? __ia32_sys_getpeername+0xb0/0xb0 [ 678.274248] ? wait_for_completion+0x8d0/0x8d0 [ 678.278818] ? __lock_is_held+0xb5/0x140 [ 678.282871] ? __sb_end_write+0xac/0xe0 [ 678.286837] ? __ia32_sys_read+0xb0/0xb0 [ 678.290882] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 678.296405] __x64_sys_sendto+0xe1/0x1a0 [ 678.300453] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 678.305457] do_syscall_64+0x1b9/0x820 [ 678.309328] ? finish_task_switch+0x1d3/0x890 [ 678.313810] ? syscall_return_slowpath+0x5e0/0x5e0 [ 678.318723] ? syscall_return_slowpath+0x31d/0x5e0 [ 678.323641] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 678.328992] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 678.333826] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 678.338997] RIP: 0033:0x455a99 [ 678.342171] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:00:57 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xdc05000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 678.361400] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 678.369095] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 678.376348] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 678.383598] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 678.390851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 678.398102] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000022 09:00:57 executing program 4 (fault-call:4 fault-nth:35): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:00:57 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:57 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6c, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 678.491720] FAULT_INJECTION: forcing a failure. [ 678.491720] name failslab, interval 1, probability 0, space 0, times 0 [ 678.503136] CPU: 0 PID: 22094 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 678.510504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 678.519850] Call Trace: [ 678.522438] dump_stack+0x1c9/0x2b4 [ 678.526058] ? dump_stack_print_info.cold.2+0x52/0x52 [ 678.531236] ? unwind_get_return_address+0x61/0xa0 [ 678.536158] ? graph_lock+0x170/0x170 [ 678.539945] should_fail.cold.4+0xa/0x1a [ 678.543992] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 678.549085] ? __lock_is_held+0xb5/0x140 [ 678.553137] ? __kmalloc_node_track_caller+0x47/0x70 [ 678.558223] ? graph_lock+0x170/0x170 [ 678.562022] ? find_held_lock+0x36/0x1c0 [ 678.566070] ? __lock_is_held+0xb5/0x140 [ 678.570122] ? check_same_owner+0x340/0x340 [ 678.574430] ? rcu_note_context_switch+0x730/0x730 [ 678.579342] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 678.584606] __should_failslab+0x124/0x180 [ 678.588846] should_failslab+0x9/0x14 [ 678.592637] kmem_cache_alloc_node+0x272/0x780 [ 678.597207] ? __kmalloc_node_track_caller+0x47/0x70 [ 678.602300] __alloc_skb+0x119/0x790 [ 678.606021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 678.611552] ? skb_scrub_packet+0x580/0x580 [ 678.615860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 678.621383] ? ip_generic_getfrag+0x124/0x2e0 [ 678.625863] ? ip_reply_glue_bits+0xc0/0xc0 [ 678.630169] ? trace_hardirqs_on+0x10/0x10 [ 678.634391] ? raw_getfrag+0x15b/0x220 [ 678.638260] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 678.643262] __ip_append_data.isra.47+0x2248/0x2a90 [ 678.648266] ? raw_destroy+0x30/0x30 [ 678.651969] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 678.657753] ? ipv4_mtu+0x37d/0x590 [ 678.661368] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 678.666814] ? find_held_lock+0x36/0x1c0 [ 678.670867] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 678.676389] ip_append_data.part.48+0xf3/0x180 [ 678.680953] ? raw_destroy+0x30/0x30 [ 678.684655] ip_append_data+0x6d/0x90 [ 678.688440] ? raw_destroy+0x30/0x30 [ 678.692138] raw_sendmsg+0x1db4/0x29c0 [ 678.696024] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 678.701199] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 678.705606] ? find_held_lock+0x36/0x1c0 [ 678.709660] ? lock_downgrade+0x8f0/0x8f0 [ 678.713791] ? lock_release+0xa30/0xa30 [ 678.717751] ? check_same_owner+0x340/0x340 [ 678.722061] ? __check_object_size+0x9d/0x5f2 [ 678.726545] inet_sendmsg+0x1a1/0x690 [ 678.730332] ? ipip_gro_receive+0x100/0x100 [ 678.734649] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 678.740170] ? security_socket_sendmsg+0x94/0xc0 [ 678.744911] ? ipip_gro_receive+0x100/0x100 [ 678.749221] sock_sendmsg+0xd5/0x120 [ 678.752925] __sys_sendto+0x3d7/0x670 [ 678.756713] ? __ia32_sys_getpeername+0xb0/0xb0 [ 678.761370] ? wait_for_completion+0x8d0/0x8d0 [ 678.765937] ? __lock_is_held+0xb5/0x140 [ 678.769991] ? __sb_end_write+0xac/0xe0 [ 678.773961] ? __ia32_sys_read+0xb0/0xb0 [ 678.778012] ? syscall_slow_exit_work+0x500/0x500 [ 678.782843] __x64_sys_sendto+0xe1/0x1a0 [ 678.786889] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 678.791899] do_syscall_64+0x1b9/0x820 [ 678.795856] ? finish_task_switch+0x1d3/0x890 [ 678.800335] ? syscall_return_slowpath+0x5e0/0x5e0 [ 678.805252] ? syscall_return_slowpath+0x31d/0x5e0 [ 678.810180] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 678.815528] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 678.820361] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 678.825534] RIP: 0033:0x455a99 09:00:58 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0xffffff7f00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:58 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x5c5b311ff2, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 678.828708] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 678.847935] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 678.855634] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 678.862884] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 678.870137] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 678.877395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 678.884648] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000023 09:00:58 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:58 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:58 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KDSETLED(r2, 0x4b32, 0x8000) dup2(r0, r2) dup2(r2, r1) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 09:00:58 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x400000000000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:58 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x103000, 0x0) ioctl$KDSKBLED(r1, 0x4b65, 0x7fff) ioctl(r0, 0x4000008912, &(0x7f0000000000)="295ee1311f16f477671070") fcntl$setpipe(r0, 0x407, 0x100) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0xdc, 0x40}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=ANY=[@ANYBLOB="1800000000000000000000000000f90071100c000000000000000000feffff070000000000000000"], &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffff97]}, 0x18) 09:00:58 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x1100, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:58 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x5c5c1fdc5d], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:58 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x500, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:58 executing program 3: ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000100)="295ee1311f16f477671070") r0 = socket$inet6(0xa, 0x3, 0x5) flock(r0, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)) creat(&(0x7f0000000000)='./file0\x00', 0x2) r1 = socket(0xa, 0x1, 0x0) socket$inet6(0xa, 0xa, 0x5) fcntl$setpipe(r0, 0x407, 0xeded) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f00000001c0)={0x2, 'veth1_to_bond\x00'}, 0x18) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f00000000c0)={0x2, 'ip6tnl0\x00'}, 0x18) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000a40)={@dev, @broadcast, 0x0}, &(0x7f0000000a80)=0xc) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000006900)={&(0x7f0000000040)={0x10}, 0xc, &(0x7f00000068c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="17efa96b849aad5b6de43e6308979eba5c602ff59d0752d33863a6f1096a0d9cb69e6bc2e225996b3124c2f3716e572eaeb16e64a69b1aca", @ANYRES16=0x0, @ANYBLOB="000028bd7000fbdbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="4400020040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000008000100", @ANYRES32=0x0, @ANYBLOB="8000020040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004001200000008000600", @ANYRES32=r2, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=0x0], 0xe8}, 0x1, 0x0, 0x0, 0x1}, 0x4004000) 09:00:58 executing program 4 (fault-call:4 fault-nth:36): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) [ 679.166209] QAT: Invalid ioctl [ 679.185623] FAULT_INJECTION: forcing a failure. [ 679.185623] name failslab, interval 1, probability 0, space 0, times 0 [ 679.196985] CPU: 1 PID: 22144 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 679.198173] QAT: Invalid ioctl 09:00:58 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 679.204347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 679.204354] Call Trace: [ 679.204380] dump_stack+0x1c9/0x2b4 [ 679.204404] ? dump_stack_print_info.cold.2+0x52/0x52 [ 679.204437] ? kernel_text_address+0x79/0xf0 [ 679.232739] should_fail.cold.4+0xa/0x1a [ 679.236818] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 679.241940] ? graph_lock+0x170/0x170 [ 679.245764] ? save_stack+0x43/0xd0 [ 679.249396] ? kasan_kmalloc+0xc4/0xe0 [ 679.253296] ? find_held_lock+0x36/0x1c0 [ 679.257371] ? __lock_is_held+0xb5/0x140 [ 679.261449] ? check_same_owner+0x340/0x340 [ 679.265780] ? rcu_note_context_switch+0x730/0x730 [ 679.270724] __should_failslab+0x124/0x180 [ 679.275049] should_failslab+0x9/0x14 [ 679.278853] kmem_cache_alloc_node_trace+0x26f/0x770 [ 679.283968] __kmalloc_node_track_caller+0x33/0x70 [ 679.288899] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 679.293659] __alloc_skb+0x155/0x790 [ 679.297377] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 679.302914] ? skb_scrub_packet+0x580/0x580 [ 679.307241] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 679.312774] ? ip_generic_getfrag+0x124/0x2e0 [ 679.317273] ? ip_reply_glue_bits+0xc0/0xc0 [ 679.321593] ? trace_hardirqs_on+0x10/0x10 [ 679.325836] ? raw_getfrag+0x15b/0x220 [ 679.329726] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 679.334748] __ip_append_data.isra.47+0x2248/0x2a90 [ 679.339770] ? raw_destroy+0x30/0x30 [ 679.343492] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 679.349297] ? ipv4_mtu+0x37d/0x590 [ 679.352927] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 679.358376] ? find_held_lock+0x36/0x1c0 09:00:58 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) accept4$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000300)=0x14, 0x800) r3 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x1ff, 0x4000) setsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f0000000140), 0x4) setsockopt$inet6_IPV6_PKTINFO(r1, 0x29, 0x32, &(0x7f0000000340)={@empty, r2}, 0x14) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x0, 0x0) ioctl$SG_SET_KEEP_ORPHAN(r5, 0x2287, &(0x7f0000000080)=0x80000001) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r4, 0x4008ae48, &(0x7f0000000000)) [ 679.362448] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 679.367992] ip_append_data.part.48+0xf3/0x180 [ 679.372578] ? raw_destroy+0x30/0x30 [ 679.376302] ip_append_data+0x6d/0x90 [ 679.380109] ? raw_destroy+0x30/0x30 [ 679.383827] raw_sendmsg+0x1db4/0x29c0 [ 679.387732] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 679.392837] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 679.397271] ? find_held_lock+0x36/0x1c0 [ 679.401346] ? lock_downgrade+0x8f0/0x8f0 [ 679.405495] ? lock_release+0xa30/0xa30 [ 679.409469] ? check_same_owner+0x340/0x340 [ 679.413791] ? __check_object_size+0x9d/0x5f2 [ 679.418294] inet_sendmsg+0x1a1/0x690 [ 679.422099] ? ipip_gro_receive+0x100/0x100 [ 679.426422] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 679.431959] ? security_socket_sendmsg+0x94/0xc0 [ 679.436720] ? ipip_gro_receive+0x100/0x100 [ 679.441045] sock_sendmsg+0xd5/0x120 [ 679.444764] __sys_sendto+0x3d7/0x670 [ 679.448566] ? __ia32_sys_getpeername+0xb0/0xb0 [ 679.453237] ? wait_for_completion+0x8d0/0x8d0 [ 679.457826] ? __lock_is_held+0xb5/0x140 [ 679.461901] ? __sb_end_write+0xac/0xe0 [ 679.465885] ? __ia32_sys_read+0xb0/0xb0 [ 679.469949] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 679.475490] __x64_sys_sendto+0xe1/0x1a0 [ 679.479553] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 679.484573] do_syscall_64+0x1b9/0x820 [ 679.488460] ? finish_task_switch+0x1d3/0x890 [ 679.492954] ? syscall_return_slowpath+0x5e0/0x5e0 [ 679.497886] ? syscall_return_slowpath+0x31d/0x5e0 [ 679.502821] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 679.508185] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 679.513033] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 679.518218] RIP: 0033:0x455a99 [ 679.521395] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 679.540782] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 679.548490] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 679.555759] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 09:00:58 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:58 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x400300], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:58 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0xfbffffff00000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 679.563032] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 679.570301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 679.577557] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000024 09:00:58 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 679.666993] IPVS: stopping backup sync thread 22163 ... 09:00:58 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6e09000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:58 executing program 4 (fault-call:4 fault-nth:37): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) [ 679.731682] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bond, syncid = 0, id = 0 [ 679.741234] IPVS: stopping backup sync thread 22172 ... 09:00:59 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KDSETLED(r2, 0x4b32, 0x8000) dup2(r0, r2) dup2(r2, r1) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 09:00:59 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x40030000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:59 executing program 1: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x12) ioctl$KVM_SET_MSRS(r0, 0xc008ae88, &(0x7f00000000c0)={0x1, 0x0, [{0xf7e}]}) 09:00:59 executing program 3: pipe2(&(0x7f0000f61000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x1000)=nil, 0x1000, 0x1, 0x32, r1, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r0, 0x4010ae74, &(0x7f0000000100)={0x386, 0x3, 0x8}) ioprio_set$pid(0x0, 0x0, 0x0) write$cgroup_type(r1, &(0x7f0000000180)='threaded\x00', 0x9) r2 = userfaultfd(0x800000000004) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000140)={0x303, 0x33}, 0x4) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000bc8000)={0xaa}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x1c) ioctl$EVIOCGBITSND(r0, 0x80404532, &(0x7f0000000080)=""/79) read(r0, &(0x7f0000000000)=""/126, 0x16) ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000000280)) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000604ffc)) dup2(r0, r2) ioctl$BLKPG(r2, 0x1269, &(0x7f00000003c0)={0x405d, 0x10001, 0xf2, &(0x7f00000002c0)="e1d88e2a506c173ebde4193d9e08d2c9db6e8cf5cda65df1b198c2e051c51159958e9577621e179a1a12421a2bda26c7cddd4954c2feb54069b421e11099ca55344da5b2e495888ff906714f04b2d694327231072bec7426a53aab079aa8681bdfeee2077345ed36738cdbb3e8ce0b1b42df3352ad38a191a7005c9ac8a732d245904ffbfa19fe06daf7afca31b549da104a32e79f58aca5fd2c734d5ec0a4694f11aa8285417ae485b9ea657c4825a40381baaae9475197a97b3f13a4b0138c7be98281435ca5c55468a2c5859c80d209355b1f3376ab15fbee47bb798fb723a9e32171804e67b52e39236ecacb6271005f"}) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f00000001c0)={0x9, {{0x2, 0x4e21}}}, 0x88) 09:00:59 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0xffffff7f, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:59 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xf5ffffff00000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:59 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfdfdffff, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 679.880857] FAULT_INJECTION: forcing a failure. [ 679.880857] name failslab, interval 1, probability 0, space 0, times 0 [ 679.892132] CPU: 1 PID: 22180 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 679.899507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 679.908861] Call Trace: [ 679.911458] dump_stack+0x1c9/0x2b4 [ 679.915103] ? dump_stack_print_info.cold.2+0x52/0x52 [ 679.920299] ? unwind_get_return_address+0x61/0xa0 [ 679.925239] ? graph_lock+0x170/0x170 [ 679.929060] should_fail.cold.4+0xa/0x1a [ 679.933134] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 679.938253] ? __lock_is_held+0xb5/0x140 [ 679.942312] ? __kmalloc_node_track_caller+0x47/0x70 [ 679.947404] ? graph_lock+0x170/0x170 [ 679.951201] ? find_held_lock+0x36/0x1c0 [ 679.955253] ? __lock_is_held+0xb5/0x140 [ 679.959303] ? check_same_owner+0x340/0x340 [ 679.963612] ? rcu_note_context_switch+0x730/0x730 [ 679.968531] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 679.973791] __should_failslab+0x124/0x180 [ 679.978017] should_failslab+0x9/0x14 [ 679.981807] kmem_cache_alloc_node+0x272/0x780 [ 679.986375] ? __kmalloc_node_track_caller+0x47/0x70 [ 679.991466] __alloc_skb+0x119/0x790 [ 679.995162] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 680.000683] ? skb_scrub_packet+0x580/0x580 [ 680.004990] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 680.010512] ? ip_generic_getfrag+0x124/0x2e0 [ 680.014992] ? ip_reply_glue_bits+0xc0/0xc0 [ 680.019305] ? trace_hardirqs_on+0x10/0x10 [ 680.023528] ? raw_getfrag+0x15b/0x220 [ 680.027397] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 680.032398] __ip_append_data.isra.47+0x2248/0x2a90 [ 680.037409] ? raw_destroy+0x30/0x30 [ 680.041119] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 680.046905] ? ipv4_mtu+0x37d/0x590 [ 680.050518] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 680.055952] ? find_held_lock+0x36/0x1c0 [ 680.060007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 680.065536] ip_append_data.part.48+0xf3/0x180 [ 680.070115] ? raw_destroy+0x30/0x30 [ 680.073826] ip_append_data+0x6d/0x90 [ 680.077609] ? raw_destroy+0x30/0x30 [ 680.081312] raw_sendmsg+0x1db4/0x29c0 [ 680.085202] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 680.090290] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 680.094699] ? find_held_lock+0x36/0x1c0 [ 680.098753] ? lock_downgrade+0x8f0/0x8f0 [ 680.102889] ? lock_release+0xa30/0xa30 [ 680.106845] ? check_same_owner+0x340/0x340 [ 680.111162] ? __check_object_size+0x9d/0x5f2 [ 680.115650] inet_sendmsg+0x1a1/0x690 [ 680.119439] ? ipip_gro_receive+0x100/0x100 [ 680.123748] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 680.129278] ? security_socket_sendmsg+0x94/0xc0 [ 680.134023] ? ipip_gro_receive+0x100/0x100 [ 680.138334] sock_sendmsg+0xd5/0x120 [ 680.142038] __sys_sendto+0x3d7/0x670 [ 680.145823] ? __ia32_sys_getpeername+0xb0/0xb0 [ 680.150475] ? wait_for_completion+0x8d0/0x8d0 [ 680.155046] ? __lock_is_held+0xb5/0x140 [ 680.159102] ? __sb_end_write+0xac/0xe0 [ 680.163069] ? __ia32_sys_read+0xb0/0xb0 [ 680.167113] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 680.172639] __x64_sys_sendto+0xe1/0x1a0 [ 680.176685] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 680.181687] do_syscall_64+0x1b9/0x820 [ 680.185565] ? syscall_return_slowpath+0x5e0/0x5e0 [ 680.190486] ? syscall_return_slowpath+0x31d/0x5e0 [ 680.195404] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 680.200760] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 680.205588] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 680.210760] RIP: 0033:0x455a99 09:00:59 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x4000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 680.213927] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 680.233167] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 680.240860] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 680.248114] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 680.255364] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 680.262618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 680.269873] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000025 09:00:59 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) socket$unix(0x1, 0x3, 0x0) sendto$inet(r0, &(0x7f0000762fff), 0xfdc7, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1=0xe000000d}, 0x10) 09:00:59 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x200000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:00:59 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:00:59 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000400)="295ee1311f16f477671070") r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, &(0x7f0000000000)) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000500)={0x0, 0x8000000000001, &(0x7f0000000400)=""/193, &(0x7f0000000280)=""/97, &(0x7f00000001c0)=""/127}) unshare(0x6a000400) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000700)=ANY=[]) msgget$private(0x0, 0x445) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x0, 0x0) r3 = add_key$keyring(&(0x7f0000000600)='keyring\x00', &(0x7f0000000640)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, 0xfffffffffffffff9) r4 = add_key(&(0x7f00000007c0)='asymmetric\x00', &(0x7f0000000800)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000840)="f2fa14417510908ce6668372a5fc37ff7f3f4204c6d1fbd2430cd202d718fb58fd1777252f98e5c2c0c74f53a383a898938374890b3e0931c6e76236f1fe5c8df39e6381255670370fcbdd029ef40540514846bbf31e91", 0x57, 0xffffffffffffffff) ioctl$TIOCGSID(r2, 0x5429, &(0x7f00000008c0)=0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000900)={[], 0x7, 0x40, 0x100000000, 0x3f, 0x9, r5}) keyctl$instantiate_iov(0x14, r3, &(0x7f0000000680)=[{&(0x7f0000000700)="4932068a10de929a110ef8516713f5b46b29bb2d1fdbf177484ede78e323ae80ac64fdd9fc368b2220c39b5a3047f4946697452d9222c5d0f59248b2c0776dfc6ec782e24467be5e09b0dd0c46c84ec6cb785936813ea73e84927479cf8bae543316866682ed579ed96cd99798056765e12096bc9e911623fa58633ed7344cdcb0c8602719fe3ec0d3aa0d2f2e22d45f70acc7e512165f64819a6bb0d6b5e7b62fe76986af174bb0fded91312d4a523990b0aa9933be6e6e61", 0xb9}], 0x1, r4) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000580)={0x0}, &(0x7f00000005c0)=0xc) tkill(r6, 0xa) ioctl$BLKIOOPT(r2, 0x1279, &(0x7f0000000180)) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000540)={0x1, 0x1, &(0x7f0000000040)=""/132, &(0x7f0000000300)=""/238, &(0x7f0000000240)}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f00000006c0)=0x1) r7 = fcntl$getown(r2, 0x9) r8 = semget(0x2, 0x3, 0x82) semctl$IPC_INFO(r8, 0x0, 0x3, &(0x7f0000000580)) sched_setparam(r7, &(0x7f0000000240)=0x3c00000) 09:00:59 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x2000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:59 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x1000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:00:59 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x40000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 680.465439] IPVS: ftp: loaded support on port[0] = 21 09:00:59 executing program 4 (fault-call:4 fault-nth:38): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) [ 680.552498] Unknown ioctl 21545 [ 680.557189] Unknown ioctl -1069018509 [ 680.567447] Unknown ioctl 4729 [ 680.574474] Unknown ioctl 44801 [ 680.587113] FAULT_INJECTION: forcing a failure. [ 680.587113] name failslab, interval 1, probability 0, space 0, times 0 [ 680.598432] CPU: 1 PID: 22224 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 680.605785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 680.615127] Call Trace: [ 680.617716] dump_stack+0x1c9/0x2b4 [ 680.621345] ? dump_stack_print_info.cold.2+0x52/0x52 [ 680.626545] ? kernel_text_address+0x79/0xf0 [ 680.630961] should_fail.cold.4+0xa/0x1a [ 680.635025] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 680.640137] ? graph_lock+0x170/0x170 [ 680.643940] ? save_stack+0x43/0xd0 [ 680.647562] ? kasan_kmalloc+0xc4/0xe0 [ 680.651454] ? find_held_lock+0x36/0x1c0 [ 680.655521] ? __lock_is_held+0xb5/0x140 [ 680.659600] ? check_same_owner+0x340/0x340 [ 680.663926] ? rcu_note_context_switch+0x730/0x730 [ 680.668857] __should_failslab+0x124/0x180 [ 680.673094] should_failslab+0x9/0x14 [ 680.676896] kmem_cache_alloc_node_trace+0x26f/0x770 [ 680.682008] __kmalloc_node_track_caller+0x33/0x70 [ 680.686939] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 680.691696] __alloc_skb+0x155/0x790 [ 680.695409] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 680.700945] ? skb_scrub_packet+0x580/0x580 [ 680.705265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 680.710803] ? ip_generic_getfrag+0x124/0x2e0 [ 680.715299] ? ip_reply_glue_bits+0xc0/0xc0 [ 680.719618] ? trace_hardirqs_on+0x10/0x10 [ 680.723867] ? raw_getfrag+0x15b/0x220 [ 680.727752] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 680.732770] __ip_append_data.isra.47+0x2248/0x2a90 [ 680.737796] ? raw_destroy+0x30/0x30 [ 680.741518] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 680.747329] ? ipv4_mtu+0x37d/0x590 [ 680.750967] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 680.756422] ? find_held_lock+0x36/0x1c0 [ 680.760499] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 680.766039] ip_append_data.part.48+0xf3/0x180 [ 680.770620] ? raw_destroy+0x30/0x30 [ 680.774333] ip_append_data+0x6d/0x90 [ 680.778132] ? raw_destroy+0x30/0x30 [ 680.781848] raw_sendmsg+0x1db4/0x29c0 [ 680.785748] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 680.790860] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 680.795294] ? find_held_lock+0x36/0x1c0 [ 680.799361] ? lock_downgrade+0x8f0/0x8f0 [ 680.803507] ? lock_release+0xa30/0xa30 [ 680.807479] ? check_same_owner+0x340/0x340 [ 680.811799] ? __check_object_size+0x9d/0x5f2 [ 680.816294] inet_sendmsg+0x1a1/0x690 [ 680.820097] ? ipip_gro_receive+0x100/0x100 [ 680.824418] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 680.829955] ? security_socket_sendmsg+0x94/0xc0 [ 680.834706] ? ipip_gro_receive+0x100/0x100 [ 680.839034] sock_sendmsg+0xd5/0x120 [ 680.842748] __sys_sendto+0x3d7/0x670 [ 680.846549] ? __ia32_sys_getpeername+0xb0/0xb0 [ 680.851220] ? wait_for_completion+0x8d0/0x8d0 [ 680.855805] ? __lock_is_held+0xb5/0x140 [ 680.859879] ? __sb_end_write+0xac/0xe0 [ 680.863865] ? __ia32_sys_read+0xb0/0xb0 [ 680.867929] ? syscall_slow_exit_work+0x500/0x500 [ 680.872774] __x64_sys_sendto+0xe1/0x1a0 [ 680.876835] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 680.881848] do_syscall_64+0x1b9/0x820 [ 680.885729] ? finish_task_switch+0x1d3/0x890 [ 680.890223] ? syscall_return_slowpath+0x5e0/0x5e0 [ 680.895240] ? syscall_return_slowpath+0x31d/0x5e0 [ 680.900170] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 680.905539] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 680.910399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 680.915591] RIP: 0033:0x455a99 [ 680.918774] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 680.938149] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 680.946489] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 680.953753] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 680.961009] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 680.968286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 680.975541] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000026 [ 680.991851] Unknown ioctl -1069018509 [ 681.003452] Unknown ioctl 4729 [ 681.012124] Unknown ioctl 1076408081 09:01:00 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KDSETLED(r2, 0x4b32, 0x8000) dup2(r0, r2) dup2(r2, r1) 09:01:00 executing program 1: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x20040, 0x0) ioctl$KVM_GET_TSC_KHZ(r0, 0xaea3) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000040)={{{@in=@broadcast, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@loopback}}, &(0x7f0000000140)=0xe8) r2 = getuid() getresuid(&(0x7f0000000180)=0x0, &(0x7f00000001c0), &(0x7f0000000200)) setresuid(r1, r2, r3) fchdir(r0) readlinkat(r0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=""/114, 0x72) ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f0000000300)) lseek(r0, 0x0, 0x3) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000340)={0x8, 0x8, 0x0, 0x7, 0x5b9}, 0x14) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000380)={0x0, 0xf2, "f7e55439c4a1ee23e5f7f727f9b9aee66cdcb7d7bf5f6d46398e83c4ef7fc7cff529c6260afc17991e9775e1b05244e45d935cb9b373e68223c2f6b2a2364694f9d75f0311c942d3f8ad05939f6391bdc479068472f159f213041f777a9c9405ba116be6ff9c75a0487fdd253fcf967e4916696af72aa068653cf833c4086199aee1de379dffb63b5b7fdbd31d0d5f7bc3055894a84f778124c8331873e994c3a945c4dd80922f334e8c8a1637c61bbc8ea0a0e9b23afec03efd7fd19cac10dbbefaf021462e498f2baf34567121399dc90b1fb1cc465a5af28b179c3c96907cdc4b56981c05ce837c8433878200ef5eb64b"}, &(0x7f0000000480)=0xfa) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f00000004c0)={r4, 0x0, 0x37, "67004da4fb20958b0a68a2f8ca8fb4e794e63a34a98f021c6d4284e32b7eb42c05ca6349102381a65f3110dbeca19632556df32e3576ac"}, 0x3f) getsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000500), &(0x7f0000000540)=0x4) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000580)='/dev/full\x00', 0x10000, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r5, 0x54a2) stat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(r5, &(0x7f00000005c0)='./file0\x00', r2, r6, 0x1900) ioctl$BLKTRACESTART(r0, 0x1274, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000740)=@mangle={'mangle\x00', 0x1f, 0x6, 0x658, 0x450, 0x220, 0x338, 0x0, 0x220, 0x588, 0x588, 0x588, 0x588, 0x588, 0x6, &(0x7f00000006c0), {[{{@uncond, 0x0, 0xf0, 0x130, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x4}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x40, 0x7, @ipv6=@local={0xfe, 0x80, [], 0xaa}, 0x4e22}}}, {{@ipv6={@empty, @loopback={0x0, 0x1}, [0xff000000, 0x0, 0xffffffff, 0xff000000], [0xffffff00, 0xff, 0xffffffff], '\x00', '\x00', {}, {}, 0x0, 0x8, 0x1, 0x29}, 0x0, 0xc8, 0xf0}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00', 0x0, {0x1}}}, {{@uncond, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@eui64={0x28, 'eui64\x00'}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00', 0x0, {0x1}}}, {{@ipv6={@mcast2={0xff, 0x2, [], 0x1}, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0x18}}, [0xff000000, 0xff], [0x0, 0xffffffff, 0xffffffff, 0xffffffff], 'veth1_to_bridge\x00', 'ifb0\x00', {0xff}, {0xff}, 0x29, 0x0, 0x1, 0x1}, 0x0, 0xf0, 0x118, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x9}}]}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x7, 0x3}}}, {{@uncond, 0x0, 0xf0, 0x138, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x1}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@mcast1={0xff, 0x1, [], 0x1}, @ipv4=@multicast1=0xe0000001, 0x18, 0x27, 0x2}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x6b8) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000e00)={{{@in=@rand_addr, @in6}}, {{@in6=@mcast1}, 0x0, @in=@multicast1}}, &(0x7f0000000f00)=0xe8) socketpair(0x6, 0x803, 0x800, &(0x7f0000000f40)) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000001000)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000fc0)={0xffffffff}, 0x111, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000001040)={0x12, 0x10, 0xfa00, {&(0x7f0000000f80), r7, r0}}, 0x18) openat$pfkey(0xffffffffffffff9c, &(0x7f0000001080)='/proc/self/net/pfkey\x00', 0x80500, 0x0) r8 = syz_open_dev$vcsn(&(0x7f00000010c0)='/dev/vcs#\x00', 0x7fffffff, 0x2000) pipe(&(0x7f0000001100)) fchownat(r8, &(0x7f0000001140)='./file0\x00', r2, r6, 0x1400) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000001180)=[@in={0x2, 0x4e20, @rand_addr=0xffff}, @in={0x2, 0x4e23}, @in={0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}, @in={0x2, 0x4e24, @rand_addr=0x1}, @in={0x2, 0x4e21, @loopback=0x7f000001}], 0x50) 09:01:00 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:00 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:00 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0xffffff80, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:00 executing program 4 (fault-call:4 fault-nth:39): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:00 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0xffffff80], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:00 executing program 3: r0 = socket$inet(0x2, 0x200000002, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21}, 0x10) recvmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f00000000c0)=""/239, 0xef}, 0x2) syz_emit_ethernet(0xfdef, &(0x7f00003f3fd5)={@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1=0xe0000001}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) sendto$inet(r0, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000000240)={0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) recvmsg(r0, &(0x7f0000000540)={&(0x7f0000000040)=@llc={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000000400), 0x0, &(0x7f0000000440)=""/209, 0xd1}, 0x0) [ 681.130726] FAULT_INJECTION: forcing a failure. [ 681.130726] name failslab, interval 1, probability 0, space 0, times 0 [ 681.142186] CPU: 0 PID: 22242 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 681.149548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 681.158896] Call Trace: [ 681.161494] dump_stack+0x1c9/0x2b4 [ 681.165138] ? dump_stack_print_info.cold.2+0x52/0x52 [ 681.170333] ? unwind_get_return_address+0x61/0xa0 [ 681.175269] ? graph_lock+0x170/0x170 [ 681.179080] should_fail.cold.4+0xa/0x1a [ 681.183148] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 681.188259] ? __lock_is_held+0xb5/0x140 [ 681.192336] ? __kmalloc_node_track_caller+0x47/0x70 [ 681.197444] ? graph_lock+0x170/0x170 [ 681.201252] ? find_held_lock+0x36/0x1c0 [ 681.205316] ? __lock_is_held+0xb5/0x140 [ 681.209387] ? check_same_owner+0x340/0x340 [ 681.213712] ? rcu_note_context_switch+0x730/0x730 [ 681.218640] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 681.223917] __should_failslab+0x124/0x180 [ 681.228156] should_failslab+0x9/0x14 [ 681.231960] kmem_cache_alloc_node+0x272/0x780 [ 681.236542] ? __kmalloc_node_track_caller+0x47/0x70 [ 681.241654] __alloc_skb+0x119/0x790 [ 681.245366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 681.250905] ? skb_scrub_packet+0x580/0x580 [ 681.255229] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 681.260762] ? ip_generic_getfrag+0x124/0x2e0 [ 681.265256] ? ip_reply_glue_bits+0xc0/0xc0 [ 681.269576] ? trace_hardirqs_on+0x10/0x10 [ 681.273824] ? raw_getfrag+0x15b/0x220 [ 681.277721] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 681.282742] __ip_append_data.isra.47+0x2248/0x2a90 [ 681.287761] ? raw_destroy+0x30/0x30 [ 681.291483] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 681.297284] ? ipv4_mtu+0x37d/0x590 [ 681.300913] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 681.306363] ? find_held_lock+0x36/0x1c0 [ 681.310441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 681.315978] ip_append_data.part.48+0xf3/0x180 [ 681.320558] ? raw_destroy+0x30/0x30 [ 681.324275] ip_append_data+0x6d/0x90 [ 681.328084] ? raw_destroy+0x30/0x30 [ 681.331802] raw_sendmsg+0x1db4/0x29c0 [ 681.335703] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 681.340802] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 681.345236] ? find_held_lock+0x36/0x1c0 [ 681.349304] ? lock_downgrade+0x8f0/0x8f0 [ 681.353456] ? lock_release+0xa30/0xa30 [ 681.357425] ? check_same_owner+0x340/0x340 [ 681.361747] ? __check_object_size+0x9d/0x5f2 [ 681.366247] inet_sendmsg+0x1a1/0x690 [ 681.370055] ? ipip_gro_receive+0x100/0x100 [ 681.374379] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 681.379916] ? security_socket_sendmsg+0x94/0xc0 [ 681.384671] ? ipip_gro_receive+0x100/0x100 [ 681.388990] sock_sendmsg+0xd5/0x120 [ 681.392705] __sys_sendto+0x3d7/0x670 [ 681.396509] ? __ia32_sys_getpeername+0xb0/0xb0 [ 681.401178] ? wait_for_completion+0x8d0/0x8d0 [ 681.405761] ? __lock_is_held+0xb5/0x140 [ 681.409831] ? __sb_end_write+0xac/0xe0 [ 681.413814] ? __ia32_sys_read+0xb0/0xb0 [ 681.417876] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 681.423420] __x64_sys_sendto+0xe1/0x1a0 [ 681.427484] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 681.432502] do_syscall_64+0x1b9/0x820 [ 681.436387] ? finish_task_switch+0x1d3/0x890 [ 681.440882] ? syscall_return_slowpath+0x5e0/0x5e0 [ 681.445809] ? syscall_return_slowpath+0x31d/0x5e0 [ 681.450744] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 681.456110] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 681.460961] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 681.466148] RIP: 0033:0x455a99 [ 681.469327] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 681.488700] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 681.496410] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 681.503673] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 681.510938] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 681.518203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 681.525466] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000027 09:01:00 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6c00000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:00 executing program 4 (fault-call:4 fault-nth:40): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:00 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue0\x00'}) r1 = dup(r0) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000000)=0x200000, 0x4) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x3, 'queue1\x00'}) 09:01:00 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x900000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:00 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0xfffffffb, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:00 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x34000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 681.660553] FAULT_INJECTION: forcing a failure. [ 681.660553] name failslab, interval 1, probability 0, space 0, times 0 [ 681.671915] CPU: 0 PID: 22256 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 681.679281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 681.688635] Call Trace: [ 681.691234] dump_stack+0x1c9/0x2b4 [ 681.694878] ? dump_stack_print_info.cold.2+0x52/0x52 [ 681.700081] ? kernel_text_address+0x79/0xf0 [ 681.704504] should_fail.cold.4+0xa/0x1a [ 681.708576] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 681.713695] ? graph_lock+0x170/0x170 [ 681.717503] ? save_stack+0x43/0xd0 [ 681.721131] ? kasan_kmalloc+0xc4/0xe0 [ 681.725030] ? find_held_lock+0x36/0x1c0 [ 681.729105] ? __lock_is_held+0xb5/0x140 [ 681.733182] ? check_same_owner+0x340/0x340 [ 681.737516] ? rcu_note_context_switch+0x730/0x730 [ 681.742459] __should_failslab+0x124/0x180 [ 681.746706] should_failslab+0x9/0x14 [ 681.750518] kmem_cache_alloc_node_trace+0x26f/0x770 [ 681.755633] __kmalloc_node_track_caller+0x33/0x70 [ 681.760571] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 681.765330] __alloc_skb+0x155/0x790 [ 681.769052] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 681.774590] ? skb_scrub_packet+0x580/0x580 [ 681.778916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 681.784452] ? ip_generic_getfrag+0x124/0x2e0 [ 681.788947] ? ip_reply_glue_bits+0xc0/0xc0 [ 681.793267] ? trace_hardirqs_on+0x10/0x10 [ 681.797508] ? raw_getfrag+0x15b/0x220 [ 681.801393] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 681.806418] __ip_append_data.isra.47+0x2248/0x2a90 [ 681.811445] ? raw_destroy+0x30/0x30 [ 681.815169] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 681.820972] ? ipv4_mtu+0x37d/0x590 [ 681.824614] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 681.830065] ? find_held_lock+0x36/0x1c0 [ 681.834145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 681.839685] ip_append_data.part.48+0xf3/0x180 [ 681.844266] ? raw_destroy+0x30/0x30 [ 681.847983] ip_append_data+0x6d/0x90 [ 681.851798] ? raw_destroy+0x30/0x30 [ 681.855509] raw_sendmsg+0x1db4/0x29c0 [ 681.859409] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 681.864514] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 681.868945] ? find_held_lock+0x36/0x1c0 [ 681.873017] ? lock_downgrade+0x8f0/0x8f0 [ 681.877176] ? lock_release+0xa30/0xa30 [ 681.881148] ? check_same_owner+0x340/0x340 [ 681.885469] ? __check_object_size+0x9d/0x5f2 [ 681.889965] inet_sendmsg+0x1a1/0x690 [ 681.893776] ? ipip_gro_receive+0x100/0x100 [ 681.898100] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 681.903638] ? security_socket_sendmsg+0x94/0xc0 [ 681.908393] ? ipip_gro_receive+0x100/0x100 [ 681.912720] sock_sendmsg+0xd5/0x120 [ 681.916442] __sys_sendto+0x3d7/0x670 [ 681.920253] ? __ia32_sys_getpeername+0xb0/0xb0 [ 681.924926] ? wait_for_completion+0x8d0/0x8d0 [ 681.929511] ? __lock_is_held+0xb5/0x140 [ 681.933582] ? __sb_end_write+0xac/0xe0 [ 681.937565] ? __ia32_sys_read+0xb0/0xb0 [ 681.941627] ? syscall_slow_exit_work+0x500/0x500 [ 681.946475] __x64_sys_sendto+0xe1/0x1a0 [ 681.950538] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 681.955555] do_syscall_64+0x1b9/0x820 [ 681.959437] ? finish_task_switch+0x1d3/0x890 [ 681.963934] ? syscall_return_slowpath+0x5e0/0x5e0 [ 681.968863] ? syscall_return_slowpath+0x31d/0x5e0 [ 681.973796] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 681.979164] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 681.984016] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 681.989201] RIP: 0033:0x455a99 [ 681.992389] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:00 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0xe00000000000000, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:01 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4000000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 682.011764] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 682.019476] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 682.026738] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 682.034006] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 682.041268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 682.048529] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000028 09:01:01 executing program 3: rt_sigtimedwait(&(0x7f00005a1000), &(0x7f0000d31ff0), &(0x7f00007adff0)={0x77359400}, 0x8) r0 = socket$kcm(0x29, 0x2, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="0047fc2f07d82c99240970") r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000005ff7)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000009fe8)={0xfffb, 0x1a, 0x0, 0xffffffffffffffff}) mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x6000) mremap(&(0x7f000053b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00000cc000/0x4000)=nil) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x3fe, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000080)={0xffffffff}, 0x113, 0x1001}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r3, &(0x7f0000000100)={0x1, 0x10, 0xfa00, {&(0x7f0000000040), r4}}, 0x18) mremap(&(0x7f000053c000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f00000cd000/0x2000)=nil) 09:01:01 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x4000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:01 executing program 1: r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$tun(&(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={"6966623000faffffffffffffff00", 0x20100f}) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$TUNSETLINK(r1, 0x400454cd, 0x337) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x101000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r2, 0xc02c5341, &(0x7f0000000100)) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'ifb0\x00\x00\x00\x00\x00\x00\x00!\x00', 0xa201}) ioctl$VT_SETMODE(r2, 0x5602, &(0x7f0000000180)={0x1, 0x8001, 0x0, 0x1}) 09:01:01 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x400000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:01 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:01 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KDSETLED(r2, 0x4b32, 0x8000) dup2(r2, r1) 09:01:01 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7a00000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:01 executing program 4 (fault-call:4 fault-nth:41): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:01 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x48000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:01 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x80ffffff, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:01 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0xfbffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:01 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:01 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KDSETLED(r2, 0x4b32, 0x8000) dup2(r2, r1) [ 682.755494] FAULT_INJECTION: forcing a failure. [ 682.755494] name failslab, interval 1, probability 0, space 0, times 0 [ 682.766818] CPU: 1 PID: 22298 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 682.774177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 682.783530] Call Trace: [ 682.786129] dump_stack+0x1c9/0x2b4 [ 682.789777] ? dump_stack_print_info.cold.2+0x52/0x52 [ 682.794985] ? unwind_get_return_address+0x61/0xa0 [ 682.799921] ? graph_lock+0x170/0x170 [ 682.803732] should_fail.cold.4+0xa/0x1a [ 682.807807] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 682.812924] ? __lock_is_held+0xb5/0x140 [ 682.816988] ? __kmalloc_node_track_caller+0x47/0x70 [ 682.822100] ? graph_lock+0x170/0x170 [ 682.825921] ? find_held_lock+0x36/0x1c0 [ 682.829992] ? __lock_is_held+0xb5/0x140 [ 682.834069] ? check_same_owner+0x340/0x340 [ 682.838402] ? rcu_note_context_switch+0x730/0x730 [ 682.843342] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 682.848625] __should_failslab+0x124/0x180 [ 682.852868] should_failslab+0x9/0x14 [ 682.856676] kmem_cache_alloc_node+0x272/0x780 [ 682.861269] ? __kmalloc_node_track_caller+0x47/0x70 [ 682.866385] __alloc_skb+0x119/0x790 [ 682.870116] ? skb_scrub_packet+0x580/0x580 [ 682.874449] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 682.880693] ? ip_generic_getfrag+0x124/0x2e0 [ 682.885193] ? ip_reply_glue_bits+0xc0/0xc0 [ 682.889518] ? trace_hardirqs_on+0x10/0x10 [ 682.893763] ? raw_getfrag+0x15b/0x220 [ 682.897656] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 682.902682] __ip_append_data.isra.47+0x2248/0x2a90 [ 682.907710] ? raw_destroy+0x30/0x30 [ 682.911444] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 682.917253] ? ipv4_mtu+0x37d/0x590 [ 682.921061] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 682.926517] ? find_held_lock+0x36/0x1c0 [ 682.930595] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 682.936139] ip_append_data.part.48+0xf3/0x180 [ 682.941511] ? raw_destroy+0x30/0x30 [ 682.945228] ip_append_data+0x6d/0x90 [ 682.949027] ? raw_destroy+0x30/0x30 [ 682.952745] raw_sendmsg+0x1db4/0x29c0 [ 682.956647] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 682.962098] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 682.966535] ? find_held_lock+0x36/0x1c0 [ 682.970605] ? lock_downgrade+0x8f0/0x8f0 [ 682.974756] ? lock_release+0xa30/0xa30 [ 682.978730] ? check_same_owner+0x340/0x340 [ 682.983064] ? __check_object_size+0x9d/0x5f2 [ 682.987569] inet_sendmsg+0x1a1/0x690 [ 682.991376] ? ipip_gro_receive+0x100/0x100 [ 682.995713] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 683.001253] ? security_socket_sendmsg+0x94/0xc0 [ 683.006011] ? ipip_gro_receive+0x100/0x100 [ 683.010338] sock_sendmsg+0xd5/0x120 [ 683.014054] __sys_sendto+0x3d7/0x670 [ 683.017864] ? __ia32_sys_getpeername+0xb0/0xb0 [ 683.020509] x86/PAT: syz-executor3:22306 map pfn RAM range req write-combining for [mem 0x1941e6000-0x1941e9fff], got write-back [ 683.022534] ? wait_for_completion+0x8d0/0x8d0 [ 683.022557] ? __lock_is_held+0xb5/0x140 [ 683.022586] ? __sb_end_write+0xac/0xe0 [ 683.022615] ? __ia32_sys_read+0xb0/0xb0 [ 683.050915] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 683.056459] __x64_sys_sendto+0xe1/0x1a0 [ 683.060534] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 683.065554] do_syscall_64+0x1b9/0x820 [ 683.069441] ? finish_task_switch+0x1d3/0x890 [ 683.073940] ? syscall_return_slowpath+0x5e0/0x5e0 [ 683.078878] ? syscall_return_slowpath+0x31d/0x5e0 [ 683.083817] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 683.089186] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 683.094040] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 683.099225] RIP: 0033:0x455a99 [ 683.102410] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 683.121672] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 683.129396] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 683.136678] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 683.143960] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 09:01:02 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:02 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x40000000a07ff) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000040)={{0x2, 0x116}, 'port1\x00', 0x10, 0x100000, 0xffffffff, 0x75717d8, 0x3ff, 0x1000, 0x5, 0x0, 0x6, 0x40}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f0000000280), 0xc5) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000200)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x57, &(0x7f0000000340)}, 0x400000000000) 09:01:02 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x4, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 683.151234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 683.158506] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000029 [ 683.258412] x86/PAT: syz-executor3:22306 map pfn RAM range req write-combining for [mem 0x197ae6000-0x197ae9fff], got write-back 09:01:02 executing program 3: r0 = creat(&(0x7f0000000080)='./file1\x00', 0x2) ioctl$KVM_GET_NR_MMU_PAGES(r0, 0xae45, 0x3) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer2\x00', 0x8400, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) r3 = syz_open_dev$sndseq(&(0x7f0000000140)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$IOC_PR_REGISTER(r2, 0x401870c8, &(0x7f00000000c0)={0x3, 0x1}) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r3, 0xc0a85320, &(0x7f0000068f50)={{0x80}, "706f72ff070000000000000000000000000b000000000000000000001f0000ffffff03000000ef000003ff02000000000012000000000000000000000600", 0xc7, 0x80003}) r4 = socket$kcm(0x29, 0x5, 0x0) ioctl$HDIO_GETGEO(r2, 0x301, &(0x7f0000000040)) ioctl(r4, 0x8912, &(0x7f0000000240)="0047fc2f07d82c99240970") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={r1, 0x6, 0x1, 0x4, &(0x7f0000000100)=[0x0], 0x1}, 0x20) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00004d1ff0)='/dev/sequencer2\x00', 0x1, 0x0) close(r3) close(r5) 09:01:02 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0xfbffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:02 executing program 4 (fault-call:4 fault-nth:42): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:02 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x100, 0x4) sendto$inet6(r0, &(0x7f0000000100)="4d25a87ce3427d96ba89d9e9bfc444032db6444876b48a5e962b719b6b9c643bd3cf746c9e18ff3f3f154ab4ea75c2b535524bb37c2749dfb2683d1d11c992096dc16b0255e2d1282abcdf4479e38f683b8d67a879f8a457860d6a20132387e877eef2344089bee38987838e720f550a8bad537ce073189823adaa4eff65263b4ca6e85a75831470990364da5af6a5d64a959a706e0512be043128a35770db4ed8a80121f8829547a91e7a222cb8bfa51b7dfac01d9dc65e5b3d4925eb4ec82a616f34f38187662dadb3840a2e5faa4173582312bbc2b3b32656c5e62be545095319e1318831aa998d3e8a", 0xeb, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty, 0x100000001}, 0x1c) sendto$inet6(r0, &(0x7f0000000080)="0401000000c000ddb8460900ffb25b4202938207d9fb3780398d5375c5f73f939029298d7535352cd5a1f57590080053c0e3859a2da722a59a7a033b970720a42f2a2bb404e158ccdb0ac538d24c10d6afcc2f2dbd96c3b50000210f518d0000f55d4626", 0x64, 0x4000000, &(0x7f0000000200)={0xa, 0x200000800, 0x20000000005, @local={0xfe, 0x80, [], 0xaa}}, 0x1c) 09:01:02 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa00, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:02 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:02 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KDSETLED(r2, 0x4b32, 0x8000) dup2(r2, r1) 09:01:02 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0xf21f315b5c000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 683.474309] FAULT_INJECTION: forcing a failure. [ 683.474309] name failslab, interval 1, probability 0, space 0, times 0 [ 683.485645] CPU: 0 PID: 22328 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 683.493008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 683.502359] Call Trace: [ 683.504958] dump_stack+0x1c9/0x2b4 [ 683.508598] ? dump_stack_print_info.cold.2+0x52/0x52 [ 683.513801] ? kernel_text_address+0x79/0xf0 [ 683.518232] should_fail.cold.4+0xa/0x1a [ 683.522305] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 683.527424] ? graph_lock+0x170/0x170 [ 683.531234] ? save_stack+0x43/0xd0 [ 683.534873] ? kasan_kmalloc+0xc4/0xe0 [ 683.538766] ? find_held_lock+0x36/0x1c0 [ 683.542836] ? __lock_is_held+0xb5/0x140 [ 683.546920] ? check_same_owner+0x340/0x340 [ 683.551241] ? rcu_note_context_switch+0x730/0x730 [ 683.556160] __should_failslab+0x124/0x180 [ 683.560381] should_failslab+0x9/0x14 [ 683.564165] kmem_cache_alloc_node_trace+0x26f/0x770 [ 683.569261] __kmalloc_node_track_caller+0x33/0x70 [ 683.574177] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 683.578918] __alloc_skb+0x155/0x790 [ 683.582618] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 683.588140] ? skb_scrub_packet+0x580/0x580 [ 683.592449] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 683.597970] ? ip_generic_getfrag+0x124/0x2e0 [ 683.602448] ? ip_reply_glue_bits+0xc0/0xc0 [ 683.606753] ? trace_hardirqs_on+0x10/0x10 [ 683.610987] ? raw_getfrag+0x15b/0x220 [ 683.614860] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 683.619871] __ip_append_data.isra.47+0x2248/0x2a90 [ 683.624880] ? raw_destroy+0x30/0x30 [ 683.628582] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 683.634369] ? ipv4_mtu+0x37d/0x590 [ 683.637983] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 683.643432] ? find_held_lock+0x36/0x1c0 [ 683.647488] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 683.653014] ip_append_data.part.48+0xf3/0x180 [ 683.657584] ? raw_destroy+0x30/0x30 [ 683.661283] ip_append_data+0x6d/0x90 [ 683.665064] ? raw_destroy+0x30/0x30 [ 683.668762] raw_sendmsg+0x1db4/0x29c0 [ 683.672751] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 683.677841] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 683.682253] ? find_held_lock+0x36/0x1c0 [ 683.686303] ? lock_downgrade+0x8f0/0x8f0 [ 683.690447] ? lock_release+0xa30/0xa30 [ 683.694405] ? check_same_owner+0x340/0x340 [ 683.698723] ? __check_object_size+0x9d/0x5f2 [ 683.703210] inet_sendmsg+0x1a1/0x690 [ 683.706997] ? ipip_gro_receive+0x100/0x100 [ 683.711307] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 683.716827] ? security_socket_sendmsg+0x94/0xc0 [ 683.721566] ? ipip_gro_receive+0x100/0x100 [ 683.725873] sock_sendmsg+0xd5/0x120 [ 683.729571] __sys_sendto+0x3d7/0x670 [ 683.733362] ? __ia32_sys_getpeername+0xb0/0xb0 [ 683.738025] ? wait_for_completion+0x8d0/0x8d0 [ 683.742594] ? __lock_is_held+0xb5/0x140 [ 683.746650] ? __sb_end_write+0xac/0xe0 [ 683.750616] ? __ia32_sys_read+0xb0/0xb0 [ 683.754663] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 683.760185] __x64_sys_sendto+0xe1/0x1a0 [ 683.764229] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 683.769232] do_syscall_64+0x1b9/0x820 [ 683.773100] ? finish_task_switch+0x1d3/0x890 [ 683.777580] ? syscall_return_slowpath+0x5e0/0x5e0 [ 683.782491] ? syscall_return_slowpath+0x31d/0x5e0 [ 683.787406] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 683.792756] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 683.797597] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 683.802772] RIP: 0033:0x455a99 [ 683.805940] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:03 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x8dffffff, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:03 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x700000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 683.825180] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 683.832880] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 683.840139] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 683.847398] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 683.854648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 683.861898] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000002a 09:01:03 executing program 1: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='mqueue\x00', 0x0, &(0x7f0000000300)="c912aa38fdf31e5718c86ab5caf7be04221606936a86dbd54bde5caf50e0d928f671b5bb6f7032e800491223ce5e978f4516bb3a65dc532e3c9a01040000fd8dda2ba4f2d47b9a127865badcd1de8273dcffb1705e85ab320916a448cd1fe1634a851550ce8c396afe224ce7c0d4fcbb0b6a18fc36fb4815f89c36af3f") lgetxattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@random={'user.', '\x00'}, &(0x7f0000000200)=""/100, 0x64) 09:01:03 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:03 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0xffffff7f], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:03 executing program 3: bind$inet6(0xffffffffffffffff, &(0x7f0000f13000)={0xa, 0x4e22}, 0x1c) r0 = syz_fuseblk_mount(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x8001, 0x0, 0x0, 0x5, 0x4529c72, 0x4000) write$fuse(r0, &(0x7f0000000080)={0x20, 0x0, 0x3, @fuse_ioctl_out={0x6, 0x80, 0x9, 0x9}}, 0x20) syz_emit_ethernet(0x3e, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffffffffffff82e6b3ba711e62f2260008110000000000000000000000000000000000ff02000000000000000000000000000100004e2200089078"], &(0x7f0000775000)) pwrite64(0xffffffffffffffff, &(0x7f0000000100)="630f6c07a07c41b9c314bd95037e374b8599167120cdb3f5e19733cd7908d1f5934d26ff60edccc8a74d7129485d85f4b2159e4a0b48ad81fce13096ba10559138fbfb530b6155129523d078a696193df70f370eb16bddf3958691816a363b2871623216ef5a7bc1ef94defdf23398b59dcd8963eca6d150ff2650b7d557f1bece8a160be700f50da8bbe0c6d5f202e8a5ef7a688d732f8b70395b81880a7011edbb4238282367fc57885e7cc89bbe04fa82496a17a4a762380ea913c9892499ac33f3ad58c5cfa3cb502bb3837712ba784b432a152ea53b95a040cf29bb61ff85c867803c35c61705b4c9e834cc21e4b6c9c1c1e0f68aab490b458091a85a5d87c5409e7313f11b79927cfa23927e117156adcf88c5d2b1f0d3e09b97a1723c8bd6e25d2d13ec45109fdf7528971622ab42221ee9f7405d171ea491dbfded6f43d6f1641834a7f0444808130d281be0ad00914dfeb4dc6ccf71dc1da8660bd4c1cd1df7c956e56132ae946f9731a9ad5cf97ad1053f1fa5849930d7850de976c9c6b80d7513716b8c017ac9c739fdc9f451a1e51948d5a17124f3ae5d30a5aa625697346874c2edce2bd718637afa959cc6260a3e70436f2c00477b8e17b69f36bf968362cf0cc84b8902df6ecab91e9a94209b3f28975637b5755554440404f520040c4c716fbbc2b7b89f78549606e2596ff07c88b7998ecb4c7d3cb2188de171e379d811014e0222431efa9121cfe1c7bd00b2e5661c7b43f2740bb3b4d75a862a656433ce8c8c3c8af5005f27bb64c90e515248465c0226d0d47f11f5e2cdf5fee911af7e8adb485da9688fec1f2c6dc0f9182a7c7285dc36a993c20c7fef190732ca406da0818d06df9be0b1906dd83f3ec47d4bc6f9667c0e7768263dfa82f9dbbed107c6f3f6c379340a029b8b6711c35622956e4cbc9735da1ccb35c4f0a4ac476f5a6ac4429d9945766d9cba9a6549a0456857735fad414e9ea36cf8cfdd1664b93133030bfd39ae27cd546cbf22822933200cee9c40d736608888a9b09f089c35363f11177c4b48572daaf46f8992807cfcdff51e3941a9e96684c224919813e3840e21ec481418fbb712102bdbfb1e8074395cab360ca71e2acd03d47516c58288316ca7f675ec1e6d2d229eb14093096e642ccd0bb4b1615eac84cc4a4a8619604c10cc0e05a0a0f6acac8eb6dee09b5ac79520c9ee52c3ec74e56c0c330c0945f60502d6593b11d47ed69ce990f89df25d7361289e810e1c3d6650356c52b0c35c65d8dca4a68d8bd2801da1e2d3fe2f1fe597889e76227a45717dcc2af7fd13dab754d0a55df5fd7835563ea36023db2adca05f4600504a2f6ad8912fa085a79a0608cf4473f84bff6672a0e255835eb6cd33e38247979d961a24cd97969b9eac0d6965071133297dd94a96b85071d6a86405c6d97bee018f008ba4f206426aca0acc379cbca47e024be92ecf085752b00f6967d72cce9aedd2a6ae3dcb2a48c0c35f8ba4d7603cc4622370b53f5dd9bfe7e2fd4bbaf022624d27abfeb102c5311be56c840948684105f3bcc6d23db3ee185d494bb7b82ed71e90078ff0e2e95cead93ec37f7393ce3ca26dbf197226c13af777e20cefe82e0401024dc3c6297e9afe5728fea8ca810774a288b4990cc68236ac5bb69b7058c77e07b29251890a674241f12e6241a6b33276e455747099b6edfd63686a75ec923d8808e3cec45cb7e280fb26b1e1b807a91655acec4ca001821746ad9a3646825f4e5fb35d4a51ac90ad178c4a3329fe2be823ba2b0aea69a59e3f24dc69ee6e7ef6de27aadc9aeb019f0b50e98abc2966d544386f9add2ab80e863a5f1176d2280093893a8b56bc0ca316fefa2207adf428d871eb36375c0337c10460e8e675012b0cea769cead7632e45a2e89a16d2d7b92b7aade2ba505426166d6fcc2a65978bd0aa564cd4db607161466fcb3e03f98b250f651c460820e6e5e2aa4196a3b1b83241a1a49369316d6300791c0bcdb6419657322b554ba6b2088a5d554e4e52bf29a215e51d92913b4dfcac481ce77e5de84dec191e2b313093b41bd72613bf6583ee9a6a759b8c4639753ce84b897ccd80a5d52b37bedf81010a43ef47093c1568067048b279dd27bdd4386cb6642442215ee37c2fe9342f23390790a5a7ca55e020ce05c13f394bfc3522559f44ac21570203d4b83a4b489f5c9b18f594ba9575c9e00aa0e6f9fc817f865f77e9730a5516e7f1588a9f8eeaae9c903c2b7a8cbf74109744a0c20b48f52eddc2300cba7b7ec01e01f09d3daa33a4789ba276cac06de478ed8788f1e2baec72171493669427fd075b3e43389e30e15d9de4b13756505726dfa693c5bd461f6fa3ba1366f88f1a618b75667c275423db6a3278b4f2991d64463ab82abb50f29e5a410b1991665503fd7adcdcf3052a8466adef0d4dca374904f869f5b00648e913c9807e7ef5145ca46d126e52285e6bed4c8cc99147ce54c63516087faad4c5f6bcabc5ca021236cbe82638dd59459033346bd7d473e7ede4722a255d867bad43d71eafaa549067bbae3c9db367aa0fe8dccdb40525c6608c9bbb466e513d541f9fab10416215800b22fd40aa1cb5cde2d738d2bdb261399de837b71b35e1c68f68149d47ea7efb00e93e0230245e1c4b4026eae2265b5a09038fa98e93be60a10178ba022f07c2a3a5950e2c42cc63443f1427f0cfb253c468e159379852e80a910c89a941878e83e3dd55c91d2f05e4a5e620516e2c0538efa4ac1f10ef3aad42eca32fa07bd7b49b61ce982a1d1d03f1cddbc3e8b32adf5eec3e2363d068876038151cb3e67e5225de4fd75b48df8dc482b3c0209aa8c5d5da766fcb456938a48d2221c37224a06ce81e92dcff2213487bd467dfe730c95c24733489a26278b1915425c18d061915a3bdda795da2c1023ca19e45be060248f47512f04ff69864aa4d5ada51fd1e6b1dbc51b140845d5cb51316b2aac7fae84abb15e2886b3106195a30a12f9122d2175bf122c5866d5abdf4be15f03f3a39353a38527afd61f7627eece5fb1395554b2e0529acb4f55c97ee84e239a7a99ca2178db2a1434cb74a6a3ed8c00ade63f7cc07d3298f14851ecbfeb9d8cb2e46ef254af8fbf135f05f619e118c2ef5d62d4ee0c4888adc240cac101319685f3c8d4389849d353297586203c0ef0f6822978a6e04c06e4c38988e6574dac624e5ea9c95f6caeb99a02b7a43db82251e2b5202ca92a7b09cb15880bc3e28b95f5896a36f857a5a641f610d3bbce3e5aaa53918795f0e090f67bfdf1e5c0b91fe830a54c42263716c4281bb97b3a2637315b7479e715c3d42252e3c94292f173335749c672576374108227f1629e876b0202127145a73bc9f9ddeedcd188f13034df775e16cd0085e8b0968484f7caced77d7e8a1e26162da2fac67a4b24587af509cb980427dcc53a06dd950996344caa7dc4c334380841a858a081d9f115ef3161b1301e99ab8f7282365b67cb5d8b56d481f4aa91546315cdb4188f96b9631847fbbe29e252a8c55df0fdb18d6bc0df44bb98555e7e17546be4931b514b378497cce23c0edcb0059c241d0ec035da9013ab4bac4fcaf917fc07ce870e1ba15c2d87112bacc55f2895487203716dc55c0262ece8da37e4c31fb25f5efe7c34497e45c7b4ac79569477cdb9205db5db7ddd2e2af0c01f036eef641db315b67394d8c2712e3db95e1d0485000074ecf841b54067966488a80bddd895ffe59b1d3d59456b1b6bceb6d31f103af5b1ea829a70ad2ee3f0f920b9a2da7ae07557ff4e2ede9d9f1d9fac7857c0642f6b064f3cc0ded6bc0c7db2908b4838bfb615d2d1462f22fbbaeb28b34dfbba94c3034300b710c35c7700812b51ce27aa6bbf012eaa88072c4a7763e94dbc727830d00eb7cb384e58e531a87244363f114c08058af0bd86c27993499bfb1fc21f1c0f2176f1583a24c4f01511e25c0fba8b832a3982785acb6b632a0f0e15f8e759ed6914211b8369a44a97afe35659b399f7519e204b0b36bc2d516a594fee5e4ff4fe5dc2152613cb814cd01d6e1506dcb0042a27a68d979f89b916169391d5d5779938c4f57b9ba9378463a51048e28c0ad271abfc38cf4c0aca9e2cb184643e304570ced0db5bfbfcb532c10105fbaed1c2b33fbcef452b07bd48d56c55a506bc895ac298c5b362f1c1ff5c21130710ee49967697412e2f808e34b88caad7471127e4e3c764da2774e506922acd3386034812881527806d0ce931c1d6531f752a967e9d34a63d32782a5ebfb7f7a6d0bbc51873633c6635aa7baf4fd93fd55598a2735fc3e1becabb3b923c7ce9c324fb4083282176d3c04472a7483db3db0816d9fecb8712ec1fce88e7b326958f90ccf5b10fef3575bc4d1fe590d117d72f5ad6a649b8a059b4c381cd4eec5b4fa98779861aa45134e08b86d9042a6ce53ca75017d56342dd528891b51de52aafe186d3b6cfe6211861086019ac1723ba505166e4e498d512f730cdea507c0072d06289b3b6969577d542813cf08a3163b17a4fafe15aadbf642e66acacf32f7b6b8a41622d33c7036cb11ec6845c2197e4092ffee6ee3da5b6c79c6c1d4e8c8062545e712a4ed2c098ee57f426cd108f1e089db8cfa6f928898db69c1c3cb6c8676478b55d3ac3c3cceee0722f23e752ad2ff895e75a1f48d3e83b06f77888e5eb3869f89272bfaca9f36e898de701acc6780bf7a3eb8dedd4417fc4656fe82f8a09457476c2a35d5383b7c69435aed65faf84c0f95e382aa754bf641bcff253df24e5d753d07b29ed0e6f7cdd10fb775edafe7aee54d91635059d692513d4f86856e0e280203eae407c87afcb06cc848d5aaaf4c2434fc56308a8536ff5dacdb1a1ef873fefdf8140489b172a3eda5077cec04bd8ecaa60f91222ae9b15810e13b5a467467ee23d391d348d304ec904e2f4c3166798df704ae114b3e6cd4ebda2c67adbeb1fad79b08165b91d91b2bac0b7d51d51f59acecd5e1129052cc8bf50e0cbcd65aeec142036d69bf861e1bd74f0cf4b5e22fe26b58eee4c93422af840f6c67f2d28884ec9622cf393924fc007031d4dbff74cd7218ef9f0a45b2a97b01e9a841cdb7bfaeacd83319ab87f5d4a2087e2b92d0fe5d57de2678e9bdc7f9224b7f82425b47dc52303ff3d5b9547fc8198459b459f45d528a0abf9b6e420729f6e26ac5528a96aa7acd5a6e8eeed1f4245ac69a30c5e7cc9644ad660966d41831baad407b8fc1282ee393477ccfa288858394fe0399454c205e9f3858e83e7e154daf03a119aec8feb36d907facdb573dd79da994c44c5cac252625aeeba8bc6bb82fc88a14078aafac0db0a77af0f09bb5f74b032a4ba7e6bb6352e14832d5a7b9ba3e77d60114e9b11b336807a39a080ad28035e504296d3738f17ed4d47c652ec8f15265ae7d45562a8c4da0f0160e5ad5d6ade3f0655de3a421022b2245584479c92c7e5c5798310bdb4ea38a04dc75a2b05f3f588a159af7e5180e6c1c2e5d52d8ce0dcc4c5f0118b65fe899f8abaaf42436e98560029fb77c6418080567a2ac84ae2394943a23e930b63ba987e9702022a330ceada6c12459f0868e654c6cc7f1cf06fd2348008707546f60cc65404f91c225040d1e70a0926dbac1f0e6fac09bb0a1692b43ed30afefcdd5ee65c433fc94046a079e9104abdf0631496566daa09478cb15d7a9d693edf7c0536bb8dc63c4e144910fe6ac6b5c83950ee80eb3f444172ed459595f51f8e8c51eda654885e58767233fd3", 0x1000, 0x0) 09:01:03 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x80ffffff00000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:03 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4800, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:03 executing program 1: r0 = dup(0xffffffffffffff9c) setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f0000000080)={{&(0x7f0000000000)=""/8, 0x8}, &(0x7f0000000040), 0x1}, 0x20) syz_emit_ethernet(0x42, &(0x7f0000000200)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @random="ff953462a555", [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xc, 0x0, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, "3a4a7715"}}}}}}, &(0x7f0000000340)) 09:01:03 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4e20, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:03 executing program 4 (fault-call:4 fault-nth:43): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:03 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x1000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:03 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6c00, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:03 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}, 0x7}, 0x1c) sendmmsg(r0, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f00000001c0), 0x0, &(0x7f00000003c0)}}, {{&(0x7f00000004c0)=@in6={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c, &(0x7f0000000680), 0x3ba, &(0x7f0000002000)=ANY=[@ANYBLOB="10d7e31d71618a2a53143c4a87bf0a55"], 0x10}}], 0x2, 0x8000) r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x8, 0x40800) ioctl$TIOCSBRK(r1, 0x5427) 09:01:03 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) syz_open_pts(r0, 0x0) socketpair$inet6_sctp(0xa, 0x1, 0x84, &(0x7f0000000240)) write(r0, &(0x7f0000c34fff), 0xffffff0b) r1 = socket$inet6(0xa, 0x1, 0x0) kexec_load(0x7, 0x1, &(0x7f00000000c0)=[{&(0x7f0000000140)="055dcf915abc2c4df2dbb295987b764278ab3392d0047da41016afa2f0f9e8f2c2dc6712400042376e9697b5f76139d2d5f5db94647b69404ccd8e1e3c35edb85aa88e1d01cdb3787620e9676b1a264b98cdc0bc512855870fc6f5423795de73c61e1330e50535aa6192bc622d8f", 0x6e, 0x2, 0xfffffffffffff5ef}], 0x160000) ioctl(r1, 0x2, &(0x7f0000000080)="295ee1311f16f477671070") r2 = socket$inet(0x10, 0x3, 0xc) sendmsg(r2, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000020707041dfffd946fa2830020200a0009000100001d85680c1baba20400ff7e28000000110affffba16a0aa1c0009b356da5a80d18bec4c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1, 0x5c831, 0xffffffffffffffff, 0x0) 09:01:03 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x200000000000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:03 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:03 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) [ 684.335567] FAULT_INJECTION: forcing a failure. [ 684.335567] name failslab, interval 1, probability 0, space 0, times 0 [ 684.346848] CPU: 1 PID: 22388 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 684.354213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 684.363573] Call Trace: [ 684.366168] dump_stack+0x1c9/0x2b4 [ 684.369810] ? dump_stack_print_info.cold.2+0x52/0x52 [ 684.375006] ? unwind_get_return_address+0x61/0xa0 [ 684.379937] ? graph_lock+0x170/0x170 [ 684.383737] should_fail.cold.4+0xa/0x1a [ 684.387800] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 684.392892] ? __lock_is_held+0xb5/0x140 [ 684.396939] ? __kmalloc_node_track_caller+0x47/0x70 [ 684.402031] ? graph_lock+0x170/0x170 [ 684.405822] ? find_held_lock+0x36/0x1c0 [ 684.409871] ? __lock_is_held+0xb5/0x140 [ 684.413922] ? check_same_owner+0x340/0x340 [ 684.418229] ? rcu_note_context_switch+0x730/0x730 [ 684.423146] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 684.428410] __should_failslab+0x124/0x180 [ 684.432630] should_failslab+0x9/0x14 [ 684.436418] kmem_cache_alloc_node+0x272/0x780 [ 684.440984] ? __kmalloc_node_track_caller+0x47/0x70 [ 684.446076] __alloc_skb+0x119/0x790 [ 684.449777] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 684.455309] ? skb_scrub_packet+0x580/0x580 [ 684.459618] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 684.465140] ? ip_generic_getfrag+0x124/0x2e0 [ 684.469623] ? ip_reply_glue_bits+0xc0/0xc0 [ 684.473929] ? trace_hardirqs_on+0x10/0x10 [ 684.478151] ? raw_getfrag+0x15b/0x220 [ 684.482031] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 684.487038] __ip_append_data.isra.47+0x2248/0x2a90 [ 684.492048] ? raw_destroy+0x30/0x30 [ 684.495753] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 684.501550] ? ipv4_mtu+0x37d/0x590 [ 684.505166] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 684.510601] ? find_held_lock+0x36/0x1c0 [ 684.514655] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 684.520178] ip_append_data.part.48+0xf3/0x180 [ 684.524743] ? raw_destroy+0x30/0x30 [ 684.528440] ip_append_data+0x6d/0x90 [ 684.532222] ? raw_destroy+0x30/0x30 [ 684.535922] raw_sendmsg+0x1db4/0x29c0 [ 684.539801] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 684.544887] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 684.549296] ? find_held_lock+0x36/0x1c0 [ 684.553345] ? lock_downgrade+0x8f0/0x8f0 [ 684.557478] ? lock_release+0xa30/0xa30 [ 684.561433] ? check_same_owner+0x340/0x340 [ 684.565743] ? __check_object_size+0x9d/0x5f2 [ 684.570224] inet_sendmsg+0x1a1/0x690 [ 684.574013] ? ipip_gro_receive+0x100/0x100 [ 684.578325] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 684.583849] ? security_socket_sendmsg+0x94/0xc0 [ 684.588589] ? ipip_gro_receive+0x100/0x100 [ 684.592898] sock_sendmsg+0xd5/0x120 [ 684.596595] __sys_sendto+0x3d7/0x670 [ 684.600392] ? __ia32_sys_getpeername+0xb0/0xb0 [ 684.605050] ? wait_for_completion+0x8d0/0x8d0 [ 684.609619] ? __lock_is_held+0xb5/0x140 [ 684.613674] ? __sb_end_write+0xac/0xe0 [ 684.617640] ? __ia32_sys_read+0xb0/0xb0 [ 684.621689] ? syscall_slow_exit_work+0x500/0x500 [ 684.626518] __x64_sys_sendto+0xe1/0x1a0 [ 684.630562] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 684.635574] do_syscall_64+0x1b9/0x820 [ 684.639445] ? finish_task_switch+0x1d3/0x890 [ 684.643924] ? syscall_return_slowpath+0x5e0/0x5e0 [ 684.648838] ? syscall_return_slowpath+0x31d/0x5e0 [ 684.653754] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 684.659115] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 684.663951] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 684.669124] RIP: 0033:0x455a99 09:01:03 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:03 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x40030000000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:03 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x2], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 684.672296] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 684.691526] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 684.699218] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 684.706468] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 684.713724] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 684.720974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 684.728227] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000002b 09:01:03 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:03 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00003de000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0xaf01, &(0x7f00001e3000)) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x1, 0xa0080) getpeername$inet(r1, &(0x7f0000000040)={0x0, 0x0, @remote}, &(0x7f0000000080)=0x10) r2 = eventfd(0x0) poll(&(0x7f0000e27000)=[{r2}], 0x1, 0x7fffffff) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000857ff8)={0x0, r2}) write$eventfd(r2, &(0x7f0000ceeff8), 0x8) 09:01:03 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4c, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:04 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x2000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:04 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 685.077144] netlink: 20 bytes leftover after parsing attributes in process `syz-executor3'. 09:01:04 executing program 4 (fault-call:4 fault-nth:44): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:04 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x100000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:04 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x48, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:04 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:04 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x34000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:04 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) syz_open_pts(r0, 0x0) socketpair$inet6_sctp(0xa, 0x1, 0x84, &(0x7f0000000240)) write(r0, &(0x7f0000c34fff), 0xffffff0b) r1 = socket$inet6(0xa, 0x1, 0x0) kexec_load(0x7, 0x1, &(0x7f00000000c0)=[{&(0x7f0000000140)="055dcf915abc2c4df2dbb295987b764278ab3392d0047da41016afa2f0f9e8f2c2dc6712400042376e9697b5f76139d2d5f5db94647b69404ccd8e1e3c35edb85aa88e1d01cdb3787620e9676b1a264b98cdc0bc512855870fc6f5423795de73c61e1330e50535aa6192bc622d8f", 0x6e, 0x2, 0xfffffffffffff5ef}], 0x160000) ioctl(r1, 0x2, &(0x7f0000000080)="295ee1311f16f477671070") r2 = socket$inet(0x10, 0x3, 0xc) sendmsg(r2, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000020707041dfffd946fa2830020200a0009000100001d85680c1baba20400ff7e28000000110affffba16a0aa1c0009b356da5a80d18bec4c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1, 0x5c831, 0xffffffffffffffff, 0x0) [ 685.210380] FAULT_INJECTION: forcing a failure. [ 685.210380] name failslab, interval 1, probability 0, space 0, times 0 [ 685.221728] CPU: 0 PID: 22429 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 685.229096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 685.238451] Call Trace: [ 685.241047] dump_stack+0x1c9/0x2b4 [ 685.244694] ? dump_stack_print_info.cold.2+0x52/0x52 [ 685.249894] ? kernel_text_address+0x79/0xf0 [ 685.254318] should_fail.cold.4+0xa/0x1a [ 685.258397] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 685.263519] ? graph_lock+0x170/0x170 [ 685.267331] ? save_stack+0x43/0xd0 [ 685.270962] ? kasan_kmalloc+0xc4/0xe0 [ 685.274861] ? find_held_lock+0x36/0x1c0 [ 685.278932] ? __lock_is_held+0xb5/0x140 [ 685.283004] ? check_same_owner+0x340/0x340 [ 685.287334] ? rcu_note_context_switch+0x730/0x730 [ 685.292267] __should_failslab+0x124/0x180 [ 685.296503] should_failslab+0x9/0x14 [ 685.300303] kmem_cache_alloc_node_trace+0x26f/0x770 [ 685.305435] __kmalloc_node_track_caller+0x33/0x70 [ 685.310383] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 685.315146] __alloc_skb+0x155/0x790 [ 685.318864] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 685.324410] ? skb_scrub_packet+0x580/0x580 [ 685.328747] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 685.334290] ? ip_generic_getfrag+0x124/0x2e0 [ 685.338789] ? ip_reply_glue_bits+0xc0/0xc0 [ 685.343116] ? trace_hardirqs_on+0x10/0x10 [ 685.347358] ? raw_getfrag+0x15b/0x220 [ 685.351270] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 685.356291] __ip_append_data.isra.47+0x2248/0x2a90 [ 685.361313] ? raw_destroy+0x30/0x30 [ 685.365034] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 685.370827] ? ipv4_mtu+0x37d/0x590 [ 685.374441] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 685.379897] ? find_held_lock+0x36/0x1c0 [ 685.383953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 685.389490] ip_append_data.part.48+0xf3/0x180 [ 685.394056] ? raw_destroy+0x30/0x30 [ 685.397757] ip_append_data+0x6d/0x90 [ 685.401541] ? raw_destroy+0x30/0x30 [ 685.405250] raw_sendmsg+0x1db4/0x29c0 [ 685.409130] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 685.414218] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 685.418625] ? find_held_lock+0x36/0x1c0 [ 685.422676] ? lock_downgrade+0x8f0/0x8f0 [ 685.426811] ? lock_release+0xa30/0xa30 [ 685.430767] ? check_same_owner+0x340/0x340 [ 685.435074] ? __check_object_size+0x9d/0x5f2 [ 685.439558] inet_sendmsg+0x1a1/0x690 [ 685.443347] ? ipip_gro_receive+0x100/0x100 [ 685.447654] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 685.453176] ? security_socket_sendmsg+0x94/0xc0 [ 685.457918] ? ipip_gro_receive+0x100/0x100 [ 685.462223] sock_sendmsg+0xd5/0x120 [ 685.465935] __sys_sendto+0x3d7/0x670 [ 685.469720] ? __ia32_sys_getpeername+0xb0/0xb0 [ 685.474381] ? wait_for_completion+0x8d0/0x8d0 [ 685.478952] ? __lock_is_held+0xb5/0x140 [ 685.483006] ? __sb_end_write+0xac/0xe0 [ 685.486979] ? __ia32_sys_read+0xb0/0xb0 [ 685.491029] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 685.496557] __x64_sys_sendto+0xe1/0x1a0 [ 685.500604] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 685.505605] do_syscall_64+0x1b9/0x820 [ 685.509487] ? syscall_slow_exit_work+0x500/0x500 [ 685.514323] ? syscall_return_slowpath+0x5e0/0x5e0 [ 685.519235] ? syscall_return_slowpath+0x31d/0x5e0 [ 685.524152] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 685.529504] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 685.534346] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 685.539520] RIP: 0033:0x455a99 [ 685.542690] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:04 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe00, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 685.561924] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 685.569615] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 685.576868] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 685.584120] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 685.591373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 685.598623] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000002c 09:01:04 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:04 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0xffffff7f00000000, @mcast1={0xff, 0x1, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:04 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x80ffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:04 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:04 executing program 4 (fault-call:4 fault-nth:45): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:04 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x20000000008, &(0x7f0000000040)) r0 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x400, 0x0) ioctl$TCGETS(r0, 0x5401, &(0x7f0000000140)) 09:01:04 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) [ 685.859563] FAULT_INJECTION: forcing a failure. [ 685.859563] name failslab, interval 1, probability 0, space 0, times 0 [ 685.870908] CPU: 0 PID: 22440 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 685.878271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 685.887626] Call Trace: [ 685.890224] dump_stack+0x1c9/0x2b4 [ 685.893874] ? dump_stack_print_info.cold.2+0x52/0x52 [ 685.899080] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 685.903923] ? graph_lock+0x170/0x170 [ 685.907722] should_fail.cold.4+0xa/0x1a [ 685.911778] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 685.916874] ? __lock_is_held+0xb5/0x140 [ 685.920923] ? __kmalloc_node_track_caller+0x47/0x70 [ 685.926015] ? graph_lock+0x170/0x170 [ 685.929820] ? find_held_lock+0x36/0x1c0 [ 685.933877] ? __lock_is_held+0xb5/0x140 [ 685.937939] ? check_same_owner+0x340/0x340 [ 685.942271] ? rcu_note_context_switch+0x730/0x730 [ 685.947188] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 685.952542] __should_failslab+0x124/0x180 [ 685.956770] should_failslab+0x9/0x14 [ 685.960558] kmem_cache_alloc_node+0x272/0x780 [ 685.965127] ? __kmalloc_node_track_caller+0x47/0x70 [ 685.970228] __alloc_skb+0x119/0x790 [ 685.973936] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 685.979470] ? skb_scrub_packet+0x580/0x580 [ 685.983784] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 685.989321] ? ip_generic_getfrag+0x124/0x2e0 [ 685.993807] ? ip_reply_glue_bits+0xc0/0xc0 [ 685.998125] ? trace_hardirqs_on+0x10/0x10 [ 686.002354] ? raw_getfrag+0x15b/0x220 [ 686.006237] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 686.011247] __ip_append_data.isra.47+0x2248/0x2a90 [ 686.016270] ? raw_destroy+0x30/0x30 [ 686.019981] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 686.025775] ? ipv4_mtu+0x37d/0x590 [ 686.029393] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 686.034829] ? find_held_lock+0x36/0x1c0 [ 686.038888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 686.044413] ip_append_data.part.48+0xf3/0x180 [ 686.048984] ? raw_destroy+0x30/0x30 [ 686.052693] ip_append_data+0x6d/0x90 [ 686.056478] ? raw_destroy+0x30/0x30 [ 686.060184] raw_sendmsg+0x1db4/0x29c0 [ 686.064074] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 686.069547] ? find_held_lock+0x36/0x1c0 [ 686.073604] ? lock_downgrade+0x8f0/0x8f0 [ 686.077741] ? lock_release+0xa30/0xa30 [ 686.081708] ? __check_object_size+0x9d/0x5f2 [ 686.086194] inet_sendmsg+0x1a1/0x690 [ 686.089998] ? ipip_gro_receive+0x100/0x100 [ 686.094317] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 686.099841] ? security_socket_sendmsg+0x94/0xc0 [ 686.104599] ? ipip_gro_receive+0x100/0x100 [ 686.109238] sock_sendmsg+0xd5/0x120 [ 686.112941] __sys_sendto+0x3d7/0x670 [ 686.116733] ? __ia32_sys_getpeername+0xb0/0xb0 [ 686.121391] ? wait_for_completion+0x8d0/0x8d0 [ 686.125968] ? __lock_is_held+0xb5/0x140 [ 686.130040] ? __sb_end_write+0xac/0xe0 [ 686.134017] ? __ia32_sys_read+0xb0/0xb0 [ 686.138081] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 686.143608] __x64_sys_sendto+0xe1/0x1a0 [ 686.147657] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 686.152666] do_syscall_64+0x1b9/0x820 [ 686.156542] ? finish_task_switch+0x1d3/0x890 [ 686.161030] ? syscall_return_slowpath+0x5e0/0x5e0 [ 686.165945] ? syscall_return_slowpath+0x31d/0x5e0 [ 686.170864] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 686.176217] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 686.181055] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 686.186228] RIP: 0033:0x455a99 [ 686.189398] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 686.208735] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 686.216432] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 686.223689] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 686.230956] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 686.238209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 686.245482] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000002d 09:01:05 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x18, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:05 executing program 1: r0 = socket(0x40000000002, 0x3, 0x2) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000080)={0x0, 0x2}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000140)={r1, @in={{0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}}}, 0x84) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) socket(0x0, 0x6, 0x1) bind$vsock_stream(r0, &(0x7f0000000100)={0x28, 0x0, 0x0, @host=0x2}, 0x10) delete_module(&(0x7f0000000040)='\x00', 0x200) 09:01:05 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) dup2(r0, r2) dup2(r2, r1) 09:01:05 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6e09, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:05 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:05 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x2000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:05 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff2c, 0x0, @remote={0xfe, 0x80, [], 0xbb}, @local={0xfe, 0x80, [], 0xaa}, {[], @udp={0x0, 0x7, 0x8}}}}}}, &(0x7f0000000040)) r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x5, 0x408002) ioctl$TIOCLINUX3(r0, 0x541c, &(0x7f0000000080)=0x3) 09:01:05 executing program 4 (fault-call:4 fault-nth:46): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:05 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffff0000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:05 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1a, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:05 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x80, &(0x7f0000000000)=ANY=[@ANYBLOB="fcf8efd85f4afe93cf"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0x1, &(0x7f0000009f3d)=""/195, 0x10}, 0x30a) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x3c}, [@ldst={0x3fd, 0x0, 0x5, 0x0, 0x0, 0x0, 0xffffffb0}], {0x95}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195}, 0x48) 09:01:05 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x400300], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:05 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xd00000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:05 executing program 3: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x101000, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffff6e9, 0x0, 0x0, 0xc, 0x10, "c224429e087f84de5a526cdba9772d3def855beddf0bdebaa19433057677cbb1fc2cc79fead56dc3a6d8d492e769b7ab105bb583dc57f9065f35742a609989de", "db089baae27d530cce9fae78d4b53f20b73f63351807d2db9c173adcf242d7a484bbbbe257f4364fcda5bc79bddd6278482d68463d57410cba955e007ad4048d", "f3ea7e21c35e3d24a22e171e323fd99b7ee13cf0f22db655d854a5f952f01927", [0x3]}) perf_event_open(&(0x7f0000001440)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'syz_tun\x00'}, 0x18) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f00000000c0)={0x1, 'veth1_to_bridge\x00'}, 0x18) r2 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x141000) openat$cgroup_type(r2, &(0x7f0000000080)='cgroup.type\x00', 0x2, 0x0) openat$cgroup_type(r2, &(0x7f0000000100)='cgroup.type\x00', 0x2, 0x0) 09:01:05 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0xffffff7f], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:05 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x2, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 686.582679] IPVS: stopping master sync thread 22482 ... [ 686.589782] IPVS: sync thread started: state = MASTER, mcast_ifn = syz_tun, syncid = 0, id = 0 [ 686.593331] FAULT_INJECTION: forcing a failure. [ 686.593331] name failslab, interval 1, probability 0, space 0, times 0 [ 686.609834] CPU: 1 PID: 22478 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 686.616707] IPVS: sync thread started: state = MASTER, mcast_ifn = syz_tun, syncid = 0, id = 0 [ 686.617196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 686.617203] Call Trace: [ 686.617226] dump_stack+0x1c9/0x2b4 [ 686.617250] ? dump_stack_print_info.cold.2+0x52/0x52 [ 686.626200] IPVS: stopping master sync thread 22484 ... [ 686.635343] ? perf_trace_lock_acquire+0xeb/0x9a0 [ 686.635365] ? kernel_text_address+0x79/0xf0 [ 686.635395] should_fail.cold.4+0xa/0x1a [ 686.635418] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 686.670474] ? graph_lock+0x170/0x170 [ 686.674275] ? save_stack+0x43/0xd0 [ 686.677895] ? find_held_lock+0x36/0x1c0 [ 686.681947] ? __lock_is_held+0xb5/0x140 [ 686.686004] ? check_same_owner+0x340/0x340 [ 686.690322] ? lock_downgrade+0x8f0/0x8f0 [ 686.694468] ? rcu_note_context_switch+0x730/0x730 [ 686.699385] __should_failslab+0x124/0x180 [ 686.703610] should_failslab+0x9/0x14 [ 686.707401] kmem_cache_alloc_node_trace+0x26f/0x770 [ 686.712496] __kmalloc_node_track_caller+0x33/0x70 [ 686.717412] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 686.722155] __alloc_skb+0x155/0x790 [ 686.725859] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 686.731381] ? skb_scrub_packet+0x580/0x580 [ 686.735687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 686.741209] ? ip_generic_getfrag+0x124/0x2e0 [ 686.745687] ? ip_reply_glue_bits+0xc0/0xc0 [ 686.749994] ? trace_hardirqs_on+0x10/0x10 [ 686.754223] ? raw_getfrag+0x15b/0x220 [ 686.758093] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 686.763099] __ip_append_data.isra.47+0x2248/0x2a90 [ 686.768101] ? raw_destroy+0x30/0x30 [ 686.771809] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 686.777594] ? ipv4_mtu+0x37d/0x590 [ 686.781207] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 686.786640] ? find_held_lock+0x36/0x1c0 [ 686.790694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 686.796219] ip_append_data.part.48+0xf3/0x180 [ 686.800795] ? raw_destroy+0x30/0x30 [ 686.804494] ip_append_data+0x6d/0x90 [ 686.808275] ? raw_destroy+0x30/0x30 [ 686.811976] raw_sendmsg+0x1db4/0x29c0 [ 686.815858] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 686.820965] ? find_held_lock+0x36/0x1c0 [ 686.825030] ? lock_downgrade+0x8f0/0x8f0 [ 686.829167] ? lock_release+0xa30/0xa30 [ 686.833133] ? __check_object_size+0x9d/0x5f2 [ 686.837615] inet_sendmsg+0x1a1/0x690 [ 686.841407] ? ipip_gro_receive+0x100/0x100 [ 686.845724] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 686.851245] ? security_socket_sendmsg+0x94/0xc0 [ 686.855995] ? ipip_gro_receive+0x100/0x100 [ 686.860310] sock_sendmsg+0xd5/0x120 [ 686.864016] __sys_sendto+0x3d7/0x670 [ 686.867809] ? __ia32_sys_getpeername+0xb0/0xb0 [ 686.872464] ? wait_for_completion+0x8d0/0x8d0 [ 686.877038] ? __lock_is_held+0xb5/0x140 [ 686.881096] ? __sb_end_write+0xac/0xe0 [ 686.885073] ? __ia32_sys_read+0xb0/0xb0 [ 686.889124] ? syscall_slow_exit_work+0x500/0x500 [ 686.893953] __x64_sys_sendto+0xe1/0x1a0 [ 686.897997] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 686.903010] do_syscall_64+0x1b9/0x820 [ 686.906884] ? finish_task_switch+0x1d3/0x890 [ 686.911366] ? syscall_return_slowpath+0x5e0/0x5e0 [ 686.916281] ? syscall_return_slowpath+0x31d/0x5e0 [ 686.921210] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 686.926562] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 686.931396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 686.936569] RIP: 0033:0x455a99 [ 686.939737] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 686.959660] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 686.967360] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 686.974614] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 686.981868] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 686.989124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 686.996378] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000002e 09:01:06 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:06 executing program 1: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)=0x0) r1 = gettid() r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x7, 0x301000) r3 = add_key$user(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={0x73, 0x79, 0x7a, 0x3}, &(0x7f00000001c0)="a6363a5eb5ae0a7216a1c8eba9ed463f5603c0df4079e9b2394990e15e4bbe90604deba6108de1edf569db19ac678c42b15da4fb100c18035086675411a51ad656dfc5bcc76b019872489a13", 0x4c, 0xfffffffffffffffd) keyctl$get_keyring_id(0x0, r3, 0x3) r4 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x8, 0x80000) r5 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom\x00', 0x40000, 0x0) kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, r2, &(0x7f0000000100)={r4, r5, 0xa0e}) 09:01:06 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) dup2(r0, r2) dup2(r2, r1) 09:01:06 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:06 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x7, 0x224c0) 09:01:06 executing program 4 (fault-call:4 fault-nth:47): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:06 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x7, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:06 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:06 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x1000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 687.210705] FAULT_INJECTION: forcing a failure. [ 687.210705] name failslab, interval 1, probability 0, space 0, times 0 [ 687.222069] CPU: 0 PID: 22512 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 687.229438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 687.238789] Call Trace: [ 687.241371] dump_stack+0x1c9/0x2b4 [ 687.244989] ? dump_stack_print_info.cold.2+0x52/0x52 [ 687.250258] ? unwind_get_return_address+0x61/0xa0 [ 687.255175] ? graph_lock+0x170/0x170 [ 687.258975] should_fail.cold.4+0xa/0x1a [ 687.263029] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 687.268121] ? __lock_is_held+0xb5/0x140 [ 687.272173] ? __kmalloc_node_track_caller+0x47/0x70 [ 687.277268] ? graph_lock+0x170/0x170 [ 687.281059] ? find_held_lock+0x36/0x1c0 [ 687.285108] ? __lock_is_held+0xb5/0x140 [ 687.289159] ? check_same_owner+0x340/0x340 [ 687.293464] ? rcu_note_context_switch+0x730/0x730 [ 687.298380] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 687.303643] __should_failslab+0x124/0x180 [ 687.307872] should_failslab+0x9/0x14 [ 687.311655] kmem_cache_alloc_node+0x272/0x780 [ 687.316233] ? __kmalloc_node_track_caller+0x47/0x70 [ 687.321324] __alloc_skb+0x119/0x790 [ 687.325033] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 687.330559] ? skb_scrub_packet+0x580/0x580 [ 687.334865] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 687.340388] ? ip_generic_getfrag+0x124/0x2e0 [ 687.344868] ? ip_reply_glue_bits+0xc0/0xc0 [ 687.349177] ? trace_hardirqs_on+0x10/0x10 [ 687.353409] ? raw_getfrag+0x15b/0x220 [ 687.357284] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 687.362290] __ip_append_data.isra.47+0x2248/0x2a90 [ 687.367296] ? raw_destroy+0x30/0x30 [ 687.371003] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 687.376795] ? ipv4_mtu+0x37d/0x590 [ 687.380406] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 687.385841] ? find_held_lock+0x36/0x1c0 [ 687.389894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 687.395426] ip_append_data.part.48+0xf3/0x180 [ 687.399995] ? raw_destroy+0x30/0x30 [ 687.403698] ip_append_data+0x6d/0x90 [ 687.407487] ? raw_destroy+0x30/0x30 [ 687.411185] raw_sendmsg+0x1db4/0x29c0 [ 687.415066] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 687.420153] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 687.424560] ? find_held_lock+0x36/0x1c0 [ 687.428617] ? lock_downgrade+0x8f0/0x8f0 [ 687.432749] ? lock_release+0xa30/0xa30 [ 687.436706] ? check_same_owner+0x340/0x340 [ 687.441030] ? __check_object_size+0x9d/0x5f2 [ 687.445513] inet_sendmsg+0x1a1/0x690 [ 687.449299] ? ipip_gro_receive+0x100/0x100 [ 687.453606] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 687.459129] ? security_socket_sendmsg+0x94/0xc0 [ 687.463866] ? ipip_gro_receive+0x100/0x100 [ 687.468181] sock_sendmsg+0xd5/0x120 [ 687.471878] __sys_sendto+0x3d7/0x670 [ 687.475666] ? __ia32_sys_getpeername+0xb0/0xb0 [ 687.480329] ? wait_for_completion+0x8d0/0x8d0 [ 687.484899] ? __lock_is_held+0xb5/0x140 [ 687.488953] ? __sb_end_write+0xac/0xe0 [ 687.492920] ? __ia32_sys_read+0xb0/0xb0 [ 687.496961] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 687.502484] __x64_sys_sendto+0xe1/0x1a0 [ 687.506528] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 687.511527] do_syscall_64+0x1b9/0x820 [ 687.515396] ? finish_task_switch+0x1d3/0x890 [ 687.519873] ? syscall_return_slowpath+0x5e0/0x5e0 [ 687.524784] ? syscall_return_slowpath+0x31d/0x5e0 [ 687.529702] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 687.535050] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 687.539892] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 687.545161] RIP: 0033:0x455a99 09:01:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f000001e000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000040)="66b9e70200000f3266b80500000066b94c8d71280f01c164f5b848000f00d0baa00066b87b00000066efb8bc000f00d80f01d1b8e8000f00d83ed952d73e0f08", 0x40}], 0x1, 0x0, &(0x7f00000000c0), 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f00000001c0)="64650f01d10f21c13e0fc71ee4e564260533092e0f083e3636650f1811650f01cf0f20d86635200000000f22d80f0138baf80c66b8d0ffdb8566efbafc0c66b80900000066ef", 0x46}], 0x1, 0x0, &(0x7f0000000300)=[@cr4={0x1, 0x40220}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0x101000, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000840)={{{@in=@broadcast, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f0000000240)=0xe8) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000280)={@mcast2={0xff, 0x2, [], 0x1}, 0x60, r4}) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x400000, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r5, 0xc4c85513, &(0x7f0000000340)={{0x7, 0x6, 0x539, 0x1, 'syz1\x00', 0x7}, 0x0, [0x0, 0xcb, 0x4, 0xa9c, 0x0, 0x6, 0x80000000, 0x1, 0xff, 0x61d, 0x7, 0x8, 0x4, 0xfffffffffffffeff, 0x101, 0x401, 0x5, 0x71, 0x10000, 0x80000001, 0x8, 0x9, 0x0, 0x10001, 0x3, 0x2, 0xb7f0, 0x4, 0x1ff, 0x401, 0x4, 0x3294, 0x4, 0xffffffff, 0xfffffffffffffff9, 0xfffffffffffffe00, 0x9, 0x10000, 0xffffffffffffff81, 0x2, 0x9, 0x2, 0x2, 0x7, 0x9, 0xffffffffffffffff, 0x5, 0x6, 0x6, 0x1000, 0x1, 0x80000000, 0x0, 0xff, 0x0, 0x5ad2, 0x8, 0x1, 0x0, 0xc7d, 0x1, 0x8000, 0xff, 0x51071478, 0x400, 0x7fffffff, 0x2, 0x9, 0xed8, 0x800, 0xb6, 0x8, 0x5, 0x4, 0x7, 0x3, 0x10001, 0xce4, 0x1800000000000, 0x0, 0xfffffffffffffff7, 0x60f, 0x8, 0xe8e, 0x0, 0x200, 0x3, 0x7f, 0x9, 0x2, 0x95, 0xb4, 0x8, 0xfffffffffffffbff, 0x6, 0x400, 0x2, 0x200, 0x8, 0x100000001, 0x5, 0x4, 0x1000, 0x7, 0x600000000, 0x4, 0x6, 0x0, 0x8000, 0x7, 0x4, 0x0, 0x8, 0x7f7, 0x5, 0x401, 0xfffffffffffffffb, 0x1, 0x7, 0x5, 0x9cd, 0xfffffffffffffff8, 0x0, 0x7, 0x10001, 0x9, 0x100, 0x6], {r6, r7+10000000}}) openat$random(0xffffffffffffff9c, &(0x7f0000000100)='/dev/urandom\x00', 0x200000, 0x0) clock_gettime(0x0, &(0x7f0000006240)={0x0, 0x0}) recvmmsg(r5, &(0x7f0000006080)=[{{&(0x7f0000000940)=@can, 0x80, &(0x7f0000000a80)=[{&(0x7f00000009c0)=""/133, 0x85}], 0x1, &(0x7f0000000ac0)=""/14, 0xe, 0x5}, 0x5}, {{&(0x7f0000000b00)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f0000000d80)=[{&(0x7f0000000b80)=""/39, 0x27}, {&(0x7f0000000bc0)=""/4, 0x4}, {&(0x7f0000000c00)=""/157, 0x9d}, {&(0x7f0000000cc0)=""/179, 0xb3}], 0x4, 0x0, 0x0, 0x694}, 0x8}, {{&(0x7f0000000dc0)=@ax25, 0x80, &(0x7f0000000ec0)=[{&(0x7f0000000e40)=""/78, 0x4e}], 0x1, &(0x7f0000000f00)=""/28, 0x1c, 0x2}, 0x20}, {{&(0x7f0000000f40)=@rc, 0x80, &(0x7f0000002040)=[{&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000001fc0)=""/24, 0x18}, {&(0x7f0000002000)=""/55, 0x37}], 0x3, &(0x7f0000002080)=""/44, 0x2c, 0x10001}, 0x9}, {{&(0x7f00000020c0)=@ethernet, 0x80, &(0x7f0000003740)=[{&(0x7f0000002140)=""/136, 0x88}, {&(0x7f0000002200)=""/131, 0x83}, {&(0x7f00000022c0)=""/189, 0xbd}, {&(0x7f0000002380)=""/226, 0xe2}, {&(0x7f0000002480)=""/190, 0xbe}, {&(0x7f0000002540)=""/4096, 0x1000}, {&(0x7f0000003540)=""/168, 0xa8}, {&(0x7f0000003600)=""/163, 0xa3}, {&(0x7f00000036c0)=""/124, 0x7c}], 0x9, &(0x7f0000003800)=""/163, 0xa3, 0x6}, 0x81}, {{&(0x7f00000038c0)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000004cc0)=[{&(0x7f0000003940)}, {&(0x7f0000003980)=""/4096, 0x1000}, {&(0x7f0000004980)=""/176, 0xb0}, {&(0x7f0000004a40)=""/138, 0x8a}, {&(0x7f0000004b00)=""/109, 0x6d}, {&(0x7f0000004b80)=""/121, 0x79}, {&(0x7f0000004c00)=""/41, 0x29}, {&(0x7f0000004c40)=""/76, 0x4c}], 0x8, &(0x7f0000004d40)=""/4096, 0x1000, 0x100000001}}, {{0x0, 0x0, &(0x7f0000005f80)=[{&(0x7f0000005d40)=""/31, 0x1f}, {&(0x7f0000005d80)=""/154, 0x9a}, {&(0x7f0000005e40)=""/85, 0x55}, {&(0x7f0000005ec0)=""/158, 0x9e}], 0x4, &(0x7f0000005fc0)=""/176, 0xb0}, 0x3}], 0x7, 0x40000000, &(0x7f0000006280)={r8, r9+10000000}) [ 687.548330] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 687.567567] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 687.575263] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 687.582524] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 687.589778] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 687.597030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 687.604291] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000002f 09:01:06 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:06 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa00000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:06 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x4], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:06 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x8, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:06 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:06 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x400000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:06 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:06 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x400000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:07 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) dup2(r0, r2) dup2(r2, r1) 09:01:07 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1300, [], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:07 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/ppp\x00', 0x111002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) timerfd_settime(r0, 0x1, &(0x7f0000000180)={{r1, r2+30000000}, {0x77359400}}, &(0x7f00000001c0)) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000000)=0x600210) r3 = gettid() readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000600)=""/145, 0x91}], 0x1) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) ioctl$PPPIOCGMRU(r0, 0x80047453, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d7a, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$loop(&(0x7f0000000280)='/dev/loop#\x00', 0x0, 0x105082) r6 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) pwritev(r6, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r5, 0x4c00, r6) sendfile(r5, r6, &(0x7f00000ddff8), 0x102002f01) ioctl$ASHMEM_GET_SIZE(r4, 0x7704, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x40082404, &(0x7f00000001c0)=0x4) ioctl$LOOP_SET_BLOCK_SIZE(r5, 0x4c09, 0x800) time(&(0x7f0000000040)) bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)={&(0x7f0000000080)='./file0\x00', 0x0, 0x18}, 0x10) sched_rr_get_interval(r3, &(0x7f0000000200)) ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000000)=r6) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000240)={0x3, 'bcsh0\x00'}, 0x18) 09:01:07 executing program 4 (fault-call:4 fault-nth:48): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:07 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4c00000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 687.896253] FAULT_INJECTION: forcing a failure. [ 687.896253] name failslab, interval 1, probability 0, space 0, times 0 [ 687.907528] CPU: 1 PID: 22558 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 687.914885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 687.924225] Call Trace: [ 687.926805] dump_stack+0x1c9/0x2b4 [ 687.930429] ? dump_stack_print_info.cold.2+0x52/0x52 [ 687.935610] ? kernel_text_address+0x79/0xf0 [ 687.940035] should_fail.cold.4+0xa/0x1a [ 687.944112] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 687.949208] ? graph_lock+0x170/0x170 [ 687.952995] ? save_stack+0x43/0xd0 [ 687.956607] ? kasan_kmalloc+0xc4/0xe0 [ 687.960481] ? find_held_lock+0x36/0x1c0 [ 687.964530] ? __lock_is_held+0xb5/0x140 [ 687.968584] ? check_same_owner+0x340/0x340 [ 687.972893] ? rcu_note_context_switch+0x730/0x730 [ 687.977810] __should_failslab+0x124/0x180 [ 687.982035] should_failslab+0x9/0x14 [ 687.985826] kmem_cache_alloc_node_trace+0x26f/0x770 [ 687.990922] __kmalloc_node_track_caller+0x33/0x70 [ 687.995838] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 688.000582] __alloc_skb+0x155/0x790 [ 688.004281] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 688.009803] ? skb_scrub_packet+0x580/0x580 [ 688.014111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 688.019644] ? ip_generic_getfrag+0x124/0x2e0 [ 688.024125] ? ip_reply_glue_bits+0xc0/0xc0 [ 688.028431] ? trace_hardirqs_on+0x10/0x10 [ 688.032656] ? raw_getfrag+0x15b/0x220 [ 688.036529] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 688.041534] __ip_append_data.isra.47+0x2248/0x2a90 [ 688.046540] ? raw_destroy+0x30/0x30 [ 688.050247] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 688.056046] ? ipv4_mtu+0x37d/0x590 [ 688.059659] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 688.065096] ? find_held_lock+0x36/0x1c0 [ 688.069152] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 688.074676] ip_append_data.part.48+0xf3/0x180 [ 688.079245] ? raw_destroy+0x30/0x30 [ 688.082942] ip_append_data+0x6d/0x90 [ 688.086728] ? raw_destroy+0x30/0x30 [ 688.090426] raw_sendmsg+0x1db4/0x29c0 [ 688.094308] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 688.099393] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 688.103801] ? find_held_lock+0x36/0x1c0 [ 688.107867] ? lock_downgrade+0x8f0/0x8f0 [ 688.112010] ? lock_release+0xa30/0xa30 [ 688.115979] ? check_same_owner+0x340/0x340 [ 688.120287] ? __check_object_size+0x9d/0x5f2 [ 688.124770] inet_sendmsg+0x1a1/0x690 [ 688.128560] ? ipip_gro_receive+0x100/0x100 [ 688.132870] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 688.138564] ? security_socket_sendmsg+0x94/0xc0 [ 688.143303] ? ipip_gro_receive+0x100/0x100 [ 688.147608] sock_sendmsg+0xd5/0x120 [ 688.151306] __sys_sendto+0x3d7/0x670 [ 688.155093] ? __ia32_sys_getpeername+0xb0/0xb0 [ 688.159749] ? wait_for_completion+0x8d0/0x8d0 [ 688.164317] ? __lock_is_held+0xb5/0x140 [ 688.168372] ? __sb_end_write+0xac/0xe0 [ 688.172335] ? __ia32_sys_read+0xb0/0xb0 [ 688.176378] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 688.181903] __x64_sys_sendto+0xe1/0x1a0 [ 688.185947] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 688.190949] do_syscall_64+0x1b9/0x820 [ 688.194820] ? finish_task_switch+0x1d3/0x890 [ 688.199300] ? syscall_return_slowpath+0x5e0/0x5e0 [ 688.204225] ? syscall_return_slowpath+0x31d/0x5e0 [ 688.209147] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 688.214496] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 688.219325] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 688.224496] RIP: 0033:0x455a99 [ 688.227667] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:07 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20480, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:07 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)={0xaa}) openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x80, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r5 = socket$inet6_sctp(0xa, 0x8000000000001, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r5, 0x84, 0x8, &(0x7f0000013e95), 0x4) getsockopt$IP_VS_SO_GET_INFO(r5, 0x0, 0x63, &(0x7f00000004c0), &(0x7f0000000500)=0x1e) close(r5) close(r2) [ 688.246898] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 688.254589] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 688.261839] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 688.269093] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 688.276358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 688.283609] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000030 09:01:07 executing program 4 (fault-call:4 fault-nth:49): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:07 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:07 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0xfbffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:07 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:07 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0xffffff80], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:07 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:07 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7a, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:07 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:07 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x5ddc1f5c5c000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:07 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0xf21f315b5c000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 688.534799] FAULT_INJECTION: forcing a failure. [ 688.534799] name failslab, interval 1, probability 0, space 0, times 0 [ 688.546124] CPU: 1 PID: 22587 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 688.553493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 688.562845] Call Trace: [ 688.565440] dump_stack+0x1c9/0x2b4 [ 688.569077] ? dump_stack_print_info.cold.2+0x52/0x52 [ 688.574274] ? unwind_get_return_address+0x61/0xa0 [ 688.579214] ? graph_lock+0x170/0x170 [ 688.583035] should_fail.cold.4+0xa/0x1a [ 688.587108] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 688.592222] ? __lock_is_held+0xb5/0x140 [ 688.596290] ? __kmalloc_node_track_caller+0x47/0x70 [ 688.601399] ? graph_lock+0x170/0x170 [ 688.605210] ? find_held_lock+0x36/0x1c0 [ 688.609285] ? __lock_is_held+0xb5/0x140 [ 688.613357] ? check_same_owner+0x340/0x340 [ 688.617677] ? rcu_note_context_switch+0x730/0x730 [ 688.622623] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 688.627902] __should_failslab+0x124/0x180 09:01:07 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x96e, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 688.632140] should_failslab+0x9/0x14 [ 688.635942] kmem_cache_alloc_node+0x272/0x780 [ 688.640529] ? __kmalloc_node_track_caller+0x47/0x70 [ 688.645643] __alloc_skb+0x119/0x790 [ 688.649364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 688.654910] ? skb_scrub_packet+0x580/0x580 [ 688.659246] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 688.664788] ? ip_generic_getfrag+0x124/0x2e0 [ 688.669294] ? ip_reply_glue_bits+0xc0/0xc0 [ 688.673628] ? trace_hardirqs_on+0x10/0x10 [ 688.677873] ? raw_getfrag+0x15b/0x220 [ 688.681766] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 688.686787] __ip_append_data.isra.47+0x2248/0x2a90 [ 688.691814] ? raw_destroy+0x30/0x30 [ 688.695545] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 688.701376] ? ipv4_mtu+0x37d/0x590 [ 688.705024] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 688.710485] ? find_held_lock+0x36/0x1c0 [ 688.714565] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 688.720109] ip_append_data.part.48+0xf3/0x180 [ 688.724692] ? raw_destroy+0x30/0x30 [ 688.728408] ip_append_data+0x6d/0x90 [ 688.732206] ? raw_destroy+0x30/0x30 [ 688.735924] raw_sendmsg+0x1db4/0x29c0 [ 688.739823] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 688.744925] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 688.749356] ? find_held_lock+0x36/0x1c0 [ 688.753428] ? lock_downgrade+0x8f0/0x8f0 [ 688.757584] ? lock_release+0xa30/0xa30 [ 688.761562] ? check_same_owner+0x340/0x340 [ 688.765882] ? __check_object_size+0x9d/0x5f2 [ 688.770382] inet_sendmsg+0x1a1/0x690 [ 688.774187] ? ipip_gro_receive+0x100/0x100 [ 688.778516] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 688.784054] ? security_socket_sendmsg+0x94/0xc0 [ 688.788808] ? ipip_gro_receive+0x100/0x100 [ 688.793129] sock_sendmsg+0xd5/0x120 [ 688.796844] __sys_sendto+0x3d7/0x670 [ 688.800645] ? __ia32_sys_getpeername+0xb0/0xb0 [ 688.805314] ? wait_for_completion+0x8d0/0x8d0 [ 688.809900] ? __lock_is_held+0xb5/0x140 [ 688.813972] ? __sb_end_write+0xac/0xe0 [ 688.817963] ? __ia32_sys_read+0xb0/0xb0 [ 688.822025] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 688.827570] __x64_sys_sendto+0xe1/0x1a0 [ 688.831632] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 688.836651] do_syscall_64+0x1b9/0x820 [ 688.840538] ? finish_task_switch+0x1d3/0x890 [ 688.845033] ? syscall_return_slowpath+0x5e0/0x5e0 [ 688.849963] ? syscall_return_slowpath+0x31d/0x5e0 [ 688.854904] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 688.860302] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 688.865155] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 688.870340] RIP: 0033:0x455a99 [ 688.873518] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 688.892902] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 688.900610] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 688.907875] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 688.915142] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 688.922407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 688.929670] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000031 09:01:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:08 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7400000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:08 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:08 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:08 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58) r1 = accept4(r0, 0x0, &(0x7f0000000200), 0x0) accept$packet(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f00000000c0)=0x6) accept$alg(r1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000240)="e2393a1695caa706a9481b19af062cee3346fe57419fa9cc0e7a6ad09f4abc5ae558d26b7f598e712188ca0091727f6eaa3fe9f30d1c0282843695617ac70e2aa902d49cd328525e28603ab9462628393462f845a93df6fbf23a05bc0721d977aa8046a4f244643f15571a49d3dc79d27ef9d0afbe21456c085ba70a8bdb2b03cc68c4d170102bd7d28fda5bc6645ec9350a934af023f3fa2c5b8cdab4591bd9c0c8ade7db761030fa4762c69a0cb9e171815b08658546df6f023cb68ee89f9edf1ff3284f8f7b610b6f9591d83312694852", 0xd2) 09:01:08 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x34000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:08 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0xfbffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:08 executing program 4 (fault-call:4 fault-nth:50): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:08 executing program 3: r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000040)={0x0, 0x2e, "bde9fa29812fd35a2daba9afbdd46b0522734ba04acd4893aa8a3f3c420fe12683e7f4ede2fc391787fbf1faf7cb"}, &(0x7f0000000080)=0x36) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000140)={0x3, 0x203, 0x100000001, 0x3, r2}, &(0x7f0000000180)=0x10) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0xc0145401, &(0x7f00000000c0)={{0x3, 0x0, 0x0, 0x3, 0xffffffff}}) 09:01:08 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) socket$inet6(0xa, 0x1, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:08 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffffffffff, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:08 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6e090000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 689.358392] FAULT_INJECTION: forcing a failure. [ 689.358392] name failslab, interval 1, probability 0, space 0, times 0 [ 689.369732] CPU: 0 PID: 22618 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 689.377093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 689.386448] Call Trace: [ 689.389047] dump_stack+0x1c9/0x2b4 [ 689.392686] ? dump_stack_print_info.cold.2+0x52/0x52 [ 689.397882] ? kernel_text_address+0x79/0xf0 [ 689.402306] should_fail.cold.4+0xa/0x1a [ 689.406384] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 689.411500] ? graph_lock+0x170/0x170 [ 689.415309] ? save_stack+0x43/0xd0 [ 689.418939] ? kasan_kmalloc+0xc4/0xe0 [ 689.422837] ? find_held_lock+0x36/0x1c0 [ 689.426902] ? __lock_is_held+0xb5/0x140 [ 689.430976] ? check_same_owner+0x340/0x340 [ 689.435304] ? rcu_note_context_switch+0x730/0x730 [ 689.440237] __should_failslab+0x124/0x180 [ 689.444478] should_failslab+0x9/0x14 [ 689.448278] kmem_cache_alloc_node_trace+0x26f/0x770 [ 689.453390] __kmalloc_node_track_caller+0x33/0x70 [ 689.458326] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 689.463082] __alloc_skb+0x155/0x790 [ 689.466795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 689.472340] ? skb_scrub_packet+0x580/0x580 [ 689.476663] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 689.482192] ? ip_generic_getfrag+0x124/0x2e0 [ 689.486678] ? ip_reply_glue_bits+0xc0/0xc0 [ 689.490992] ? trace_hardirqs_on+0x10/0x10 [ 689.495223] ? raw_getfrag+0x15b/0x220 [ 689.499096] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 689.504100] __ip_append_data.isra.47+0x2248/0x2a90 [ 689.509111] ? raw_destroy+0x30/0x30 [ 689.512815] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 689.518601] ? ipv4_mtu+0x37d/0x590 [ 689.522217] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 689.527655] ? find_held_lock+0x36/0x1c0 [ 689.531711] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 689.537235] ip_append_data.part.48+0xf3/0x180 [ 689.541802] ? raw_destroy+0x30/0x30 [ 689.545499] ip_append_data+0x6d/0x90 [ 689.549283] ? raw_destroy+0x30/0x30 [ 689.552979] raw_sendmsg+0x1db4/0x29c0 [ 689.556857] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 689.561944] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 689.566351] ? find_held_lock+0x36/0x1c0 [ 689.570403] ? lock_downgrade+0x8f0/0x8f0 [ 689.574544] ? lock_release+0xa30/0xa30 [ 689.578500] ? check_same_owner+0x340/0x340 [ 689.582810] ? __check_object_size+0x9d/0x5f2 [ 689.587292] inet_sendmsg+0x1a1/0x690 [ 689.591085] ? ipip_gro_receive+0x100/0x100 [ 689.595532] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 689.601062] ? security_socket_sendmsg+0x94/0xc0 [ 689.605801] ? ipip_gro_receive+0x100/0x100 [ 689.610108] sock_sendmsg+0xd5/0x120 [ 689.613805] __sys_sendto+0x3d7/0x670 [ 689.617589] ? __ia32_sys_getpeername+0xb0/0xb0 [ 689.622243] ? wait_for_completion+0x8d0/0x8d0 [ 689.626908] ? __lock_is_held+0xb5/0x140 [ 689.630960] ? __sb_end_write+0xac/0xe0 [ 689.634926] ? __ia32_sys_read+0xb0/0xb0 [ 689.638969] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 689.644493] __x64_sys_sendto+0xe1/0x1a0 [ 689.648539] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 689.653539] do_syscall_64+0x1b9/0x820 [ 689.657409] ? finish_task_switch+0x1d3/0x890 [ 689.661894] ? syscall_return_slowpath+0x5e0/0x5e0 [ 689.666907] ? syscall_return_slowpath+0x31d/0x5e0 [ 689.671822] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 689.677172] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 689.682004] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 689.687184] RIP: 0033:0x455a99 [ 689.690354] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:08 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x80ffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:08 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0xffffff7f], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:08 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)="30b6ade1060f", 0x6}], 0x1) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e22, 0x4, @empty, 0x8}}}, &(0x7f00000002c0)=0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000300)={r1, @in={{0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}}, [0x1, 0x10000000000000, 0xfff, 0x10001, 0x8, 0x0, 0x8, 0x81, 0x6, 0x3, 0x80, 0x7, 0x3f, 0x60000000000000, 0x8]}, &(0x7f0000000400)=0x100) r2 = memfd_create(&(0x7f0000000100)='\x00', 0x3) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000140)={0xffffffff}, 0x106, 0xf}}, 0x20) write$RDMA_USER_CM_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0xa, 0x4, 0xfa00, {r3}}, 0xc) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x4, &(0x7f0000000080), &(0x7f0000000000)=0xffffffffffffff60) [ 689.709586] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 689.717282] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 689.724544] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 689.731798] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 689.739051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 689.746304] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000032 09:01:08 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x5000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:08 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xdc05, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:09 executing program 3: socketpair(0x1, 0x1, 0x3, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000040)={'vcan0\x00', 0xa552}) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r3 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x200000000003e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f0000000080)=""/103) dup2(r2, r3) r4 = socket(0x11, 0x100000000000002, 0x0) close(r4) 09:01:09 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) sendto$inet(r0, &(0x7f0000000100)="a9", 0x1, 0x0, &(0x7f0000000000)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000003c0), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2}, 0x6) 09:01:09 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x200000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:09 executing program 4 (fault-call:4 fault-nth:51): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:09 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x80ffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:09 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x204e, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 689.910388] FAULT_INJECTION: forcing a failure. [ 689.910388] name failslab, interval 1, probability 0, space 0, times 0 [ 689.921728] CPU: 1 PID: 22652 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 689.929091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 689.938447] Call Trace: [ 689.941050] dump_stack+0x1c9/0x2b4 [ 689.944696] ? dump_stack_print_info.cold.2+0x52/0x52 [ 689.949921] ? unwind_get_return_address+0x61/0xa0 [ 689.954867] ? graph_lock+0x170/0x170 [ 689.958688] should_fail.cold.4+0xa/0x1a [ 689.962756] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 689.967866] ? __lock_is_held+0xb5/0x140 [ 689.971937] ? __kmalloc_node_track_caller+0x47/0x70 [ 689.977048] ? graph_lock+0x170/0x170 [ 689.980869] ? find_held_lock+0x36/0x1c0 [ 689.984956] ? __lock_is_held+0xb5/0x140 [ 689.989026] ? check_same_owner+0x340/0x340 [ 689.993348] ? rcu_note_context_switch+0x730/0x730 [ 689.998279] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 690.003568] __should_failslab+0x124/0x180 [ 690.007805] should_failslab+0x9/0x14 [ 690.011604] kmem_cache_alloc_node+0x272/0x780 [ 690.016185] ? __kmalloc_node_track_caller+0x47/0x70 [ 690.021297] __alloc_skb+0x119/0x790 [ 690.025012] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 690.030548] ? skb_scrub_packet+0x580/0x580 [ 690.034874] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 690.040422] ? ip_generic_getfrag+0x124/0x2e0 [ 690.044923] ? ip_reply_glue_bits+0xc0/0xc0 [ 690.049247] ? trace_hardirqs_on+0x10/0x10 [ 690.053490] ? raw_getfrag+0x15b/0x220 [ 690.057377] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 690.062396] __ip_append_data.isra.47+0x2248/0x2a90 [ 690.067415] ? raw_destroy+0x30/0x30 [ 690.071137] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 690.076937] ? ipv4_mtu+0x37d/0x590 [ 690.080566] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 690.086012] ? find_held_lock+0x36/0x1c0 [ 690.090086] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 690.095627] ip_append_data.part.48+0xf3/0x180 [ 690.100211] ? raw_destroy+0x30/0x30 [ 690.103925] ip_append_data+0x6d/0x90 [ 690.107726] ? raw_destroy+0x30/0x30 [ 690.111440] raw_sendmsg+0x1db4/0x29c0 [ 690.115342] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 690.120448] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 690.124889] ? find_held_lock+0x36/0x1c0 [ 690.128957] ? lock_downgrade+0x8f0/0x8f0 [ 690.133106] ? lock_release+0xa30/0xa30 [ 690.137082] ? check_same_owner+0x340/0x340 [ 690.141406] ? __check_object_size+0x9d/0x5f2 [ 690.145914] inet_sendmsg+0x1a1/0x690 [ 690.149715] ? ipip_gro_receive+0x100/0x100 [ 690.154043] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 690.159578] ? security_socket_sendmsg+0x94/0xc0 [ 690.164333] ? ipip_gro_receive+0x100/0x100 [ 690.168656] sock_sendmsg+0xd5/0x120 [ 690.172370] __sys_sendto+0x3d7/0x670 [ 690.176174] ? __ia32_sys_getpeername+0xb0/0xb0 [ 690.180846] ? wait_for_completion+0x8d0/0x8d0 [ 690.185438] ? __lock_is_held+0xb5/0x140 [ 690.189512] ? __sb_end_write+0xac/0xe0 [ 690.193497] ? __ia32_sys_read+0xb0/0xb0 [ 690.197585] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 690.203130] __x64_sys_sendto+0xe1/0x1a0 [ 690.207192] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 690.212208] do_syscall_64+0x1b9/0x820 [ 690.216109] ? finish_task_switch+0x1d3/0x890 [ 690.220692] ? syscall_return_slowpath+0x5e0/0x5e0 [ 690.225625] ? syscall_return_slowpath+0x31d/0x5e0 [ 690.230561] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 690.235927] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 690.240773] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 690.245957] RIP: 0033:0x455a99 [ 690.249136] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 690.268512] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 690.276223] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 690.283487] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 690.290756] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 690.298019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 09:01:09 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x100000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:09 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x200000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 690.305287] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000033 09:01:09 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) socket$inet6(0xa, 0x1, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:09 executing program 4 (fault-call:4 fault-nth:52): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:09 executing program 3: r0 = socket$inet6(0xa, 0x6, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x428000, 0x0) waitid(0x3, 0x0, &(0x7f00000000c0), 0x0, &(0x7f00000001c0)) 09:01:09 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3b000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:09 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x100000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:09 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:09 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x4000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 690.456262] FAULT_INJECTION: forcing a failure. [ 690.456262] name failslab, interval 1, probability 0, space 0, times 0 [ 690.467606] CPU: 1 PID: 22672 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 690.474975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 690.484321] Call Trace: [ 690.486932] dump_stack+0x1c9/0x2b4 [ 690.490555] ? dump_stack_print_info.cold.2+0x52/0x52 [ 690.495740] ? kernel_text_address+0x79/0xf0 [ 690.500142] should_fail.cold.4+0xa/0x1a [ 690.504189] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 690.509285] ? graph_lock+0x170/0x170 [ 690.513073] ? save_stack+0x43/0xd0 [ 690.516686] ? kasan_kmalloc+0xc4/0xe0 [ 690.520563] ? find_held_lock+0x36/0x1c0 [ 690.524610] ? __lock_is_held+0xb5/0x140 [ 690.528660] ? check_same_owner+0x340/0x340 [ 690.532984] ? rcu_note_context_switch+0x730/0x730 [ 690.537903] __should_failslab+0x124/0x180 [ 690.542125] should_failslab+0x9/0x14 [ 690.545910] kmem_cache_alloc_node_trace+0x26f/0x770 [ 690.551007] __kmalloc_node_track_caller+0x33/0x70 [ 690.555928] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 690.560668] __alloc_skb+0x155/0x790 [ 690.564366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 690.569892] ? skb_scrub_packet+0x580/0x580 [ 690.574203] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 690.579727] ? ip_generic_getfrag+0x124/0x2e0 [ 690.584206] ? ip_reply_glue_bits+0xc0/0xc0 [ 690.588514] ? trace_hardirqs_on+0x10/0x10 [ 690.592737] ? raw_getfrag+0x15b/0x220 [ 690.596612] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 690.601623] __ip_append_data.isra.47+0x2248/0x2a90 [ 690.606630] ? raw_destroy+0x30/0x30 [ 690.610334] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 690.616122] ? ipv4_mtu+0x37d/0x590 [ 690.619734] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 690.625171] ? find_held_lock+0x36/0x1c0 [ 690.629224] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 690.634745] ip_append_data.part.48+0xf3/0x180 [ 690.639310] ? raw_destroy+0x30/0x30 [ 690.643014] ip_append_data+0x6d/0x90 [ 690.646802] ? raw_destroy+0x30/0x30 [ 690.650501] raw_sendmsg+0x1db4/0x29c0 [ 690.654381] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 690.659469] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 690.663880] ? find_held_lock+0x36/0x1c0 [ 690.667929] ? lock_downgrade+0x8f0/0x8f0 [ 690.672166] ? lock_release+0xa30/0xa30 [ 690.676125] ? check_same_owner+0x340/0x340 [ 690.680433] ? __check_object_size+0x9d/0x5f2 [ 690.684916] inet_sendmsg+0x1a1/0x690 [ 690.688706] ? ipip_gro_receive+0x100/0x100 [ 690.693017] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 690.698539] ? security_socket_sendmsg+0x94/0xc0 [ 690.703279] ? ipip_gro_receive+0x100/0x100 [ 690.707585] sock_sendmsg+0xd5/0x120 [ 690.711284] __sys_sendto+0x3d7/0x670 [ 690.715071] ? __ia32_sys_getpeername+0xb0/0xb0 [ 690.719723] ? rcu_pm_notify+0xc0/0xc0 [ 690.723601] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 690.729121] ? syscall_trace_enter+0x68e/0x1210 [ 690.733785] ? tracehook_report_syscall_exit+0x2f0/0x2f0 [ 690.739217] ? __ia32_sys_read+0xb0/0xb0 [ 690.743264] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 690.748797] __x64_sys_sendto+0xe1/0x1a0 [ 690.752860] do_syscall_64+0x1b9/0x820 [ 690.756728] ? finish_task_switch+0x1d3/0x890 [ 690.761207] ? syscall_return_slowpath+0x5e0/0x5e0 [ 690.766121] ? syscall_return_slowpath+0x31d/0x5e0 [ 690.771042] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 690.776395] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 690.781746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 690.786918] RIP: 0033:0x455a99 09:01:10 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) sendmmsg(r0, &(0x7f0000001e80)=[{{&(0x7f0000000080)=@in={0x2, 0x4e20}, 0x80, &(0x7f0000000500), 0x0, &(0x7f0000000080)}}, {{&(0x7f00000002c0)=@in={0x2, 0x4e21, @broadcast=0xffffffff}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="180000000000000000000000070000008903040000000000"], 0x18}}], 0x2, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x0, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x4000, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000100)={r1, r2, 0xf, 0x2}, 0x10) [ 690.790086] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 690.809318] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 690.817013] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 690.824267] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 690.831523] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 690.838775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 690.846050] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000034 09:01:10 executing program 4 (fault-call:4 fault-nth:53): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:10 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xf00, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:10 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:10 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x40030000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:10 executing program 1: ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f00000001c0)={0x0, 0x0, 0xdc2, &(0x7f0000000240)="eff369ed16895388093f8383e3e465b64accb5f26b7745ad1c59469a6158a8bf35c527a4c9f960272c098c49de417258380607968b738eda251abed9b02cf89da04ea3076b905cebf44ecf53b922979c08d06ad08564ad5e310985a3ea4ad21dd8050653d0e1313848c850a3af3641dc4659f111e9625afbd0f6d8e87ae8a8e25235c6a0aff92e45598563bfa54c5b590d209f704bae4f19e8c3a57e6b7c5177dead7ce2ccd418792f66a327d02faaaebcb7b5d84048ccda7ee908bdaf2202e652922dd80afaa250bb5a9ecc11f587bd90ad87dab4c3422f31d4145e25a6e5fd57b8dbfc216e87c5e5ddc2f0f7af17af355b81a38f20b04f4fac4ad56dd71817a2624b36fb76a02a186f62832f9aac66fd1ca3cf08d62f344688d58a85e1b6df1eaa5e5269ee03ab5af28e4655f4d26ec8991c9b09a49cbb5b77e6f99f82bd379154a2d6874800d84cad029e9a5a296965480cd8f499b4c430d38a0682c162f7c4444addde67c14719f8dc78ce016a8e99bc924a962a15fdb52aa04820f8e52d72ae6678f710056245caf29c04aaa2efcb35bfc6d03244c64264b68155e581949dfae01c9ff282276585fbce409139345b551d02a1cf33b50d7d56e0d14410d9f3a5c0b2ce3022577e6b71f1736f45a690699603aa22d666c698162f99743a94a47cf9500d8f53369915fab081b51cc3fc6f05eb94b64f329dafc838a7b873c5613d02eaf08d9c44f9732812d7a66d957d00ad1cff58eb19153e38da365c65b56139227634ec47509e9ccd26530591f9a3593549aaad9cb7a8fe39b613dca49d6466cdb0bc242b11a5b7ccdca61f6f8c20b609e3ba4c6aa30f897a8eafe1cf185dce3522624722be04b3566deae878adc37a36b5542314dea060933ed077c19f54c1615b44f651420742747e8992511d337944f1ec85ea2b7d04a4a3c9fd47433e6f3c2a562d1d391511b770a4ec818a6408ca66804d50b331eb29e61913ae123962a8ede3d2077c7d5e21061613215633e4b6a915292cf24d5753ecd91c5297db560945fdd96830eb2957bb7cf5cd47b444ed45fe5ca93cf93f94652cd22dfb707852d1c0ad2f7f9841d7986851672f7d17154232bd681a2d0130d734da8cc028aad8b817a2a9a674b30a4acfbe1af562e814d63a771b7925b3faf3cc3803e9b17e5556b7327281956aef30652b8bd9f9e5095dd16c747bbdef8c39b3bf3612ee6bec04595a778312720ca9285c47cc34009e3ef9927b6946da3ddc4fa1c7965822cda0a358cf6fd02fa6e832a2e58939715c6b00e1b1adb9ed3b140046cae272d550cc3aed5e37d880a33ffdf266ac8b4a4831c40af14e0c9f183a3207e446ceafe5a9cd42956aac0e63f7e883a148cfccad3e18f9d0bda71da641fefb409304995daeba1a8c72bd40f457967c0b1dcc9a1dd97841a0aa95a2abaca1fe896b4195618c3780840fc1f50dd4f6660788508d7af3a1f4623cfcee21a9dd782b5ad43dc9e4735514e7869ff3a44779801c29bead83daed086f3f8be3a4be0a52be725c3821658dadb48f1f637ba9e9fbff59b76ae90c07640f315ea396e8d8f0ed17fbd0f9eb6db16deee60164df2154b3129c87eb5d45738dc14b4c43068d11a9065677d32a41e21a05140091e2e09b6aef8d6c774d3f10786e09e5bac5d74049ef062119902bf2566586c9e23370d2ea997cb90a18a5906dc0530e5220cc0bc37bc16daa78e6c8f601630d0222aab4a7c1056439cce22036ca404c346fa923f6093127f2346a3bd7ff1b9c2fd45019730d498b4934a5450a7761e3bd54ddbf498d09c57306967bb5bc4d124f992388ee730cfbe1da8834b5faeadb27e7a57841ebf87b5ec6a971df9b1df438bcffcf5e3f8be7de0da047613ed98bcdc099115c733204aa5c431ef398964760998b5106035fa1377d0fcaa7f42385904ed6e46b78ab892b963c86fc5009f60ce850086e042c3e03b65388de6f1fbd363e6ce17d5eeb549e8e06ece841cc951c01208373911a2cb24b45bb07cd0007ccc9e5ca4de945e424a9c0c1a5e35d3a4be551b0392ff864f28604a7b046f2c07da16982c155858013649028a3dfcdfc37ae68983fc419ff663cf4500fd03f3f5da4ea400dca8ea507929c52f06571297ed754335d67669c28d3e517f5c53b309d759e328b495d15c53692dc1e8a1aa1e0b0bb8a4b94d53a897ef8e48755d48744577d6a569d58b5c9236ff2e1c35de2c3ab89ee470d99379357966618fd415ff334fc92d4f79c39a1f99a1204a232312149ccb7ddf7900c7decfdedb3954343e85e22f7939b64ecd9b7011e8b9c01f77cf6565f35f9f29e2a1ff87982ea72b2d48413aadcabce11b258ca3b0f7e62c405b0be880a3c0b6e2f8c96752b732470532653def5cfca3b923ff8fa4a27317bb1b6c4e52304532ef12b0ed0f30386f42324d53ec73500f24f60377195964856a09ef61d955ddd71de58d81eeaee2c1002c4bf119e963bed2aa81f0e5523d0d0223e3f54309a3606f347a214c0fa4b2bee55179e2364887f2c53c53c7d7b8f1e630d4889cc0703672e6ac7009d71996cc1acbb7e050c017fb36f47eee5ea63d6aaee0b252b5c019281ac43a5bd210f92516dce7ff878358b6bfd926e6634997034434d70a01d82e56d463ea4896685f086ff091545e7bc04121368b3a900a893dc0ce6106a9f9745c661ecb718767729df216f974b2d745064d390d814a0dfaa6fd45471e96892ad1f529f2c79e9092f849fc11bfb3d41b6cb72ab8a0ec1ba8509df775ae2557101b8a20a9fee6dacc1ca879b305dce8d7ec52db20a21fcfa92dd732c4343f47403a8a2e916e1b5547e940c7f737b80b27cffe445c05fb6834811234733a3b9c3ee38706327dc552a9d9907088c3d757e5aafb40947f71e3497103f0651ce1cc87b0530fb75836f3b0cbfcd9009de518816ccbf926ae06b6ed01a2945fb421f0c68bca7c056be242ac07b942f19efb90109251efe340b2f4b8e69a6a02ce65e155d5e51158734a26536e6d376d9bafd33481b00235d2fa30766a1428954aa1a2145830af7ef087d88ecea59763dadc35460693653cd7b76583bd46910b6a5e46407a8fb3aa9d55500d2df6b67296986a134a6b964a4ceac1a2b7950579e128c4abea3c8605e205205a3e32bd60af546414ab9bac0953bf06528b820e6d029506db89ebea635f594afcf17f01d09ef1205265b73def8944379592e53948ab087eee208965a70338426d76e64013d036df4562d316aae4e0dd1db535eed2c9091a46f86be84fc4b7e1257bbe67ece86ce0e17db3da2900bcbc5dbaab5eb2567bbc2676fa4dd7d590c7b7195da3be4917e0d3610dcb5157a8ef54dfebae960b326bff551c732be2e565a39e48145c4906fdd42b1238e9303c3c0c8442f5c42e1bd6562b2e300c1cfc80fc9135cc08f60ab9ad4b5cbf8dcda6c5433dbf67ea299af56d60caddb11ef8b08aaa9a2e9082fdb6fd0053a6aa0de6fc634162cdc0747ec6b0f7ae55ded0b549da12b82669c85ce905cd10b7b0a5fc8e5e1afca3b41a98d8c08aba672d90cb319444a27b832fe9ea1d28c2f97bad5d43f1ea36c62077182bf2478fba058e19e73fef8f06e90c8f13eba55b3206832ee0930b6e5bfe492746fadf838d0591bfacf9c63ef8f4afb1e106a9d38c8a5f94511efcae82ac1c2fbd1b7bac4538346604a5ae82a2966a51938c24bb4653d33dd548d94dd0dde9d556c45a67403926ba42b8e55074627d632806fa95a0e2add62ed6b79ead213e058eae373ac9911023fcf8096d4393a936ad33221454de12c3d992af2595803af6c13567c7522b701052ccfc70a0f6e5b9bb97bf40be1e6403a1972504aced0674538ce221bc29e4343a6ad078c0696057a34870f9e438c9113bb3ee3b5d610b6a7141467c8fb8488e8b5d03b2608e905feeef63eff73ed4f65efeeae5ade5d1663a549cec6d96d0fd5a71e8a0a95cc8d13b666dedd9f6f04fcc9ec4f508e801d12afe282b51241ba3792ed5b8df0b52bd4bf2967b9ce0c4a812387bd4abfb99a68d7ae29436dbd3aa91428e0e8f21ad3c8212d2b98bce7c7c0ba79ad7db5d9ee94fb4058a52599c15ab4c2f1961a104b92ab9a761122529f3d807fed4233d7b87aa2072d2d5759a8efbaa952f7b859e2ef70c620153da5ddc71a7a3682f9a0f656d143d7fec2a7eda8af2e042e3dea82bca32433328b9c45f6522b8ab06ac3941b900a4227c90f3d9b74fef3960e5f3f4487eaf1b0aec561030cebdc63cfe7536bdce66b105f1255a1dcce9ba44437bc507cc9df60a5d6f0dc1b90c7bac8a2985cd4fba31a106378580f989097630e388633ab843867b7dcd60abd4b6612dcb8f922314b3bcbabc4a29df46eb5ec144fae6f81eefebf7209a01941b897ce9a42b8dd6acfda92dac064c56daf757cbe573b3b63dec0fd439279c7b89543f0639c92ed9a28cbf09e863abeb3691c0d7dcb2c4e51f4780d5788cb8a6ba8b17aad85bb3fa3d2476b3e4d6fd9e46e7d8c2ef6c9e53f40f6d3509fb9df85917db97b54b4a62b8a73998405282203a45fe99fba2e181df83c3cf6844235430b110cdb3fef01499836c4f7417085a732d1d741f5158b3a655152a6722b06ede8c6aaeeb82a28fa978ac2b0053183a3bf159e6352279dfd2cb8f18c50eecbcf27f4a7f4a4cfa7f83f0117a7dc1dace39bd628243d52d7c9068400519d92cb60e35f67ca53715455c746d6aafb8383114a51fc1756ec8132cf8fc75cbe7fe181aa45c6a3bc63c2d74ae983485abe705567c080d39830ae1b6a42c7e23fb05274c88dd39221fd850929b72d0d19399752c22a0f7e7753f9cb77c83bf59a50270d03f89d2b907b0ed10607b9c88f1ab8e6f89966a68244e4a75da054b5bf70f6962e2e362797cd780e82adb30dfab4e2c06e83978c4476e1d2c4475b6044bfa2cf805939d733b66f71c21dd6fd51390527d92622586deb8a"}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_RUN(r0, 0xae80, 0x0) 09:01:10 executing program 3: r0 = socket$kcm(0x29, 0x2, 0x0) ioctl(r0, 0x8912, &(0x7f00000000c0)="0047fc2f07d82c99240970") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-twofish-avx\x00'}, 0x58) r2 = request_key(&(0x7f00000001c0)='rxrpc_s\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a, 0x1}, &(0x7f0000000240)='\x00', 0xffffffffffffffff) r3 = request_key(&(0x7f0000000280)='keyring\x00', &(0x7f00000002c0)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000000300)='\x00', 0xfffffffffffffff8) keyctl$link(0x8, r2, r3) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7295df0df8217ad4000000000000000e6", 0x20) accept$alg(r1, 0x0, 0x0) r4 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000000080)=[{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)="b5cbb3f0784d033f40d43c07b3b9f630", 0x10}], 0x1}], 0x1, 0x0) recvmsg(r4, &(0x7f0000001200)={&(0x7f0000000000)=@vsock={0x0, 0x0, 0x0, @hyper}, 0x80, &(0x7f00000011c0), 0x0, 0x0, 0x0, 0x54}, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000340)={0xffffffffffffffff}) setsockopt$inet_MCAST_LEAVE_GROUP(r5, 0x0, 0x2d, &(0x7f0000000380)={0x3, {{0x2, 0x4e22, @multicast1=0xe0000001}}}, 0x88) [ 690.997720] FAULT_INJECTION: forcing a failure. [ 690.997720] name failslab, interval 1, probability 0, space 0, times 0 [ 691.009083] CPU: 1 PID: 22693 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 691.016447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 691.025804] Call Trace: [ 691.028410] dump_stack+0x1c9/0x2b4 [ 691.032052] ? dump_stack_print_info.cold.2+0x52/0x52 [ 691.037247] ? unwind_get_return_address+0x61/0xa0 [ 691.042187] ? graph_lock+0x170/0x170 [ 691.046002] should_fail.cold.4+0xa/0x1a [ 691.050077] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 691.055193] ? __lock_is_held+0xb5/0x140 [ 691.059269] ? __kmalloc_node_track_caller+0x47/0x70 [ 691.064381] ? graph_lock+0x170/0x170 [ 691.068192] ? find_held_lock+0x36/0x1c0 [ 691.072257] ? __lock_is_held+0xb5/0x140 [ 691.076325] ? check_same_owner+0x340/0x340 [ 691.080646] ? rcu_note_context_switch+0x730/0x730 [ 691.085574] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 691.090854] __should_failslab+0x124/0x180 [ 691.095092] should_failslab+0x9/0x14 [ 691.098892] kmem_cache_alloc_node+0x272/0x780 [ 691.103477] ? __kmalloc_node_track_caller+0x47/0x70 [ 691.108595] __alloc_skb+0x119/0x790 [ 691.112310] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.117851] ? skb_scrub_packet+0x580/0x580 [ 691.122173] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.127708] ? ip_generic_getfrag+0x124/0x2e0 [ 691.132206] ? ip_reply_glue_bits+0xc0/0xc0 [ 691.136525] ? trace_hardirqs_on+0x10/0x10 [ 691.140768] ? raw_getfrag+0x15b/0x220 [ 691.144656] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 691.149675] __ip_append_data.isra.47+0x2248/0x2a90 [ 691.154695] ? raw_destroy+0x30/0x30 [ 691.158421] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 691.164226] ? ipv4_mtu+0x37d/0x590 [ 691.167855] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 691.173305] ? find_held_lock+0x36/0x1c0 [ 691.177381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.182919] ip_append_data.part.48+0xf3/0x180 [ 691.187501] ? raw_destroy+0x30/0x30 [ 691.191215] ip_append_data+0x6d/0x90 [ 691.195023] ? raw_destroy+0x30/0x30 [ 691.198740] raw_sendmsg+0x1db4/0x29c0 [ 691.202638] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 691.207737] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 691.212169] ? find_held_lock+0x36/0x1c0 [ 691.216243] ? lock_downgrade+0x8f0/0x8f0 [ 691.220393] ? lock_release+0xa30/0xa30 [ 691.224364] ? check_same_owner+0x340/0x340 [ 691.228688] ? __check_object_size+0x9d/0x5f2 [ 691.233190] inet_sendmsg+0x1a1/0x690 [ 691.236995] ? ipip_gro_receive+0x100/0x100 [ 691.241317] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 691.246855] ? security_socket_sendmsg+0x94/0xc0 [ 691.251612] ? ipip_gro_receive+0x100/0x100 [ 691.255936] sock_sendmsg+0xd5/0x120 [ 691.259653] __sys_sendto+0x3d7/0x670 [ 691.263459] ? __ia32_sys_getpeername+0xb0/0xb0 [ 691.268129] ? wait_for_completion+0x8d0/0x8d0 [ 691.272714] ? __lock_is_held+0xb5/0x140 [ 691.276785] ? __sb_end_write+0xac/0xe0 [ 691.280785] ? __ia32_sys_read+0xb0/0xb0 [ 691.284854] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 691.290396] __x64_sys_sendto+0xe1/0x1a0 [ 691.294461] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 691.299479] do_syscall_64+0x1b9/0x820 [ 691.303363] ? syscall_slow_exit_work+0x500/0x500 [ 691.308208] ? syscall_return_slowpath+0x5e0/0x5e0 [ 691.313136] ? syscall_return_slowpath+0x31d/0x5e0 [ 691.318078] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 691.323443] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 691.328289] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 691.333475] RIP: 0033:0x455a99 [ 691.336653] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 691.356038] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 691.363744] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 691.371005] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 691.378269] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 691.385530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 09:01:10 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x8000000004) socket$netlink(0x10, 0x3, 0xd) writev(r0, &(0x7f0000e11ff0)=[{&(0x7f0000000140)="580000001400192340834b80040d8c560a067fffffff81004e220000000058000b4824ca945f64009400050028925aa8000000000000008000f0fffeffe809000000fff5dd00000010000100570aa8f7410400000000fcff", 0x58}], 0x1) 09:01:10 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0xfbffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 691.392797] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000035 09:01:10 executing program 3: clone(0x0, &(0x7f00008dcfff), &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000002000)) 09:01:10 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x2], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:10 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:10 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x20000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:10 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) socket$inet6(0xa, 0x1, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:10 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0xfffffffb], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:10 executing program 4 (fault-call:4 fault-nth:54): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:10 executing program 1: r0 = syz_open_dev$ndb(&(0x7f0000000200)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f00000002c0)={[], 0x0, 0xfff, 0x3a9, 0x0, 0x6}) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x2, @rand_addr=0x8}}, 0x1e) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) ppoll(&(0x7f0000000000), 0x0, &(0x7f0000000040), &(0x7f0000000080), 0x8) 09:01:10 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffff000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:10 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x5c5c1fdc5d], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:10 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7400, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 691.629165] FAULT_INJECTION: forcing a failure. [ 691.629165] name failslab, interval 1, probability 0, space 0, times 0 [ 691.640482] CPU: 1 PID: 22735 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 691.647847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 691.657198] Call Trace: [ 691.659802] dump_stack+0x1c9/0x2b4 [ 691.663422] ? dump_stack_print_info.cold.2+0x52/0x52 [ 691.668604] ? kernel_text_address+0x79/0xf0 [ 691.673010] should_fail.cold.4+0xa/0x1a [ 691.677065] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 691.682160] ? graph_lock+0x170/0x170 [ 691.685954] ? save_stack+0x43/0xd0 [ 691.689568] ? kasan_kmalloc+0xc4/0xe0 [ 691.693445] ? find_held_lock+0x36/0x1c0 [ 691.697494] ? __lock_is_held+0xb5/0x140 [ 691.701546] ? check_same_owner+0x340/0x340 [ 691.705856] ? rcu_note_context_switch+0x730/0x730 [ 691.710789] __should_failslab+0x124/0x180 [ 691.715017] should_failslab+0x9/0x14 [ 691.718809] kmem_cache_alloc_node_trace+0x26f/0x770 [ 691.723905] __kmalloc_node_track_caller+0x33/0x70 [ 691.728824] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 691.733568] __alloc_skb+0x155/0x790 [ 691.737271] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.742793] ? skb_scrub_packet+0x580/0x580 [ 691.747121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.752644] ? ip_generic_getfrag+0x124/0x2e0 [ 691.757126] ? ip_reply_glue_bits+0xc0/0xc0 [ 691.761433] ? trace_hardirqs_on+0x10/0x10 [ 691.765658] ? raw_getfrag+0x15b/0x220 [ 691.769530] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 691.774537] __ip_append_data.isra.47+0x2248/0x2a90 [ 691.779543] ? raw_destroy+0x30/0x30 [ 691.783248] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 691.789047] ? ipv4_mtu+0x37d/0x590 [ 691.792663] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 691.798124] ? find_held_lock+0x36/0x1c0 [ 691.802182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.807707] ip_append_data.part.48+0xf3/0x180 [ 691.812277] ? raw_destroy+0x30/0x30 [ 691.815980] ip_append_data+0x6d/0x90 [ 691.819775] ? raw_destroy+0x30/0x30 [ 691.823478] raw_sendmsg+0x1db4/0x29c0 [ 691.827356] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 691.832447] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 691.836857] ? find_held_lock+0x36/0x1c0 [ 691.840909] ? lock_downgrade+0x8f0/0x8f0 [ 691.845042] ? lock_release+0xa30/0xa30 [ 691.849002] ? check_same_owner+0x340/0x340 [ 691.853314] ? __check_object_size+0x9d/0x5f2 [ 691.857803] inet_sendmsg+0x1a1/0x690 [ 691.861593] ? ipip_gro_receive+0x100/0x100 [ 691.865905] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 691.871433] ? security_socket_sendmsg+0x94/0xc0 [ 691.876178] ? ipip_gro_receive+0x100/0x100 [ 691.880487] sock_sendmsg+0xd5/0x120 [ 691.884191] __sys_sendto+0x3d7/0x670 [ 691.887978] ? __ia32_sys_getpeername+0xb0/0xb0 [ 691.892640] ? wait_for_completion+0x8d0/0x8d0 [ 691.897214] ? __lock_is_held+0xb5/0x140 [ 691.901270] ? __sb_end_write+0xac/0xe0 [ 691.905237] ? __ia32_sys_read+0xb0/0xb0 [ 691.909286] ? syscall_slow_exit_work+0x500/0x500 [ 691.914117] __x64_sys_sendto+0xe1/0x1a0 [ 691.918169] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 691.923170] do_syscall_64+0x1b9/0x820 [ 691.927041] ? finish_task_switch+0x1d3/0x890 [ 691.931526] ? syscall_return_slowpath+0x5e0/0x5e0 [ 691.936439] ? syscall_return_slowpath+0x31d/0x5e0 [ 691.941359] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 691.946718] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 691.951549] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 691.956733] RIP: 0033:0x455a99 [ 691.959906] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:11 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0xffffff7f00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 691.979149] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 691.986846] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 691.994188] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 692.001443] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 692.008695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 692.015948] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000036 09:01:11 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:11 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffff000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:11 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2=0xe0000002}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000f59000), 0xffffffffffffffa2) sendto$inet(r0, &(0x7f0000fd0000), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) close(0xffffffffffffffff) sendto$inet(r0, &(0x7f0000000200)="8dac3088d7f551c9be3395395f45995b2f0fd589138fac968ff9f18e6fa372860b1417bbbeb4dc293a8c2fbd80e04aece59ec60d3c7dcd3f7c0c25c1e3596aeca35bf6334bf69c88573187cddfbffbff8579fe95db86de3887248b421a1ed4bbccc0f5df6e23a0f797ff0b2d4388fd50ea1e0918d30318ee5541ee6ed70270b743a0", 0x82, 0x0, &(0x7f0000000080)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) sendto$inet(r0, &(0x7f00006fd000)="c3401c344654f3c7d9b41ba48c8e399aa4eedc3d6bd8ebd65c856a27d61154adc2b2a9763ae0201c0d32e11f38e9dd18c58f6bd779650fc30f93653bdaecf323c9f6502ceab47e58114347b289546465a5eb278de12b1989f64cc99412e36880d20c34d91051b22f6c8acc9d082b7bcdec844f667da0867d08d4154004997e317b79", 0x82, 0x81, &(0x7f0000e66000)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f00000007c0)="850ef00109d25e0e36334d055dffd02147c4f48d137fb0ae6dad4bfd54365b7b836407594893a400508bc7a96d2436ebcb30407e8e72569639195e57a488c59c933ba1657667611e1c87f98c2971a2877f608da84e915d2b4810660ee7ec5ab58effbaaafa429a08b6dd2c27c9cef277dd14624bd493", 0x76, 0x0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14}}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="9f0a1a454114d6d6d2677e75b229c5819d0b85fd9320eccbb3b4fa1c0d748563a31d20561b1155874c21ef947605d8480a31e9de8fe422624b9bbc9b9c0db44a0e1dc7ca2bd84cb5f9b5fed34d9851dbb89d4d0b6bdebc61aaa481e909ce5b50d0fe62d29d063349ca374f7274f6", 0x6e, 0x0, &(0x7f0000000180)={0x2, 0x0, @broadcast=0xffffffff}, 0x10) readv(r0, &(0x7f00000014c0)=[{&(0x7f0000001400)=""/163, 0xa3}], 0x1) sendmmsg(r0, &(0x7f0000006b80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000005a80)="13", 0x1}], 0x1, &(0x7f0000006b00)}}], 0x1, 0x0) 09:01:11 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0xfffffffb], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:11 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x400000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:11 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff00000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:11 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x5, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:11 executing program 4 (fault-call:4 fault-nth:55): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) [ 692.256911] FAULT_INJECTION: forcing a failure. [ 692.256911] name failslab, interval 1, probability 0, space 0, times 0 [ 692.268287] CPU: 0 PID: 22766 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 692.275660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 692.285018] Call Trace: [ 692.287606] dump_stack+0x1c9/0x2b4 [ 692.291238] ? dump_stack_print_info.cold.2+0x52/0x52 [ 692.297036] ? unwind_get_return_address+0x61/0xa0 [ 692.301957] ? graph_lock+0x170/0x170 [ 692.305746] should_fail.cold.4+0xa/0x1a [ 692.309793] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 692.314882] ? __lock_is_held+0xb5/0x140 [ 692.318932] ? __kmalloc_node_track_caller+0x47/0x70 [ 692.324030] ? graph_lock+0x170/0x170 [ 692.327822] ? find_held_lock+0x36/0x1c0 [ 692.331873] ? __lock_is_held+0xb5/0x140 [ 692.335949] ? check_same_owner+0x340/0x340 [ 692.340258] ? rcu_note_context_switch+0x730/0x730 [ 692.345172] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 692.350438] __should_failslab+0x124/0x180 [ 692.354661] should_failslab+0x9/0x14 [ 692.358452] kmem_cache_alloc_node+0x272/0x780 [ 692.363027] ? __kmalloc_node_track_caller+0x47/0x70 [ 692.368123] __alloc_skb+0x119/0x790 [ 692.371821] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 692.377347] ? skb_scrub_packet+0x580/0x580 [ 692.381656] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 692.387180] ? ip_generic_getfrag+0x124/0x2e0 [ 692.391660] ? ip_reply_glue_bits+0xc0/0xc0 [ 692.395967] ? trace_hardirqs_on+0x10/0x10 [ 692.400206] ? raw_getfrag+0x15b/0x220 [ 692.404087] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 692.409095] __ip_append_data.isra.47+0x2248/0x2a90 [ 692.414105] ? raw_destroy+0x30/0x30 [ 692.417813] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 692.423599] ? ipv4_mtu+0x37d/0x590 [ 692.427239] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 692.432677] ? find_held_lock+0x36/0x1c0 [ 692.436735] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 692.442258] ip_append_data.part.48+0xf3/0x180 [ 692.446824] ? raw_destroy+0x30/0x30 [ 692.450523] ip_append_data+0x6d/0x90 [ 692.454308] ? raw_destroy+0x30/0x30 [ 692.458011] raw_sendmsg+0x1db4/0x29c0 [ 692.461899] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 692.466985] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 692.471399] ? find_held_lock+0x36/0x1c0 [ 692.475452] ? lock_downgrade+0x8f0/0x8f0 [ 692.479585] ? lock_release+0xa30/0xa30 [ 692.483543] ? check_same_owner+0x340/0x340 [ 692.487851] ? __check_object_size+0x9d/0x5f2 [ 692.492336] inet_sendmsg+0x1a1/0x690 [ 692.496124] ? ipip_gro_receive+0x100/0x100 [ 692.500434] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 692.505958] ? security_socket_sendmsg+0x94/0xc0 [ 692.510698] ? ipip_gro_receive+0x100/0x100 [ 692.515008] sock_sendmsg+0xd5/0x120 [ 692.518712] __sys_sendto+0x3d7/0x670 [ 692.522499] ? __ia32_sys_getpeername+0xb0/0xb0 [ 692.527159] ? wait_for_completion+0x8d0/0x8d0 [ 692.531729] ? __lock_is_held+0xb5/0x140 [ 692.535785] ? __sb_end_write+0xac/0xe0 [ 692.539752] ? __ia32_sys_read+0xb0/0xb0 [ 692.543817] ? syscall_slow_exit_work+0x500/0x500 [ 692.548649] __x64_sys_sendto+0xe1/0x1a0 [ 692.552695] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 692.557711] do_syscall_64+0x1b9/0x820 [ 692.561583] ? finish_task_switch+0x1d3/0x890 [ 692.566065] ? syscall_return_slowpath+0x5e0/0x5e0 [ 692.570979] ? syscall_return_slowpath+0x31d/0x5e0 [ 692.575897] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 692.581247] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 692.586080] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 692.591254] RIP: 0033:0x455a99 [ 692.594425] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 692.613668] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 692.621368] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 692.628633] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 692.635887] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 692.643140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 692.650392] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000037 09:01:11 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) ioctl(0xffffffffffffffff, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:11 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0xffffff7f00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:11 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x80ffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:11 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000000)='bpf\x00', 0x0, &(0x7f000000a000)) open(&(0x7f0000000100)='./file0\x00', 0x464a01, 0x4) ioctl$EVIOCGBITSND(0xffffffffffffffff, 0x80404532, &(0x7f00000001c0)=""/8) chroot(&(0x7f00000000c0)='./file0\x00') pivot_root(&(0x7f0000000440)='./file0\x00', &(0x7f00000016c0)='.\x00') 09:01:11 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4c00, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:11 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:11 executing program 4 (fault-call:4 fault-nth:56): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:11 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4e200000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:11 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6800000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:11 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x40030000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:11 executing program 3: perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xfffffffffffffff4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x0, 0x0) 09:01:11 executing program 1: nanosleep(&(0x7f0000000180)={0x77359400}, &(0x7f0000000200)) nanosleep(&(0x7f0000000000)={0x0, 0x1c9c380}, &(0x7f00000001c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) munlockall() clock_gettime(0x0, &(0x7f0000000040)) 09:01:12 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0xffffff80], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:12 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) ioctl(0xffffffffffffffff, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:12 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:12 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4c000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:12 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:12 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0xfbffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:12 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x400300], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:12 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6800, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:12 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x3, 0x7, 0x100}) ioctl(0xffffffffffffffff, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:12 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x80040200, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 693.176449] FAULT_INJECTION: forcing a failure. [ 693.176449] name failslab, interval 1, probability 0, space 0, times 0 [ 693.187816] CPU: 0 PID: 22826 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 693.195173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 693.204514] Call Trace: [ 693.207103] dump_stack+0x1c9/0x2b4 [ 693.210735] ? dump_stack_print_info.cold.2+0x52/0x52 [ 693.215932] ? kernel_text_address+0x79/0xf0 [ 693.220357] should_fail.cold.4+0xa/0x1a [ 693.224423] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 693.229530] ? graph_lock+0x170/0x170 [ 693.233353] ? save_stack+0x43/0xd0 [ 693.236994] ? kasan_kmalloc+0xc4/0xe0 [ 693.240885] ? find_held_lock+0x36/0x1c0 [ 693.244952] ? __lock_is_held+0xb5/0x140 [ 693.249020] ? check_same_owner+0x340/0x340 [ 693.253345] ? rcu_note_context_switch+0x730/0x730 [ 693.258277] __should_failslab+0x124/0x180 [ 693.262515] should_failslab+0x9/0x14 [ 693.266323] kmem_cache_alloc_node_trace+0x26f/0x770 [ 693.271440] __kmalloc_node_track_caller+0x33/0x70 [ 693.276372] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 693.281131] __alloc_skb+0x155/0x790 [ 693.284847] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 693.290385] ? skb_scrub_packet+0x580/0x580 [ 693.294708] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 693.300244] ? ip_generic_getfrag+0x124/0x2e0 [ 693.304748] ? ip_reply_glue_bits+0xc0/0xc0 [ 693.309081] ? trace_hardirqs_on+0x10/0x10 [ 693.313323] ? raw_getfrag+0x15b/0x220 [ 693.317218] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 693.322241] __ip_append_data.isra.47+0x2248/0x2a90 [ 693.327263] ? raw_destroy+0x30/0x30 [ 693.330984] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 693.336797] ? ipv4_mtu+0x37d/0x590 [ 693.340428] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 693.345881] ? find_held_lock+0x36/0x1c0 [ 693.349957] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 693.355501] ip_append_data.part.48+0xf3/0x180 [ 693.360086] ? raw_destroy+0x30/0x30 [ 693.363802] ip_append_data+0x6d/0x90 [ 693.367601] ? raw_destroy+0x30/0x30 [ 693.371316] raw_sendmsg+0x1db4/0x29c0 [ 693.375216] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 693.380316] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 693.384747] ? find_held_lock+0x36/0x1c0 [ 693.388817] ? lock_downgrade+0x8f0/0x8f0 [ 693.392972] ? lock_release+0xa30/0xa30 [ 693.396946] ? check_same_owner+0x340/0x340 [ 693.401268] ? __check_object_size+0x9d/0x5f2 [ 693.405769] inet_sendmsg+0x1a1/0x690 [ 693.409574] ? ipip_gro_receive+0x100/0x100 [ 693.413899] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 693.419439] ? security_socket_sendmsg+0x94/0xc0 [ 693.424194] ? ipip_gro_receive+0x100/0x100 [ 693.428516] sock_sendmsg+0xd5/0x120 [ 693.432233] __sys_sendto+0x3d7/0x670 [ 693.436042] ? __ia32_sys_getpeername+0xb0/0xb0 [ 693.440714] ? wait_for_completion+0x8d0/0x8d0 [ 693.445303] ? __lock_is_held+0xb5/0x140 [ 693.449376] ? __sb_end_write+0xac/0xe0 [ 693.453362] ? __ia32_sys_read+0xb0/0xb0 [ 693.457426] ? syscall_slow_exit_work+0x500/0x500 [ 693.462273] __x64_sys_sendto+0xe1/0x1a0 [ 693.466334] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 693.471352] do_syscall_64+0x1b9/0x820 [ 693.475245] ? syscall_return_slowpath+0x5e0/0x5e0 [ 693.480178] ? syscall_return_slowpath+0x31d/0x5e0 [ 693.485117] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 693.490491] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 693.495348] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 693.500533] RIP: 0033:0x455a99 [ 693.503701] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:12 executing program 4 (fault-call:4 fault-nth:57): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:12 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x4000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:12 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x2], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:12 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffdfd, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 693.522936] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 693.530632] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 693.537886] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 693.545169] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 693.552419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 693.559670] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000038 [ 693.669525] FAULT_INJECTION: forcing a failure. [ 693.669525] name failslab, interval 1, probability 0, space 0, times 0 [ 693.680849] CPU: 0 PID: 22837 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 693.688215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 693.697564] Call Trace: [ 693.700162] dump_stack+0x1c9/0x2b4 [ 693.703800] ? dump_stack_print_info.cold.2+0x52/0x52 [ 693.709008] ? unwind_get_return_address+0x61/0xa0 [ 693.713956] ? graph_lock+0x170/0x170 [ 693.717771] should_fail.cold.4+0xa/0x1a [ 693.721849] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 693.726968] ? __lock_is_held+0xb5/0x140 [ 693.731039] ? __kmalloc_node_track_caller+0x47/0x70 [ 693.736155] ? graph_lock+0x170/0x170 [ 693.739967] ? find_held_lock+0x36/0x1c0 [ 693.744043] ? __lock_is_held+0xb5/0x140 [ 693.748125] ? check_same_owner+0x340/0x340 [ 693.752462] ? rcu_note_context_switch+0x730/0x730 [ 693.757406] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 693.762693] __should_failslab+0x124/0x180 09:01:12 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000240)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a400", 0xa9824f69d1376637, 0x10800a}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000100)={0xc1}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000000)) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000efb000)='/dev/sequencer2\x00', 0x0, 0x0) [ 693.766940] should_failslab+0x9/0x14 [ 693.770744] kmem_cache_alloc_node+0x272/0x780 [ 693.775334] ? __kmalloc_node_track_caller+0x47/0x70 [ 693.780448] __alloc_skb+0x119/0x790 [ 693.784168] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 693.789719] ? skb_scrub_packet+0x580/0x580 [ 693.794046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 693.799590] ? ip_generic_getfrag+0x124/0x2e0 [ 693.804095] ? ip_reply_glue_bits+0xc0/0xc0 [ 693.808427] ? trace_hardirqs_on+0x10/0x10 [ 693.812670] ? raw_getfrag+0x15b/0x220 [ 693.816563] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 693.821589] __ip_append_data.isra.47+0x2248/0x2a90 [ 693.826613] ? raw_destroy+0x30/0x30 [ 693.830345] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 693.836155] ? ipv4_mtu+0x37d/0x590 [ 693.839794] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 693.845255] ? find_held_lock+0x36/0x1c0 [ 693.849337] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 693.854884] ip_append_data.part.48+0xf3/0x180 [ 693.859469] ? raw_destroy+0x30/0x30 [ 693.863187] ip_append_data+0x6d/0x90 [ 693.866991] ? raw_destroy+0x30/0x30 [ 693.870710] raw_sendmsg+0x1db4/0x29c0 [ 693.874611] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 693.879712] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 693.884149] ? find_held_lock+0x36/0x1c0 [ 693.888223] ? lock_downgrade+0x8f0/0x8f0 [ 693.892375] ? lock_release+0xa30/0xa30 [ 693.896350] ? check_same_owner+0x340/0x340 [ 693.900679] ? __check_object_size+0x9d/0x5f2 [ 693.905181] inet_sendmsg+0x1a1/0x690 [ 693.908987] ? ipip_gro_receive+0x100/0x100 [ 693.913315] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 09:01:13 executing program 1: r0 = syz_open_dev$ndb(&(0x7f0000000200)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f00000002c0)={[], 0x0, 0xfff, 0x3a9}) 09:01:13 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:13 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) [ 693.918851] ? security_socket_sendmsg+0x94/0xc0 [ 693.923609] ? ipip_gro_receive+0x100/0x100 [ 693.927932] sock_sendmsg+0xd5/0x120 [ 693.931663] __sys_sendto+0x3d7/0x670 [ 693.935470] ? __ia32_sys_getpeername+0xb0/0xb0 [ 693.940145] ? wait_for_completion+0x8d0/0x8d0 [ 693.944742] ? __lock_is_held+0xb5/0x140 [ 693.948826] ? __sb_end_write+0xac/0xe0 [ 693.952818] ? __ia32_sys_read+0xb0/0xb0 [ 693.956883] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 693.962432] __x64_sys_sendto+0xe1/0x1a0 09:01:13 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3300000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 693.966497] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 693.971517] do_syscall_64+0x1b9/0x820 [ 693.975409] ? finish_task_switch+0x1d3/0x890 [ 693.979909] ? syscall_return_slowpath+0x5e0/0x5e0 [ 693.984846] ? syscall_return_slowpath+0x31d/0x5e0 [ 693.989787] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 693.995160] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 694.000011] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 694.005200] RIP: 0033:0x455a99 [ 694.008386] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 694.027672] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 694.035385] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 694.042650] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 694.049917] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 694.057185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 694.064456] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000039 09:01:13 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f0000000000)="256442802408ccfda18801300005d004") 09:01:13 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4800000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:13 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x80ffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:13 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x34000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:13 executing program 1: 09:01:13 executing program 4 (fault-call:4 fault-nth:58): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:13 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:13 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:13 executing program 1: 09:01:13 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x400300], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:13 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 694.223294] FAULT_INJECTION: forcing a failure. [ 694.223294] name failslab, interval 1, probability 0, space 0, times 0 [ 694.234626] CPU: 0 PID: 22866 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 694.241994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 694.251348] Call Trace: [ 694.253952] dump_stack+0x1c9/0x2b4 [ 694.257596] ? dump_stack_print_info.cold.2+0x52/0x52 [ 694.262833] ? kernel_text_address+0x79/0xf0 [ 694.267343] should_fail.cold.4+0xa/0x1a [ 694.271421] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 694.276538] ? graph_lock+0x170/0x170 [ 694.280350] ? save_stack+0x43/0xd0 [ 694.283984] ? kasan_kmalloc+0xc4/0xe0 [ 694.287886] ? find_held_lock+0x36/0x1c0 [ 694.291961] ? __lock_is_held+0xb5/0x140 [ 694.296042] ? check_same_owner+0x340/0x340 [ 694.300379] ? rcu_note_context_switch+0x730/0x730 [ 694.305322] __should_failslab+0x124/0x180 [ 694.309562] should_failslab+0x9/0x14 [ 694.313367] kmem_cache_alloc_node_trace+0x26f/0x770 [ 694.318485] __kmalloc_node_track_caller+0x33/0x70 [ 694.323420] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 694.328185] __alloc_skb+0x155/0x790 [ 694.331908] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 694.337460] ? skb_scrub_packet+0x580/0x580 [ 694.341793] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 694.347340] ? ip_generic_getfrag+0x124/0x2e0 [ 694.351843] ? ip_reply_glue_bits+0xc0/0xc0 [ 694.356173] ? trace_hardirqs_on+0x10/0x10 [ 694.360423] ? raw_getfrag+0x15b/0x220 [ 694.364316] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 694.369343] __ip_append_data.isra.47+0x2248/0x2a90 [ 694.374375] ? raw_destroy+0x30/0x30 [ 694.378105] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 694.383912] ? ipv4_mtu+0x37d/0x590 [ 694.387552] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 694.393010] ? find_held_lock+0x36/0x1c0 [ 694.397104] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 694.402647] ip_append_data.part.48+0xf3/0x180 [ 694.407230] ? raw_destroy+0x30/0x30 [ 694.410948] ip_append_data+0x6d/0x90 [ 694.414746] ? raw_destroy+0x30/0x30 [ 694.418465] raw_sendmsg+0x1db4/0x29c0 [ 694.422369] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 694.427470] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 694.431908] ? find_held_lock+0x36/0x1c0 [ 694.435981] ? lock_downgrade+0x8f0/0x8f0 [ 694.440134] ? lock_release+0xa30/0xa30 [ 694.444111] ? check_same_owner+0x340/0x340 [ 694.448436] ? __check_object_size+0x9d/0x5f2 [ 694.452941] inet_sendmsg+0x1a1/0x690 [ 694.456751] ? ipip_gro_receive+0x100/0x100 [ 694.461091] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 694.466636] ? security_socket_sendmsg+0x94/0xc0 [ 694.471396] ? ipip_gro_receive+0x100/0x100 [ 694.475718] sock_sendmsg+0xd5/0x120 [ 694.479433] __sys_sendto+0x3d7/0x670 [ 694.483236] ? __ia32_sys_getpeername+0xb0/0xb0 [ 694.487908] ? wait_for_completion+0x8d0/0x8d0 [ 694.492494] ? __lock_is_held+0xb5/0x140 [ 694.496571] ? __sb_end_write+0xac/0xe0 [ 694.500559] ? __ia32_sys_read+0xb0/0xb0 [ 694.504625] ? syscall_slow_exit_work+0x500/0x500 [ 694.509471] __x64_sys_sendto+0xe1/0x1a0 [ 694.513536] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 694.518553] do_syscall_64+0x1b9/0x820 [ 694.522445] ? finish_task_switch+0x1d3/0x890 [ 694.526949] ? syscall_return_slowpath+0x5e0/0x5e0 [ 694.531883] ? syscall_return_slowpath+0x31d/0x5e0 [ 694.536827] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 694.542198] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 694.547049] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 694.552240] RIP: 0033:0x455a99 [ 694.555423] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 694.574837] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 694.582551] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 694.589818] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 694.597083] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 694.604348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 694.611612] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000003a 09:01:14 executing program 3: 09:01:14 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x9000}) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) dup2(r0, 0xffffffffffffffff) dup2(0xffffffffffffffff, r1) 09:01:14 executing program 1: 09:01:14 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:14 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x2000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:14 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x5c5b311ff2], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:14 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x68000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:14 executing program 4 (fault-call:4 fault-nth:59): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) [ 694.894656] FAULT_INJECTION: forcing a failure. [ 694.894656] name failslab, interval 1, probability 0, space 0, times 0 [ 694.905980] CPU: 0 PID: 22885 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 694.913349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 694.922707] Call Trace: [ 694.925311] dump_stack+0x1c9/0x2b4 [ 694.928961] ? dump_stack_print_info.cold.2+0x52/0x52 [ 694.934163] ? unwind_get_return_address+0x61/0xa0 [ 694.939100] ? graph_lock+0x170/0x170 [ 694.942916] should_fail.cold.4+0xa/0x1a [ 694.946995] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 694.952122] ? __lock_is_held+0xb5/0x140 [ 694.956194] ? __kmalloc_node_track_caller+0x47/0x70 [ 694.961306] ? graph_lock+0x170/0x170 [ 694.965116] ? find_held_lock+0x36/0x1c0 [ 694.969192] ? __lock_is_held+0xb5/0x140 [ 694.973268] ? check_same_owner+0x340/0x340 [ 694.977596] ? rcu_note_context_switch+0x730/0x730 [ 694.982528] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 694.987820] __should_failslab+0x124/0x180 [ 694.992068] should_failslab+0x9/0x14 [ 694.995875] kmem_cache_alloc_node+0x272/0x780 [ 695.000467] ? __kmalloc_node_track_caller+0x47/0x70 [ 695.005586] __alloc_skb+0x119/0x790 [ 695.009309] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 695.014856] ? skb_scrub_packet+0x580/0x580 [ 695.019187] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 695.024731] ? ip_generic_getfrag+0x124/0x2e0 [ 695.029235] ? ip_reply_glue_bits+0xc0/0xc0 [ 695.033566] ? trace_hardirqs_on+0x10/0x10 [ 695.037814] ? raw_getfrag+0x15b/0x220 [ 695.041699] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 695.046707] __ip_append_data.isra.47+0x2248/0x2a90 [ 695.051711] ? raw_destroy+0x30/0x30 [ 695.055417] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 695.061202] ? ipv4_mtu+0x37d/0x590 [ 695.064818] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 695.070253] ? find_held_lock+0x36/0x1c0 [ 695.074308] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 695.079834] ip_append_data.part.48+0xf3/0x180 [ 695.084403] ? raw_destroy+0x30/0x30 [ 695.088102] ip_append_data+0x6d/0x90 [ 695.091889] ? raw_destroy+0x30/0x30 [ 695.095586] raw_sendmsg+0x1db4/0x29c0 [ 695.099465] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 695.104550] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 695.108961] ? find_held_lock+0x36/0x1c0 [ 695.113019] ? lock_downgrade+0x8f0/0x8f0 [ 695.117155] ? lock_release+0xa30/0xa30 [ 695.121114] ? check_same_owner+0x340/0x340 [ 695.125420] ? __check_object_size+0x9d/0x5f2 [ 695.129902] inet_sendmsg+0x1a1/0x690 [ 695.133691] ? ipip_gro_receive+0x100/0x100 [ 695.137998] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 695.143530] ? security_socket_sendmsg+0x94/0xc0 [ 695.148269] ? ipip_gro_receive+0x100/0x100 [ 695.152575] sock_sendmsg+0xd5/0x120 [ 695.156273] __sys_sendto+0x3d7/0x670 [ 695.160060] ? __ia32_sys_getpeername+0xb0/0xb0 [ 695.164715] ? wait_for_completion+0x8d0/0x8d0 [ 695.169285] ? __lock_is_held+0xb5/0x140 [ 695.173338] ? __sb_end_write+0xac/0xe0 [ 695.177300] ? __ia32_sys_read+0xb0/0xb0 [ 695.181344] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 695.186867] __x64_sys_sendto+0xe1/0x1a0 [ 695.190913] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 695.195916] do_syscall_64+0x1b9/0x820 [ 695.199785] ? finish_task_switch+0x1d3/0x890 [ 695.204264] ? syscall_return_slowpath+0x5e0/0x5e0 [ 695.209175] ? syscall_return_slowpath+0x31d/0x5e0 [ 695.214092] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 695.219443] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 695.224271] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 695.229440] RIP: 0033:0x455a99 09:01:14 executing program 3: 09:01:14 executing program 1: 09:01:14 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4e20000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:14 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x4], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:14 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x4], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 695.232606] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 695.251838] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 695.259529] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 695.266783] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 695.274039] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 695.281287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 695.288541] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000003b 09:01:14 executing program 1: 09:01:14 executing program 3: 09:01:14 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:14 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x74000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:14 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:14 executing program 4 (fault-call:4 fault-nth:60): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:14 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x75, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback=0x7f000001}, 0x10) sendmmsg(r0, &(0x7f0000003940)=[{{&(0x7f0000000000)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000140)="e9a1e35e12f0a901da8584f957227fdc84224025f7902218372a02f8351d5a4b9847dd9867f0eabfb80f0e469cf9c87c98857e8e566beeb10897a2e95a1cc3fde896a6ce479adbc5e2ac2d85625f8c5df681d9fe6f00f018927cd7e16ea3101c2416f9c004c73388ff346cb982939ef802ce678ee5429f3efef82ab912359146", 0x80}], 0x1, &(0x7f00000001c0)=[{0xe0, 0x1ff, 0x5, "96e8b9c2da799da86c486c3ee3b2815a9a91db3d9fd9068a498766e7631d5454ae92a2daef1d32d31f71d880af44e01ffd6f66ead24c99d02d56a9647bfe833af8c77877159b07a7b76f8a340ab125b747a4eca7de193c4e8d98295d08dc593573f951a8235524b1ec900ac1fcb4791255ab8c2fd25e705a00008c83522bff5946a1e9ee849ff58beb64a58a659f988d6e24504e2afdc88f925f268ee8acec39d7acbef688797aee7f09b2ab7c4540ca93945431bbf579c3a66281dfd3f1da03e46419c4c0aaabedda3514b5e1a051495e"}, {0xb4, 0x111, 0x2, "aba87ce9098bf5cb273466d6933d51abb36d89ff06f0bfca705f37272dd9dfb7bc4050e8be6e3c5dace86db8a224e4ca622d6620e255c3e636ae198ac29c744249e00b669d59337f411dc3c07bb116814f7a153ed29e538cb450635c6557eb322663419ee601d0a27dfc4e4cdfe3988766b83a722aaba9c77aac4d3285543686f1271bca8e8f3ba06fba43fc4acd6cfa944ce4ec96756c1d32445d972724fa8299396d426c"}], 0x194, 0x4804}, 0x5}, {{&(0x7f0000000b00)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x4, 0x4, 0x4, 0x3, {0xa, 0x4e22, 0x7, @dev={0xfe, 0x80, [], 0x1f}, 0x4}}}, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000b80)="4437b2bf5d5839e8526e55677a7c77aa3905594f25e48a43482835f7417cd8387024396e8d35fb641af0924a96cf1d7ffddda79b79ab3e66b68aeb04918d81d192b359fd30fb3958c07d90b88493bab18d3254752272fdc6a177d9b6dbb0d85c0e69b2c467008f671c6d7224f810347a393aa474dc29d8cf42d43412", 0x7c}], 0x1, &(0x7f0000003a00)=ANY=[]}}, {{&(0x7f0000001040)=@xdp={0x2c}, 0x80, &(0x7f00000014c0)=[{&(0x7f00000025c0)="72adb5d62cc445b825780e0cfc0d0c226c0a52ddf9fed1a76ad2598e98a562e968cf526173d29ca21f5d0174ae76e27acaba872e58378cc828091f6ced08714a6b26f908b156da9e4134a3561f9272ce02421789677871ae09f38437e576f3cfb74b6151802ed27fb9d736fb98ff51bfb0317f69c1f57f727c01c82d1686a5f42ac5a53d3049d3e8185be778b1545bd15c2c1997e621ad1ba60322e9ba13ede38445d2eb21ad124db4a09d7a643d7c95ffd9a0b5017dfe7f7fd46318148befc933dafe6fcad65956569e666ad1bb682800f4eade99707d9f4ca6f61650be2b9c599ff4313f87e747e2d85c2a7a4040eb35f2b390e8718a8baa34bfc467c5f9e10daf31520b2e8844e5d396fb62364cafe06a3ff62343643d2363bb65721257dc8fbb8c745abf6c0935e081a4311de3eaec40329b946d2fcbee8f019b3877e6be5315698a0f2f423be9a737b987bf938aa83a5d6b21a0764fd96c40a880479e9359595f78219c9c2341241dee320ebb80a2adeed67e5476d1fb09b1074f7651d79eaa0f93f1d0723be9daac2534f1eddf7efd4b6d1764efa2ec150356baa4dd620598ede5f94fb697e9165333968e79874168f4ac29acd8c2919aef19db302f1aee0d2d540d4f0f57007d3833c776c5d98e97bf5e47b7b398f2b61c436b935b0963ae9bf6dc4cb96da9b140fe4676b82a031207d008990b2a759bab96f34f0681d2acbe4da13b2183d45d4e7ef51f5a48b9dd26c29645985d816f47106edbcb8ef68d0fa4053104a15097570aead38cb2cb36f474f4c42e5d74a1b6fff576b25cf78042cd35f71163d2bf90226facf4cb61f57e1d3a6719dd5ff0e3e9a0e37505385d118a3067599bc7e8793db58d6a0b9dab375976f34407f69ab2b59495f8244ff50e61a91bf7952ffd7d5f7e31f11b9225d968ca7d999a4409479a2da63c59067705fdc3f20331d68f6c22e82c73dfa51d21545e6afec08a6d4d38aa8a5d30d2a2ba75dbfc2c929ac79688182cefdf4b6e77ef498cc18b59c9aa4fba6d6bef9f34d4efa81a9fcbf3d92fce98c764b7357d4581188a686070cb9afa11335a3d6fd5fd297e1ae6bfcb12160fd470e4055a7362c0caa0baa15738756309e5e98e22b74df098f09beefce7d919ccd603cb83e16ba81582d1514846aea8c81570e651c06834fcdb0b1136d0cb30403561e84faa102a3ebf83bc979283f8e7688e017a9248894cc3acfeb1f5ec4520ed935670775334ce95a47cfe834deb4f0d69f9c62a209118e3fc79e8773fe4d37780e4658290a3cfd9e6e5243099b6d764ef4431fbb0e8970cb883427cc2cf59c131e49364e3279d3941dd9d1738ed6a87c0cc39049543f1fa8e3fe4a85c7f47660a00dec17939c951ce289b4bcfe5fe6a048e8a5a0168bfbbc8aa6605eedf41a84ce9eceaa1eb5497bd8be1f630e972752a6a4f23623ed1ce215176c4fe31898bbb9ba5648227d556dd775aba2bf13f038ad31388c76f0fd9f7bb1f906c3dd9cfbf7825e11694a84b888da5192b45ac27e067791ed748f4cef07a028845f41e814073f8599070cd070681ade166bf7f46b634950ef8b2656042581ae610791841b147dfa154dfcfe4212d6ef8065a20eb7b8ae37f1b5865d337f414558e38bedbbf3530bb9e14564740701a9e77345a85d47764a74fc69be03cb9a5b5530863cb30513aaf19eb50b0ea1873256662b2cfc76941a4ee138ef7d408c51654ed7ad4925d78705d0c36350285da975ef1143f8a5af6ec222254c0e6fd2519ab4d17ef8597b363c2cbe559550db3ae9f1c867d015261f2e864dd58c9941b4e191916e555cf877178c0a9d08facbfc4fda9bbe7bb8d3d60d95d2302e8773ff042441e2fe2d6418a7711fbd0655084c9df26aa45be5eacf9d1beaf48177c67d4e7c30d11df16e4bea0f0d25d2f61459d83572879beaf49f6820e8bb3c7d193c3f03a30644c11a8f7cec3522001999190491a5f02d0d4ff2c91edcf6ad21d154811d23024b7fe6b4f2731db36247f3bc2fd574d2ec211f598ef9aef62597740e6ceb86abc6d242275d28e851e9dd44b29ae3a71f1cdaae4833965aefdaf9b0d606b8650462538e095d9bda93374d28c1301a3fae4ce5988980276ef32aeeafd197b31699424efdc878ff1fb3ba60b2ebfd082b20634b793644c5ad89edc9789757df8ddb76195b7441a859e1f3566ab533b83a0d6b28ed41cb469bb370f74551c44450fc6e7994eb799a3aff12a84c30ed641ae23be6c3142f337ccc47acb5673a921cef72eab494ee526566dd4f97297be5938377b2f3a47fd72bff4afa62544ce0de2e3146414cb1d5865682a218cbfb5303dba385f9a6f66dd9d4adc2029fdcd23e91e7af5b515c13a3958f87736408ebefa118c301d43971cffccb0270881b71cd88da2ba6b8609bca2f5e30658a7a54eff20f103331a2737eec877b7ba5ba3c77c2239ac4c39620849d02a1e9414ba8b71cbd008b7fcee3f90e02888281a4bc07fba19fe1526ac59bd30a3c988744ed6b73e0c89972c4d2ad238f44bc181c7334ee2586e66ac4f9c0ac2b750bdf0d830c7a520a33aa658a97d7228fb7dff41b55733342aff3229ea9fbdbce90bb30d59859920de8671daed6496ef509e6e5ced3134ba71d0f30ed89122d12e79f58f309ed04a8f9d31b3c37f1f01ef478cb0d53f8d0702a0b208a6424ea16e6a22ed8af49e7152c4ee29415a4ee06a12cf03d360209179e9118162ae029b60ea09247868a87d27ef87d4708251d45f4c1d039bcfd92770efbe336a792f2df6c48cd8df95973debb1ed95947069c677c948e1d5b24b3299fa01de7a58f0620848047602c94cf739d9dd2632721ced3f67a6e6eab028c93b58df2dca75b560634b267299ef42cc0f9705c19bbb17a7e4af562db89224622efe69bad349700d3f756fbc39251b8d3cf1a011fe99ba5ec4b128762876eddd0139136301dcf145b40e7fa33c99258dbdc202a8191d4da7b90386e476eea989fd651663d6280aa11d0f6ef10ff465eb4dd61c4de6776eba5ba4f7ee6de7006501d4b7b751e2b486ac43820f51acf21cdb1f551cc4dd52c2f68baf67fc50dc38c0095d91d93285d2a379e810b2f71e8dc2bcdc494e2629cef1d4942af36f9753c775d4ae2add564a47f70b773cd34b0961b8ec30f35f29d5533a929abac2a9fb52b7cf46fafd9b8b53367e791f90eaaacc0960df7bc434118c0615275f214441ad4f9a18608a6b942480f565e1fc3c59e67ff0fc2d9726dc68e402424a2691fc3795a0c263919f1dff8b55a52cd98427954926a0a99bc128c89b1836385c5fc7d97654a85bcec4d8f2d86bb3e8f346f595fe2852f4e1047a6dcf594023f7b324a3e46f5b6649c017302e525d9bb4fa322029b241360f1c56639fd7a23ff14cd451f925b958a92ebf774b7c27b51208a49fa72c6035c30aaf04ac84376785e01c1b0d4940bc819a3ccea99908ec9671babf31e44af56f21d57111d6d541e7b1905db6cbb5da70f75748e663c5", 0x9bb}, {&(0x7f0000001340)="3a15b1a71d3b2f89ed122f1795ec06886be7a0c8885321f9b18b3774e55f9d4a5c01e85342c71743cd823c4b18f6b3d3ebf72d7437fb6f352dd01d5fdbc7bcfc378c3875c8ba21958c2a12", 0x4b}, {&(0x7f00000013c0)="ce1c4d6154a9a2ae88cbeb1dd331", 0xe}], 0x3, 0x0, 0x0, 0x4080}, 0x7fff}, {{&(0x7f00000035c0)=@un=@abs={0x1, 0x0, 0x4e24}, 0x80, &(0x7f0000003900)=[{&(0x7f0000003640)="9357c8fd3cf86f0f5e16a6dbd3e0dafdee1a00a74e2a5356bc8607c3fb63448d1abb32f0c0613fe9e1ad4a899dc6f49047a1a4fc4fe2877a59a1fd67e7e0884bd6f7691abe44c689ffc341bac80625", 0x4f}, {&(0x7f0000003780)="85ed85be8d5dc733305a6955b4a2db0ba1a1097be00cf38a50f26c796cbaccea2e60d9fed4134c327df6ef98a5ce61ba3090c82f6dda0dfc91c9d6f3dc621e89cc7cfb2e426c84a304812be5d8724c467ed2a8d8e0bc5c865c0a5782ff8dd3bfb9f917a268eff38eb1c53fe0ef25fe3e21c23e86e1fc760bc87d92ff13a93b8a9c6bdd181b32ee53", 0x88}, {&(0x7f0000001500)="64a7aa88efc14ab4bcfb41c2f433662bfe8a5d2cf0e0c496122a70", 0x1b}], 0x3, 0x0, 0x0, 0x40000}, 0x10000000000}], 0x4, 0x48840) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x921b527a62bfd8af) sendmmsg(r0, &(0x7f0000001540)=[{{&(0x7f00000011c0)=@nl=@kern={0x10}, 0x80, &(0x7f0000001240)=[{&(0x7f0000004ac0)="38f48a08862a1c88f59d3c78061de946b9f279fe442722f3b91161364293cb15a1ef39bfa8011c95556ff57ec9efbb4a4d38bb66597660dbd2f0d619423644904d8a7e65080f45856ae1c36b1af02d1370451341138fd7c51cb5c434ec534f5e1360caadb450b6916b275666030ffe3e7d667578c730da9a6c0548834fd0a60acfccae1b5ec26ca0f5f00ebdf31500a8444789eac11137f781dceaf43dfecbdbf4a229577e10560ee37e0c44ba9d96a4b7aefa92d995454e877916b4dde0699f50013164d6c2e3525b5dd607607ab233c2e9f9fc4f8756e6eeaa2a81ce9106d2add9feb6a0164ce940bdd527cf5be9058c8ccb078ad83d5c32f54e5cfd952b1f9d7929a93243876dfca5a71e7378bb31616694fcfb9ca7b6438134f4fb1e0a7c28f6f5d8cd908a92f0a4c335b27fa98ca7519158263269107835991512cf4e86b82d984e72406b3109ea3e46c23c1d0dc9370a23d1fde3eaa0e1b7bff2a0a51402e29ad171510943235660f4446646504f548afd49714e9e21ba07c3b8c3f6fa8c50838fabba766048279c6749e979087611a86ac732c51f9103519a7ba5f0da9c59e06d749c266016513e98817430fa64aae5d20c7778c0a14cdf32077cc405702431f7a9766fa834f07d42a0990212a0cdba370ad53f1fbe18b51eee6021c1923111242af180de400884ff42381aec8d6c74f169c5abcb45cefe15bae10d17cb570b6df7b48de29302bddf56185bf64de5d07aab58024b5a18269c21a4bd6dad6ed468b571e39d82e23900cc778286fd555a7f984f2cdc347eaf000a8b0fc9fb01cdd1307eb56dd92717a15beb5a5cb2a5d7a2ad1e2a9bfce9b3461f82715601543f904dee85d887dd59bddcdbe65f077be1dff99344c354858da2880f7ce840881433fe6606a30d1638d1b3740e443247b7dc050c9649501f41de9d8e79c793f476b0790db83001556f6c8aa9b8611faf9af4fc4b614315db852aecd0d2435a2f579923c208e4e8f7b3e24105bb416be69cf8278410dbae7c74cd1247a3d1de4ee919fa76763410ccd6a833ef0865091c1bd33662e801ba2bfdc2fd0d140e8eb7c3f201c0d38e495212b9b35086c5c5c6e9e5033d02155ba9b69bbfbfb8abf87f49a73d8fab5da8311f8617d4d78057a66a24f00b58d148ad630792d249305ffb0bfb96e4386c9a09a57f5cf3919c55c60957a96ddae76228831436870bf7d6dc4e09e6358b2640a40727bedbb3d2bd96503a2df4a4c95abbd154dce6570f55fc54af708325356718ba3f22319c2339d1e13b6568767fd8a62c4aa001fac671cb962a1d703d9f338f65041aba9c43fe9e1748ae5cf75911b915610c2fbebb43ba810c45058f859976cfca9133212198e52ca10b7161299eefba6ca538004792ef7548b39ee559034ae4beb68c5019e286b9b14cc09608376167524d24c9a4bee9898f705dc2fe53f8c47e372e0779b9738ad0697a8174db288519357756f6eaf7bd935b72e53706d9ec5734c1d25979b3b6547c7cae69765d500ee638956ab169cb951570e998d9cdaca540acbed79cd3ed74c041af7e3a981f60616a0b5cf36134010c36506dea2007da2d917d58dda657fa62e880e63f674128cb7c48614092ff05ac109227ab93bc9ecc5f6d5564b07cedff9c605ab31718c4cb31fb982507a211b91bd550a6f0478736fa5ead6b486e4449470c3a88e7d585868c119d973d2f643733357f366a77f23df38ec53725997ba08ac9e30b261958da0e1b61aaad192b0812146f40d6c06ee0b37c338f4acb7b5549e736784429814d2f53e30e593732be04f0985da7cdf1fb0685e95459dd85dbd2a0d8d9d823b04f097262a8110dad93725e696c8f0bc71ff1b9c2dc87f0e5186c4d94b47aa7fe9fd893b0a862ccb1cbf2b0bf364c0584fdee9e9e86cc3c01f7fe72a4c4d790aab354bb4d8e60c6ef3594cff9d14d51d2b0e72fd123dd47373e0f4cac16a1bbc79ae63c75d7274d94890d4628185fed58fca3fc9f07abb6ef1104e2dbd50e9b4f70158fcc506fab12d13809fa63599775b85ccd515e2f5f4c7f930238782a057e0e41f23589ba52547ad56e4dde8f0e94603a5ece34e7785c59dbfc903b08bf53d99502e4c18cd409ffc6bf31fcc5663b89773155328be87f937e91ed166c21616fdb7aedfe2675e8ec93e91bc5dd48433ce972518125a1e58fb65e02517308da21b9c1c9a4d665238b6a573a4ea9a2b4e3712b0b48d5b3191ef49bfd5926fbb1ff20394bb152d0a383fdc551de98395d8aeff276376113187161fae8209d9e53a8c6935d88105cac5eb9fcc59d8855c7d8bbcd75c118312f6ab608ab225667874907dd19c8e070a2a92447528603f8f0896c3fb5288e7cc9113877bc86686dd490920ead08d240cc60fb9dbca982b4dbfb2fed2b9f3ee46b5481b6439282b9f8dfc3b9c1b393306b83cf00ed588004320f8c9ad0dbe1b4b53cfbbcadb41fb8d911a99b9f6033ed256dec03a723f8a68bb246ea66943e79d4a65f20734814", 0x6fa}], 0x1, &(0x7f0000001280)}}], 0x1, 0x40001) 09:01:14 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x20000000002, 0x0, 0x0, 0xfffffffffffffffd}) write(r0, &(0x7f0000c34fff), 0xffffff0b) fcntl$lock(r1, 0x0, &(0x7f0000000100)={0x1, 0x0, 0xefffffff, 0xfffffffffffffffd}) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f0000000140)={0x0, {{0xa, 0x4e22, 0x6, @remote={0xfe, 0x80, [], 0xbb}, 0x1}}, {{0xa, 0x4e21, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x80000000}}}, 0x108) 09:01:14 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x100000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:14 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1f000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:14 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x40030000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 695.483785] FAULT_INJECTION: forcing a failure. [ 695.483785] name failslab, interval 1, probability 0, space 0, times 0 [ 695.495106] CPU: 1 PID: 22920 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 695.502473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 695.511829] Call Trace: [ 695.514409] dump_stack+0x1c9/0x2b4 [ 695.518031] ? dump_stack_print_info.cold.2+0x52/0x52 [ 695.523212] ? kernel_text_address+0x79/0xf0 [ 695.527616] should_fail.cold.4+0xa/0x1a [ 695.531666] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 695.536762] ? graph_lock+0x170/0x170 [ 695.540549] ? save_stack+0x43/0xd0 [ 695.544161] ? kasan_kmalloc+0xc4/0xe0 [ 695.548037] ? find_held_lock+0x36/0x1c0 [ 695.552087] ? __lock_is_held+0xb5/0x140 [ 695.556140] ? check_same_owner+0x340/0x340 [ 695.560446] ? rcu_note_context_switch+0x730/0x730 [ 695.565364] __should_failslab+0x124/0x180 [ 695.569584] should_failslab+0x9/0x14 [ 695.573367] kmem_cache_alloc_node_trace+0x26f/0x770 [ 695.578466] __kmalloc_node_track_caller+0x33/0x70 [ 695.583385] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 695.588127] __alloc_skb+0x155/0x790 [ 695.591827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 695.597349] ? skb_scrub_packet+0x580/0x580 [ 695.601658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 695.607179] ? ip_generic_getfrag+0x124/0x2e0 [ 695.611657] ? ip_reply_glue_bits+0xc0/0xc0 [ 695.615960] ? trace_hardirqs_on+0x10/0x10 [ 695.620182] ? raw_getfrag+0x15b/0x220 [ 695.624053] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 695.629056] __ip_append_data.isra.47+0x2248/0x2a90 [ 695.634060] ? raw_destroy+0x30/0x30 [ 695.637768] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 695.643555] ? ipv4_mtu+0x37d/0x590 [ 695.647192] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 695.652629] ? find_held_lock+0x36/0x1c0 [ 695.656683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 695.662207] ip_append_data.part.48+0xf3/0x180 [ 695.666772] ? raw_destroy+0x30/0x30 [ 695.670474] ip_append_data+0x6d/0x90 [ 695.674254] ? raw_destroy+0x30/0x30 [ 695.677955] raw_sendmsg+0x1db4/0x29c0 [ 695.681833] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 695.686917] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 695.691323] ? find_held_lock+0x36/0x1c0 [ 695.695372] ? lock_downgrade+0x8f0/0x8f0 [ 695.699504] ? lock_release+0xa30/0xa30 [ 695.703462] ? check_same_owner+0x340/0x340 [ 695.707771] ? __check_object_size+0x9d/0x5f2 [ 695.712253] inet_sendmsg+0x1a1/0x690 [ 695.716041] ? ipip_gro_receive+0x100/0x100 [ 695.720347] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 695.725878] ? security_socket_sendmsg+0x94/0xc0 [ 695.730615] ? ipip_gro_receive+0x100/0x100 [ 695.734922] sock_sendmsg+0xd5/0x120 [ 695.738625] __sys_sendto+0x3d7/0x670 [ 695.742420] ? __ia32_sys_getpeername+0xb0/0xb0 [ 695.747074] ? wait_for_completion+0x8d0/0x8d0 [ 695.751643] ? __lock_is_held+0xb5/0x140 [ 695.755695] ? __sb_end_write+0xac/0xe0 [ 695.759658] ? __ia32_sys_read+0xb0/0xb0 [ 695.763707] ? syscall_slow_exit_work+0x500/0x500 [ 695.768536] __x64_sys_sendto+0xe1/0x1a0 [ 695.772582] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 695.777584] do_syscall_64+0x1b9/0x820 [ 695.781454] ? finish_task_switch+0x1d3/0x890 [ 695.785941] ? syscall_return_slowpath+0x5e0/0x5e0 [ 695.790867] ? syscall_return_slowpath+0x31d/0x5e0 [ 695.795784] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 695.801137] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 695.805983] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 695.811157] RIP: 0033:0x455a99 [ 695.814326] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 695.833566] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 695.841256] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 695.848509] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 695.855760] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 695.863015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 695.870268] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000003c 09:01:15 executing program 3: r0 = memfd_create(&(0x7f0000000400)="e83779d80efa45bb7f48bebc95870bd0cd39bd2830ee47afe7b33fc778bde252c50d2e", 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x20009) capset(&(0x7f0000000040), &(0x7f0000000080)) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, "7175657565310000000000000000313b0000000000000000000000000000000000000000060000000000ccbf7ddd00"}) r3 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYBLOB="00009e"], &(0x7f0000000240)=0x2) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") write$sndseq(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) 09:01:15 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:15 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x600, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:15 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_FORCE_PACK_ID(0xffffffffffffffff, 0x227b, &(0x7f0000000280)) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000740)=""/4096, 0x1000}], 0x1) memfd_create(&(0x7f00000000c0)='/dev/sg#\x00', 0x1) write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[], 0xf6) socket$inet6_dccp(0xa, 0x6, 0x0) 09:01:15 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x80ffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:15 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x1000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:15 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:15 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:15 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:15 executing program 4 (fault-call:4 fault-nth:61): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:15 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7a00, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:15 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0xffffff7f00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:15 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x2000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:15 executing program 1: r0 = syz_open_dev$ndb(&(0x7f0000000200)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f00000002c0)={[], 0x0, 0xfff, 0x3a9, 0x0, 0x6}) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000340)={{0x0, r1+30000000}}, &(0x7f0000000380)) fsetxattr(r0, &(0x7f0000000240)=@random={'trusted.', '}\x00'}, &(0x7f0000000280)='proc\x00', 0x5, 0x0) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000140)={0x0, 0x0, 0x3e0000000000, 0x7ff, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x2, 0x6, 0x9}) [ 696.511136] FAULT_INJECTION: forcing a failure. [ 696.511136] name failslab, interval 1, probability 0, space 0, times 0 [ 696.522461] CPU: 0 PID: 22964 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 696.529828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 696.539179] Call Trace: [ 696.541773] dump_stack+0x1c9/0x2b4 [ 696.545420] ? dump_stack_print_info.cold.2+0x52/0x52 [ 696.550614] ? unwind_get_return_address+0x61/0xa0 [ 696.555554] ? graph_lock+0x170/0x170 [ 696.559368] should_fail.cold.4+0xa/0x1a [ 696.563446] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 696.568560] ? __lock_is_held+0xb5/0x140 [ 696.572630] ? __kmalloc_node_track_caller+0x47/0x70 [ 696.577742] ? graph_lock+0x170/0x170 [ 696.581566] ? find_held_lock+0x36/0x1c0 [ 696.585651] ? __lock_is_held+0xb5/0x140 [ 696.589737] ? check_same_owner+0x340/0x340 [ 696.594067] ? rcu_note_context_switch+0x730/0x730 [ 696.599086] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 696.604367] __should_failslab+0x124/0x180 [ 696.608597] should_failslab+0x9/0x14 [ 696.612385] kmem_cache_alloc_node+0x272/0x780 [ 696.616962] ? __kmalloc_node_track_caller+0x47/0x70 [ 696.622058] __alloc_skb+0x119/0x790 [ 696.625766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 696.631289] ? skb_scrub_packet+0x580/0x580 [ 696.635595] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 696.641117] ? ip_generic_getfrag+0x124/0x2e0 [ 696.645595] ? ip_reply_glue_bits+0xc0/0xc0 [ 696.649906] ? trace_hardirqs_on+0x10/0x10 [ 696.654132] ? raw_getfrag+0x15b/0x220 [ 696.658018] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 696.663031] __ip_append_data.isra.47+0x2248/0x2a90 [ 696.668038] ? raw_destroy+0x30/0x30 [ 696.671745] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 696.677533] ? ipv4_mtu+0x37d/0x590 [ 696.681148] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 696.686580] ? find_held_lock+0x36/0x1c0 [ 696.690632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 696.696153] ip_append_data.part.48+0xf3/0x180 [ 696.700722] ? raw_destroy+0x30/0x30 [ 696.704421] ip_append_data+0x6d/0x90 [ 696.708203] ? raw_destroy+0x30/0x30 [ 696.711907] raw_sendmsg+0x1db4/0x29c0 [ 696.715805] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 696.720910] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 696.725318] ? find_held_lock+0x36/0x1c0 [ 696.729371] ? lock_downgrade+0x8f0/0x8f0 [ 696.733505] ? lock_release+0xa30/0xa30 [ 696.737460] ? check_same_owner+0x340/0x340 [ 696.741768] ? __check_object_size+0x9d/0x5f2 [ 696.746291] inet_sendmsg+0x1a1/0x690 [ 696.750079] ? ipip_gro_receive+0x100/0x100 [ 696.754390] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 696.759913] ? security_socket_sendmsg+0x94/0xc0 [ 696.764653] ? ipip_gro_receive+0x100/0x100 [ 696.768964] sock_sendmsg+0xd5/0x120 [ 696.772677] __sys_sendto+0x3d7/0x670 [ 696.776462] ? __ia32_sys_getpeername+0xb0/0xb0 [ 696.781116] ? wait_for_completion+0x8d0/0x8d0 [ 696.785684] ? __lock_is_held+0xb5/0x140 [ 696.789737] ? __sb_end_write+0xac/0xe0 [ 696.793700] ? __ia32_sys_read+0xb0/0xb0 [ 696.797743] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 696.803267] __x64_sys_sendto+0xe1/0x1a0 [ 696.807322] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 696.812332] do_syscall_64+0x1b9/0x820 [ 696.816201] ? finish_task_switch+0x1d3/0x890 [ 696.820682] ? syscall_return_slowpath+0x5e0/0x5e0 [ 696.825597] ? syscall_return_slowpath+0x31d/0x5e0 [ 696.830515] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 696.835866] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 696.840699] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 696.845893] RIP: 0033:0x455a99 09:01:16 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xf000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:16 executing program 1: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x7003, &(0x7f0000000000)) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") close(r0) 09:01:16 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x400300], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 696.849070] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 696.868304] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 696.876000] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 696.883257] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 696.890507] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 696.897768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 696.905025] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000003d 09:01:16 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0xffffff7f], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:16 executing program 4 (fault-call:4 fault-nth:62): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:16 executing program 3: syz_emit_ethernet(0x3e, &(0x7f0000000200)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}, @dev={0xac, 0x14, 0x14}}, @icmp=@parameter_prob={0x5, 0x8, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x70, 0x14, 0xaa}, @dev={0xac, 0x14, 0x14}}}}}}}, &(0x7f0000000040)) 09:01:16 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:16 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x8004020000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:16 executing program 1: r0 = socket$inet6(0xa, 0x802, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000000)="295ee1311f16f477671070") r1 = socket(0x2, 0x1, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r2, 0x29, 0x36, &(0x7f00000003c0), 0x8) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}}, 0x1c) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000000)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}, @dev={0xac, 0x14, 0x14}}, 0xc) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) ioprio_set$uid(0x3, r3, 0xfffffffffffffffb) setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f0000000380)=0x2, 0x35b) 09:01:16 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:16 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x80ffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:16 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc0ffffff00000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:16 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0xffffff7f], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:16 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r1, 0xae80, 0x0) dup2(r0, r1) dup2(r1, 0xffffffffffffffff) 09:01:16 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000240)="0047fc2f07d82c99240970") r1 = socket(0xa, 0x40000000000002, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[0xfeffffff], [0xff, 0xff], @loopback=0x7f000001}}, 0x1c) r2 = socket(0x11, 0x100000803, 0x0) r3 = syz_open_dev$tun(&(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={"6966623000faffffffffffffff00", 0x12}) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'ifb0\x00', 0xa201}) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x30, &(0x7f0000000080)={@dev={0xfe, 0x80}}, 0xa5) 09:01:16 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:16 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x68, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:16 executing program 1: r0 = socket(0xa, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000440)={'veth0_to_bridge\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bcsh0\x00', r2}) sendmsg$nl_route(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f00000005c0)=@setlink={0x30, 0x13, 0xf2f, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_VFINFO_LIST={0x10, 0x16, [{0x25, 0x1, [@typed={0x8, 0x0, @uid}]}]}]}, 0x30}, 0x1}, 0x0) 09:01:16 executing program 7: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r1, 0xae80, 0x0) dup2(0xffffffffffffffff, r1) dup2(r1, r0) 09:01:16 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x4000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 697.574991] FAULT_INJECTION: forcing a failure. [ 697.574991] name failslab, interval 1, probability 0, space 0, times 0 [ 697.586304] CPU: 1 PID: 23032 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 697.593663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 697.603009] Call Trace: [ 697.605603] dump_stack+0x1c9/0x2b4 [ 697.609240] ? dump_stack_print_info.cold.2+0x52/0x52 [ 697.614435] ? kernel_text_address+0x79/0xf0 [ 697.618854] should_fail.cold.4+0xa/0x1a [ 697.622925] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 697.628038] ? graph_lock+0x170/0x170 [ 697.631846] ? save_stack+0x43/0xd0 [ 697.635468] ? kasan_kmalloc+0xc4/0xe0 [ 697.639363] ? find_held_lock+0x36/0x1c0 [ 697.643426] ? __lock_is_held+0xb5/0x140 [ 697.647493] ? check_same_owner+0x340/0x340 [ 697.651813] ? rcu_note_context_switch+0x730/0x730 [ 697.656749] __should_failslab+0x124/0x180 [ 697.660987] should_failslab+0x9/0x14 [ 697.664790] kmem_cache_alloc_node_trace+0x26f/0x770 [ 697.669901] __kmalloc_node_track_caller+0x33/0x70 [ 697.674832] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 697.679590] __alloc_skb+0x155/0x790 [ 697.683302] ? find_held_lock+0x36/0x1c0 [ 697.687368] ? skb_scrub_packet+0x580/0x580 [ 697.691689] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 697.697221] ? ip_generic_getfrag+0x124/0x2e0 [ 697.701714] ? ip_reply_glue_bits+0xc0/0xc0 [ 697.706040] ? trace_hardirqs_on+0x10/0x10 [ 697.710277] ? raw_getfrag+0x15b/0x220 [ 697.714165] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 697.719182] __ip_append_data.isra.47+0x2248/0x2a90 [ 697.724202] ? preempt_notifier_register+0x200/0x200 [ 697.729303] ? raw_destroy+0x30/0x30 [ 697.733027] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 697.738830] ? __schedule+0x884/0x1ed0 [ 697.742726] ? ipv4_mtu+0x37d/0x590 [ 697.746356] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 697.751807] ? find_held_lock+0x36/0x1c0 [ 697.755880] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 697.761421] ip_append_data.part.48+0xf3/0x180 [ 697.766005] ? raw_destroy+0x30/0x30 [ 697.769720] ip_append_data+0x6d/0x90 [ 697.773514] ? raw_destroy+0x30/0x30 [ 697.777230] raw_sendmsg+0x1db4/0x29c0 [ 697.781131] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 697.786229] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 697.790670] ? find_held_lock+0x36/0x1c0 [ 697.794739] ? lock_downgrade+0x8f0/0x8f0 [ 697.798886] ? lock_release+0xa30/0xa30 [ 697.802857] ? check_same_owner+0x340/0x340 [ 697.807181] ? __check_object_size+0x9d/0x5f2 [ 697.811678] inet_sendmsg+0x1a1/0x690 [ 697.815481] ? ipip_gro_receive+0x100/0x100 [ 697.819817] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 697.825354] ? security_socket_sendmsg+0x94/0xc0 [ 697.830112] ? ipip_gro_receive+0x100/0x100 [ 697.834433] sock_sendmsg+0xd5/0x120 [ 697.838146] __sys_sendto+0x3d7/0x670 [ 697.841947] ? __ia32_sys_getpeername+0xb0/0xb0 [ 697.846618] ? wait_for_completion+0x8d0/0x8d0 [ 697.851202] ? __lock_is_held+0xb5/0x140 [ 697.855278] ? __sb_end_write+0xac/0xe0 [ 697.859263] ? __ia32_sys_read+0xb0/0xb0 [ 697.863326] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 697.868866] __x64_sys_sendto+0xe1/0x1a0 [ 697.872929] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 697.877945] do_syscall_64+0x1b9/0x820 [ 697.881828] ? finish_task_switch+0x1d3/0x890 [ 697.886328] ? syscall_return_slowpath+0x5e0/0x5e0 [ 697.891257] ? syscall_return_slowpath+0x31d/0x5e0 [ 697.896190] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 697.901554] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 697.906399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 697.911590] RIP: 0033:0x455a99 [ 697.914773] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 697.934151] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 697.941862] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 697.949126] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 697.956392] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 697.963657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 09:01:17 executing program 4 (fault-call:4 fault-nth:63): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:17 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0xffffff80], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:17 executing program 1: r0 = socket$inet6(0xa, 0x802, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000000)="295ee1311f16f477671070") r1 = socket(0x2, 0x1, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r2, 0x29, 0x36, &(0x7f00000003c0), 0xfffffffffffffd45) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}}, 0x1c) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000000)={@multicast2=0xe0000002, @local={0xac, 0x14, 0x14, 0xaa}, @dev={0xac, 0x14, 0x14}}, 0xc) setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f0000000380)=0x2, 0x35b) 09:01:17 executing program 7: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r1, 0xae80, 0x0) dup2(0xffffffffffffffff, r1) dup2(r1, r0) 09:01:17 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x600000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:17 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 697.970923] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000003e 09:01:17 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x8000004000008912, &(0x7f0000000000)="295ee1311f16f477671070") openat$urandom(0xffffffffffffff9c, &(0x7f0000000180)='/dev/urandom\x00', 0x0, 0x0) setsockopt(r0, 0x40, 0x4, &(0x7f0000000040)="199c98e3aee1d7ecc81547fe354dd86fc770fd6d28facdb09a9d40e65a5fc94223e5e3ff39e172726befb2c1da98bd1429defcee8947bed6d6b2da4b972d1b33ea699efa0de537553b0f2d4da27e5f0c7a908ad4e8e91897b441201231e9", 0x5e) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0xc0, 0x0) write$fuse(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="50000000000000000600000000000000070000001b000000040000000800000001000400030000002c00000000000000000000000000000000000000000000000000000000000074cd79d1176df08866bb63000000000000000000"], 0x50) fcntl$setstatus(r1, 0x4, 0x4000) 09:01:17 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x2], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 698.085522] FAULT_INJECTION: forcing a failure. [ 698.085522] name failslab, interval 1, probability 0, space 0, times 0 [ 698.096836] CPU: 1 PID: 23053 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 698.104200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.113556] Call Trace: [ 698.116162] dump_stack+0x1c9/0x2b4 [ 698.119806] ? dump_stack_print_info.cold.2+0x52/0x52 [ 698.125004] ? __schedule+0x884/0x1ed0 [ 698.128904] should_fail.cold.4+0xa/0x1a [ 698.132974] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 698.138082] ? __lock_is_held+0xb5/0x140 [ 698.142146] ? __kmalloc_node_track_caller+0x47/0x70 [ 698.147251] ? graph_lock+0x170/0x170 [ 698.151064] ? find_held_lock+0x36/0x1c0 [ 698.155131] ? __lock_is_held+0xb5/0x140 [ 698.159202] ? check_same_owner+0x340/0x340 [ 698.163522] ? rcu_note_context_switch+0x730/0x730 [ 698.168452] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 698.173729] __should_failslab+0x124/0x180 [ 698.177969] should_failslab+0x9/0x14 [ 698.181770] kmem_cache_alloc_node+0x272/0x780 [ 698.186353] ? __kmalloc_node_track_caller+0x47/0x70 [ 698.191466] __alloc_skb+0x119/0x790 [ 698.195178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.200715] ? skb_scrub_packet+0x580/0x580 [ 698.205041] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.210577] ? ip_generic_getfrag+0x124/0x2e0 [ 698.215073] ? ip_reply_glue_bits+0xc0/0xc0 [ 698.219397] ? trace_hardirqs_on+0x10/0x10 [ 698.223637] ? raw_getfrag+0x15b/0x220 [ 698.227529] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 698.232551] __ip_append_data.isra.47+0x2248/0x2a90 [ 698.237573] ? raw_destroy+0x30/0x30 [ 698.241297] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 698.247098] ? ipv4_mtu+0x37d/0x590 [ 698.250726] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 698.256175] ? find_held_lock+0x36/0x1c0 [ 698.260251] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.265794] ip_append_data.part.48+0xf3/0x180 [ 698.270381] ? raw_destroy+0x30/0x30 [ 698.274099] ip_append_data+0x6d/0x90 [ 698.277895] ? raw_destroy+0x30/0x30 [ 698.281623] raw_sendmsg+0x1db4/0x29c0 [ 698.285528] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 698.290630] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 698.295064] ? find_held_lock+0x36/0x1c0 [ 698.299135] ? lock_downgrade+0x8f0/0x8f0 [ 698.303290] ? lock_release+0xa30/0xa30 [ 698.307260] ? check_same_owner+0x340/0x340 [ 698.311585] ? __check_object_size+0x9d/0x5f2 [ 698.316082] inet_sendmsg+0x1a1/0x690 [ 698.319886] ? ipip_gro_receive+0x100/0x100 [ 698.324211] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 698.329746] ? security_socket_sendmsg+0x94/0xc0 [ 698.334499] ? ipip_gro_receive+0x100/0x100 [ 698.338823] sock_sendmsg+0xd5/0x120 [ 698.342539] __sys_sendto+0x3d7/0x670 [ 698.346343] ? __ia32_sys_getpeername+0xb0/0xb0 [ 698.351016] ? wait_for_completion+0x8d0/0x8d0 [ 698.355601] ? __lock_is_held+0xb5/0x140 [ 698.359672] ? __sb_end_write+0xac/0xe0 [ 698.363652] ? __ia32_sys_read+0xb0/0xb0 [ 698.367712] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 698.373252] __x64_sys_sendto+0xe1/0x1a0 [ 698.377319] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 698.382333] do_syscall_64+0x1b9/0x820 [ 698.386215] ? finish_task_switch+0x1d3/0x890 [ 698.390714] ? syscall_return_slowpath+0x5e0/0x5e0 [ 698.395642] ? syscall_return_slowpath+0x31d/0x5e0 [ 698.400578] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 698.405943] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 698.410795] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 698.415979] RIP: 0033:0x455a99 09:01:17 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:17 executing program 7: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r1, 0xae80, 0x0) dup2(0xffffffffffffffff, r1) dup2(r1, r0) 09:01:17 executing program 3: r0 = socket$inet(0x10, 0x80002, 0x0) sendmsg(r0, &(0x7f0000004fc8)={0x0, 0xd1, &(0x7f0000000040)=[{&(0x7f0000000080)="2f0000001800030007fffd946fa283bc8020000000040005031d856808000200083c14cc16ccbb24e0710b42fa3ccc", 0x2f}], 0x1}, 0x0) 09:01:17 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x500000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 698.419159] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 698.438541] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 698.446247] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 698.453513] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 698.460775] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 698.468037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 698.475302] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000003f 09:01:17 executing program 1: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000080)) syz_emit_ethernet(0x0, &(0x7f00000000c0)=ANY=[], 0x0) syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x800, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000040)={0x1, 0x401}) 09:01:17 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x2], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:17 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0xffffff7f00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:17 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000001c0)="025cc83d6d345f8f660070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x1, 0x0) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000063fc900000000000000050000008c0100000400000000000000000065750ede825e45a90f3d09876e6d0cd4e191a1f98937702d8f9523b12ed909205c7333bb937dee28d4b2921ea4c8fa86a91c8275dd4b26916a0dc38b518cdfb53517cdf5426294735b7189c3008a2cbdae69c720e6ff0000000000710e13"], 0x7c) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSW(r2, 0x5403, &(0x7f0000002000)={0x6}) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000000)) ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000080)={0x7, 0x80000001, 0xfff, 0x8001, 0x34, 0x9, 0x1, 0x1000, 0x3f, 0x100, 0x2a7, 0x4}) 09:01:17 executing program 4 (fault-call:4 fault-nth:64): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:17 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:17 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:17 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 698.619021] FAULT_INJECTION: forcing a failure. [ 698.619021] name failslab, interval 1, probability 0, space 0, times 0 [ 698.630435] CPU: 0 PID: 23073 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 698.637888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.647240] Call Trace: [ 698.649838] dump_stack+0x1c9/0x2b4 [ 698.653482] ? dump_stack_print_info.cold.2+0x52/0x52 [ 698.658685] ? kernel_text_address+0x79/0xf0 [ 698.663096] should_fail.cold.4+0xa/0x1a [ 698.667153] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 698.672253] ? graph_lock+0x170/0x170 [ 698.676047] ? save_stack+0x43/0xd0 [ 698.679663] ? kasan_kmalloc+0xc4/0xe0 [ 698.683543] ? find_held_lock+0x36/0x1c0 [ 698.687597] ? __lock_is_held+0xb5/0x140 [ 698.691656] ? check_same_owner+0x340/0x340 [ 698.695968] ? rcu_note_context_switch+0x730/0x730 [ 698.700892] __should_failslab+0x124/0x180 [ 698.705118] should_failslab+0x9/0x14 [ 698.708905] kmem_cache_alloc_node_trace+0x26f/0x770 [ 698.714008] __kmalloc_node_track_caller+0x33/0x70 [ 698.718937] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 698.723686] __alloc_skb+0x155/0x790 [ 698.727387] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.732911] ? skb_scrub_packet+0x580/0x580 [ 698.737219] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.742748] ? ip_generic_getfrag+0x124/0x2e0 [ 698.747236] ? ip_reply_glue_bits+0xc0/0xc0 [ 698.751548] ? trace_hardirqs_on+0x10/0x10 [ 698.755776] ? raw_getfrag+0x15b/0x220 [ 698.759651] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 698.764658] __ip_append_data.isra.47+0x2248/0x2a90 [ 698.769670] ? raw_destroy+0x30/0x30 [ 698.773379] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 698.779171] ? ipv4_mtu+0x37d/0x590 [ 698.782790] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 698.788226] ? find_held_lock+0x36/0x1c0 [ 698.792286] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.797813] ip_append_data.part.48+0xf3/0x180 [ 698.802384] ? raw_destroy+0x30/0x30 [ 698.806085] ip_append_data+0x6d/0x90 [ 698.809870] ? raw_destroy+0x30/0x30 [ 698.813571] raw_sendmsg+0x1db4/0x29c0 [ 698.817458] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 698.822547] ? zap_class+0x740/0x740 [ 698.826271] ? find_held_lock+0x36/0x1c0 [ 698.830329] ? lock_downgrade+0x8f0/0x8f0 [ 698.834467] ? lock_release+0xa30/0xa30 [ 698.838430] ? check_same_owner+0x340/0x340 [ 698.842744] ? __check_object_size+0x9d/0x5f2 [ 698.847232] inet_sendmsg+0x1a1/0x690 [ 698.851030] ? ipip_gro_receive+0x100/0x100 [ 698.855343] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 698.860868] ? security_socket_sendmsg+0x94/0xc0 [ 698.865608] ? ipip_gro_receive+0x100/0x100 [ 698.869919] sock_sendmsg+0xd5/0x120 [ 698.873624] __sys_sendto+0x3d7/0x670 [ 698.877425] ? __ia32_sys_getpeername+0xb0/0xb0 [ 698.882087] ? wait_for_completion+0x8d0/0x8d0 [ 698.886680] ? __sb_end_write+0xac/0xe0 [ 698.890651] ? __ia32_sys_read+0xb0/0xb0 [ 698.894700] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 698.900231] __x64_sys_sendto+0xe1/0x1a0 [ 698.904282] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 698.909290] do_syscall_64+0x1b9/0x820 [ 698.913165] ? syscall_slow_exit_work+0x500/0x500 [ 698.917994] ? syscall_return_slowpath+0x5e0/0x5e0 [ 698.922913] ? syscall_return_slowpath+0x31d/0x5e0 [ 698.927836] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 698.933192] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 698.938038] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 698.943236] RIP: 0033:0x455a99 [ 698.946412] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:18 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x5ddc1f5c5c000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 698.965753] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 698.973451] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 698.980708] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 698.987965] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 698.995217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 699.002473] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000040 09:01:18 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x61, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = msgget$private(0x0, 0x1) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f00000001c0)=0x6b65a876, 0x4) sendto$inet6(r1, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000000080)={0xa, 0x0, 0xb, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c) msgrcv(r0, &(0x7f00000000c0)={0x0, ""/189}, 0xc5, 0x2, 0x3800) 09:01:18 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x400000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:18 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:18 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:18 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x300, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:18 executing program 4 (fault-call:4 fault-nth:65): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:18 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x1000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 699.186571] FAULT_INJECTION: forcing a failure. [ 699.186571] name failslab, interval 1, probability 0, space 0, times 0 [ 699.197985] CPU: 0 PID: 23103 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 699.205355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 699.214719] Call Trace: [ 699.217314] dump_stack+0x1c9/0x2b4 [ 699.220949] ? dump_stack_print_info.cold.2+0x52/0x52 [ 699.226148] ? unwind_get_return_address+0x61/0xa0 [ 699.231088] ? graph_lock+0x170/0x170 [ 699.234897] should_fail.cold.4+0xa/0x1a [ 699.238946] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 699.244040] ? __lock_is_held+0xb5/0x140 [ 699.248086] ? __kmalloc_node_track_caller+0x47/0x70 [ 699.253197] ? graph_lock+0x170/0x170 [ 699.256990] ? find_held_lock+0x36/0x1c0 [ 699.261041] ? __lock_is_held+0xb5/0x140 [ 699.265094] ? check_same_owner+0x340/0x340 [ 699.269400] ? rcu_note_context_switch+0x730/0x730 [ 699.274314] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 699.279574] __should_failslab+0x124/0x180 [ 699.283794] should_failslab+0x9/0x14 [ 699.287584] kmem_cache_alloc_node+0x272/0x780 [ 699.292151] ? __kmalloc_node_track_caller+0x47/0x70 [ 699.297243] __alloc_skb+0x119/0x790 [ 699.300940] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.306465] ? skb_scrub_packet+0x580/0x580 [ 699.310771] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.316292] ? ip_generic_getfrag+0x124/0x2e0 [ 699.320770] ? ip_reply_glue_bits+0xc0/0xc0 [ 699.325075] ? trace_hardirqs_on+0x10/0x10 [ 699.329295] ? raw_getfrag+0x15b/0x220 [ 699.333167] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 699.338168] __ip_append_data.isra.47+0x2248/0x2a90 [ 699.343173] ? raw_destroy+0x30/0x30 [ 699.346875] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 699.352658] ? ipv4_mtu+0x37d/0x590 [ 699.356271] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 699.361710] ? find_held_lock+0x36/0x1c0 [ 699.365763] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.371283] ip_append_data.part.48+0xf3/0x180 [ 699.375848] ? raw_destroy+0x30/0x30 [ 699.379549] ip_append_data+0x6d/0x90 [ 699.383332] ? raw_destroy+0x30/0x30 [ 699.387035] raw_sendmsg+0x1db4/0x29c0 [ 699.390913] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 699.396016] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 699.400427] ? find_held_lock+0x36/0x1c0 [ 699.404480] ? lock_downgrade+0x8f0/0x8f0 [ 699.408615] ? lock_release+0xa30/0xa30 [ 699.412571] ? check_same_owner+0x340/0x340 [ 699.416878] ? __check_object_size+0x9d/0x5f2 [ 699.421358] inet_sendmsg+0x1a1/0x690 [ 699.425141] ? ipip_gro_receive+0x100/0x100 [ 699.429449] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 699.434971] ? security_socket_sendmsg+0x94/0xc0 [ 699.439714] ? ipip_gro_receive+0x100/0x100 [ 699.444027] sock_sendmsg+0xd5/0x120 [ 699.447726] __sys_sendto+0x3d7/0x670 [ 699.451514] ? __ia32_sys_getpeername+0xb0/0xb0 [ 699.456167] ? wait_for_completion+0x8d0/0x8d0 [ 699.460735] ? __lock_is_held+0xb5/0x140 [ 699.464788] ? __sb_end_write+0xac/0xe0 [ 699.468754] ? __ia32_sys_read+0xb0/0xb0 [ 699.472803] ? syscall_slow_exit_work+0x500/0x500 [ 699.477632] __x64_sys_sendto+0xe1/0x1a0 [ 699.481675] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 699.486678] do_syscall_64+0x1b9/0x820 [ 699.490554] ? finish_task_switch+0x1d3/0x890 [ 699.495036] ? syscall_return_slowpath+0x5e0/0x5e0 [ 699.499950] ? syscall_return_slowpath+0x31d/0x5e0 [ 699.504866] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 699.510214] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 699.515044] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 699.520214] RIP: 0033:0x455a99 [ 699.523381] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 699.542610] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 699.550301] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 699.557554] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 699.564808] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 699.572062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 699.579316] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000041 09:01:18 executing program 1: ioctl(0xffffffffffffffff, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r0 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0xc0201) ioctl$KDSETMODE(r0, 0x4b3a, 0x3) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000080)=@req3={0x3, 0x4, 0x69, 0x7, 0x4b31, 0x8d, 0x383}, 0x1c) unshare(0x800000080040003) fcntl$notify(r1, 0x402, 0x8) clone(0x40000, &(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000000), &(0x7f0000000140)) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f00000002c0)=""/152) 09:01:18 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc00000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:18 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:18 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x2000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:18 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:18 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfdfdffff00000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:18 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x4000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:18 executing program 3: r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x3, @random="e0d61991fb13", 'ip6_vti0\x00'}}, 0x1e) r3 = dup3(r1, r0, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r3, 0x29, 0xd3, &(0x7f0000000040)={{0xa, 0x4e21, 0x2, @local={0xfe, 0x80, [], 0xaa}}, {0xa, 0x4e20, 0xb765, @remote={0xfe, 0x80, [], 0xbb}, 0x3}, 0xffffffff80000000, [0x1ff, 0x81, 0x8, 0x80000001, 0xfff, 0x8, 0x6, 0x8]}, 0x5c) 09:01:18 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xdc050000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:18 executing program 4 (fault-call:4 fault-nth:66): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:18 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1f00000000000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:18 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x40030000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 699.786649] FAULT_INJECTION: forcing a failure. [ 699.786649] name failslab, interval 1, probability 0, space 0, times 0 [ 699.797959] CPU: 1 PID: 23133 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 699.805320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 699.814682] Call Trace: [ 699.817283] dump_stack+0x1c9/0x2b4 [ 699.820925] ? dump_stack_print_info.cold.2+0x52/0x52 [ 699.826128] ? kernel_text_address+0x79/0xf0 [ 699.830557] should_fail.cold.4+0xa/0x1a 09:01:18 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000580), 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000000000091040000000000000000000000000000c822b1f76ec0ffd6a46b5ce86632821a98cef7703319b2149004114871d54fcb9ccd51175e7ac3b83f643171c8560e6e80e4de1b440c315762ea6f14ba811e065de03d4fadc12f0d3cdaaa37bfe03241c2156bc8be218539560c7584d2d9071b2f9faf92aaaefe3665f84e6d4bbda29b1c3e4ba579b30ad0d88812a7454077b4151e4aecc59250b160232998522384770a87c1caa3385bbba3665e666a5427f74cdb509aac67b2773d808272bc6a889eeea7c1bd1ba60b8afbcb83614140c71f49edc9c03873201056d96d4a7876f40fb5309a8cfa177a4c6545071a16070015e73f2bc1591e2f20c49482c08ba7519efc311f52a8401f4ba2173a8910a66c9feb0c55ba15"]) r3 = dup3(r0, r0, 0x80000) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="0fc729f30f080f06baf80c66b8777ed88a66efbafc0cb0f6eebaf80c66b86479f98266efbafc0c66ed670f01d62e0f73d000360f0736d3eeba610066b80000000066ef", 0x43}], 0x1, 0x14, &(0x7f00000000c0)=[@cr0={0x0, 0x60000000}], 0x1) ioctl$EVIOCGABS3F(r3, 0x8018457f, &(0x7f0000000040)) 09:01:18 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xd00, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 699.834635] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 699.839743] ? graph_lock+0x170/0x170 [ 699.843538] ? save_stack+0x43/0xd0 [ 699.847155] ? kasan_kmalloc+0xc4/0xe0 [ 699.851039] ? find_held_lock+0x36/0x1c0 [ 699.855096] ? __lock_is_held+0xb5/0x140 [ 699.859153] ? check_same_owner+0x340/0x340 [ 699.863470] ? rcu_note_context_switch+0x730/0x730 [ 699.868389] __should_failslab+0x124/0x180 [ 699.872610] should_failslab+0x9/0x14 [ 699.876393] kmem_cache_alloc_node_trace+0x26f/0x770 [ 699.881486] __kmalloc_node_track_caller+0x33/0x70 [ 699.886401] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 699.891141] __alloc_skb+0x155/0x790 [ 699.894842] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.900363] ? skb_scrub_packet+0x580/0x580 [ 699.904669] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.910189] ? ip_generic_getfrag+0x124/0x2e0 [ 699.914668] ? ip_reply_glue_bits+0xc0/0xc0 [ 699.918977] ? trace_hardirqs_on+0x10/0x10 [ 699.923198] ? raw_getfrag+0x15b/0x220 [ 699.927070] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 699.932072] __ip_append_data.isra.47+0x2248/0x2a90 [ 699.937076] ? raw_destroy+0x30/0x30 [ 699.940779] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 699.946567] ? ipv4_mtu+0x37d/0x590 [ 699.950183] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 699.955616] ? find_held_lock+0x36/0x1c0 [ 699.959673] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.965196] ip_append_data.part.48+0xf3/0x180 [ 699.969761] ? raw_destroy+0x30/0x30 [ 699.973458] ip_append_data+0x6d/0x90 [ 699.977238] ? raw_destroy+0x30/0x30 [ 699.980934] raw_sendmsg+0x1db4/0x29c0 [ 699.984814] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 699.989899] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 699.994318] ? find_held_lock+0x36/0x1c0 [ 699.998367] ? lock_downgrade+0x8f0/0x8f0 [ 700.002500] ? lock_release+0xa30/0xa30 [ 700.006459] ? check_same_owner+0x340/0x340 [ 700.010767] ? __check_object_size+0x9d/0x5f2 [ 700.015253] inet_sendmsg+0x1a1/0x690 [ 700.019045] ? ipip_gro_receive+0x100/0x100 [ 700.023356] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 700.028874] ? security_socket_sendmsg+0x94/0xc0 [ 700.033612] ? ipip_gro_receive+0x100/0x100 [ 700.037916] sock_sendmsg+0xd5/0x120 [ 700.041617] __sys_sendto+0x3d7/0x670 [ 700.045404] ? __ia32_sys_getpeername+0xb0/0xb0 [ 700.050057] ? wait_for_completion+0x8d0/0x8d0 [ 700.054636] ? __lock_is_held+0xb5/0x140 [ 700.058691] ? __sb_end_write+0xac/0xe0 [ 700.062657] ? __ia32_sys_read+0xb0/0xb0 [ 700.066704] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 700.072228] __x64_sys_sendto+0xe1/0x1a0 [ 700.076276] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 700.081279] do_syscall_64+0x1b9/0x820 [ 700.085150] ? finish_task_switch+0x1d3/0x890 [ 700.089629] ? syscall_return_slowpath+0x5e0/0x5e0 [ 700.094546] ? syscall_return_slowpath+0x31d/0x5e0 [ 700.099461] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 700.104812] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 700.109653] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 700.114826] RIP: 0033:0x455a99 [ 700.117997] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:19 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:19 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x34000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 700.137238] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 700.144933] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 700.152181] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 700.159430] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 700.166681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 700.173932] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000042 09:01:19 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$tun(&(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x2c83787c596c1d6d) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r1, 0xc004ae02, &(0x7f00000001c0)={0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl(r0, 0x8912, &(0x7f0000000240)="0047fc2f07d82c99240970") clock_adjtime(0x0, &(0x7f0000000000)={0xffffffffffffffff}) 09:01:19 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x5c5b311ff2], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:19 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7a000000, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:19 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:19 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) remap_file_pages(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x7fff, 0x20000) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xbb}, 0x4}, 0x1c) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff], @multicast1=0xe0000001}}, 0x1c) fcntl$setsig(r0, 0xa, 0xe) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2=0xe0000002}, 0x4}}, 0x2e) r2 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x8) sendmsg$nl_crypto(r1, &(0x7f0000000200)={&(0x7f00009dd000)={0x10}, 0xc, &(0x7f00002ceff0)={&(0x7f000097b000)=@delrng={0x10, 0x14}, 0x10}, 0x1}, 0x0) 09:01:19 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x5c5c1fdc5d], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:19 executing program 4 (fault-call:4 fault-nth:67): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:19 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x0, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:19 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:19 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1f00, 0x0, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:19 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x100000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:19 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x4], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:19 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x28800, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000040)) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000140)={0x2, 0x0, [{0x0, 0x1}, {0x0, 0x1, 0x0, 0x0, @sint}]}) [ 700.825372] FAULT_INJECTION: forcing a failure. [ 700.825372] name failslab, interval 1, probability 0, space 0, times 0 [ 700.836771] CPU: 0 PID: 23177 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 700.844125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 700.853470] Call Trace: [ 700.856064] dump_stack+0x1c9/0x2b4 [ 700.859693] ? dump_stack_print_info.cold.2+0x52/0x52 [ 700.864879] ? unwind_get_return_address+0x61/0xa0 [ 700.869810] ? graph_lock+0x170/0x170 [ 700.873621] should_fail.cold.4+0xa/0x1a [ 700.877687] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 700.882795] ? __lock_is_held+0xb5/0x140 [ 700.886855] ? __kmalloc_node_track_caller+0x47/0x70 [ 700.891959] ? graph_lock+0x170/0x170 [ 700.895769] ? find_held_lock+0x36/0x1c0 [ 700.899834] ? __lock_is_held+0xb5/0x140 [ 700.903904] ? check_same_owner+0x340/0x340 [ 700.908224] ? rcu_note_context_switch+0x730/0x730 [ 700.913152] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 700.918426] __should_failslab+0x124/0x180 [ 700.922660] should_failslab+0x9/0x14 [ 700.926460] kmem_cache_alloc_node+0x272/0x780 [ 700.931043] ? __kmalloc_node_track_caller+0x47/0x70 [ 700.936153] __alloc_skb+0x119/0x790 [ 700.939876] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 700.945415] ? skb_scrub_packet+0x580/0x580 [ 700.949737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 700.955257] ? ip_generic_getfrag+0x124/0x2e0 [ 700.959735] ? ip_reply_glue_bits+0xc0/0xc0 [ 700.964044] ? trace_hardirqs_on+0x10/0x10 [ 700.968268] ? raw_getfrag+0x15b/0x220 [ 700.972139] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 700.977140] __ip_append_data.isra.47+0x2248/0x2a90 [ 700.982143] ? raw_destroy+0x30/0x30 [ 700.985850] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 700.991637] ? ipv4_mtu+0x37d/0x590 [ 700.995253] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 701.000688] ? find_held_lock+0x36/0x1c0 [ 701.004740] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 701.010272] ip_append_data.part.48+0xf3/0x180 [ 701.014839] ? raw_destroy+0x30/0x30 [ 701.018539] ip_append_data+0x6d/0x90 [ 701.022323] ? raw_destroy+0x30/0x30 [ 701.026027] raw_sendmsg+0x1db4/0x29c0 [ 701.029910] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 701.034993] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 701.039403] ? find_held_lock+0x36/0x1c0 [ 701.043458] ? lock_downgrade+0x8f0/0x8f0 [ 701.047596] ? lock_release+0xa30/0xa30 [ 701.051550] ? check_same_owner+0x340/0x340 [ 701.055862] ? __check_object_size+0x9d/0x5f2 [ 701.060342] inet_sendmsg+0x1a1/0x690 [ 701.064131] ? ipip_gro_receive+0x100/0x100 [ 701.068440] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 701.073959] ? security_socket_sendmsg+0x94/0xc0 [ 701.078699] ? ipip_gro_receive+0x100/0x100 [ 701.083004] sock_sendmsg+0xd5/0x120 [ 701.086708] __sys_sendto+0x3d7/0x670 [ 701.090493] ? __ia32_sys_getpeername+0xb0/0xb0 [ 701.095150] ? wait_for_completion+0x8d0/0x8d0 [ 701.099716] ? __lock_is_held+0xb5/0x140 [ 701.103772] ? __sb_end_write+0xac/0xe0 [ 701.107742] ? __ia32_sys_read+0xb0/0xb0 [ 701.111784] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 701.117307] __x64_sys_sendto+0xe1/0x1a0 [ 701.121354] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 701.126355] do_syscall_64+0x1b9/0x820 [ 701.130224] ? finish_task_switch+0x1d3/0x890 [ 701.134703] ? syscall_return_slowpath+0x5e0/0x5e0 [ 701.139617] ? syscall_return_slowpath+0x31d/0x5e0 [ 701.144534] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 701.149882] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 701.154716] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 701.159891] RIP: 0033:0x455a99 09:01:20 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x0, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) [ 701.163061] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 701.182293] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 701.189989] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 701.197242] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 701.204493] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 701.211767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 701.219023] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000043 09:01:20 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:20 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x700000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:20 executing program 1: sysfs$2(0x2, 0x1, &(0x7f0000000340)=""/4096) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000001480)='syz0\x00', 0x200002, 0x0) tee(r0, r1, 0x1000, 0x0) r2 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @hyper}, 0x10, 0x80800) signalfd4(r2, &(0x7f0000000040)={0xff}, 0x8, 0x800) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000f13000)={0xa, 0x4e22}, 0x1c) r4 = socket(0x9, 0x800, 0xffff) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001340)={0xffffffffffffffff, 0x3, 0x1, 0x8001, &(0x7f0000000080)=[0x0, 0x0, 0x0], 0x3}, 0x20) ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000001380)={r2, r5}) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}, {{0xa, 0x0, 0x0, @loopback={0x0, 0x1}}}}, 0x108) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}, {{0xa}}}, 0x108) r6 = request_key(&(0x7f00000014c0)='asymmetric\x00', &(0x7f0000001500)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000001540)='syz0\x00', 0xfffffffffffffffb) r7 = add_key(&(0x7f0000001580)='blacklist\x00', &(0x7f00000015c0)={0x73, 0x79, 0x7a, 0x0}, &(0x7f0000001600)="3f91393f11d3487b03a9bd69058ff7b7267023cd17053239", 0x18, 0x0) r8 = add_key$user(&(0x7f0000001640)='user\x00', &(0x7f0000001680)={0x73, 0x79, 0x7a, 0x1}, &(0x7f00000016c0)="f5c7b6ac24d5acc3eee0dda4d67b3860d511d2db60ab0f4e4183546f16611901cc36d6dcdc6d0423f40d810ec3406835397d7393488b3ab38e03883d9400f73281bdac3190833a515de502f8edff6ee8477e7487a7f7bf788cf200a35c1c775f", 0x60, 0xfffffffffffffff8) keyctl$dh_compute(0x17, &(0x7f0000001740)={r6, r7, r8}, &(0x7f0000001780)=""/49, 0x31, 0x0) syz_emit_ethernet(0x3e, &(0x7f00000013c0)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd6006f5260008110000000000000000000000000000000000ff02000000000000000000000000000100004e220008907859af0d162d822aa163853a6fd343d2d8bca8530d2d491a9e3712d1e702a0365545c84e37d172db497fef03919bdebc35e6744031363ad133a886e8107ef613546f4a22dd848a5960dd40e1e211154dc57f633fe95cdbd136c520b9a7016cd1f37be3d0573ef82f"], &(0x7f0000775000)) 09:01:20 executing program 3: syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x0, 0x13e) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000000240)='/dev/snd/seq\x00', 0x0, 0x101000) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue0\x00', 0x3}) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0x40605346, &(0x7f0000000340)={0x0, 0x0, 0x3, 'queue1\x00'}) 09:01:20 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0xfffffffb], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:20 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x200000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:20 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:20 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x68000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:20 executing program 4 (fault-call:4 fault-nth:68): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:20 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x0, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:20 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x80ffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:20 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:20 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x300, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:20 executing program 3: syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x0, 0x13e) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000000240)='/dev/snd/seq\x00', 0x0, 0x101000) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue0\x00', 0x3}) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0x40605346, &(0x7f0000000340)={0x0, 0x0, 0x3, 'queue1\x00'}) 09:01:20 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0xfbffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 701.549134] FAULT_INJECTION: forcing a failure. [ 701.549134] name failslab, interval 1, probability 0, space 0, times 0 [ 701.560442] CPU: 1 PID: 23229 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 701.567810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 701.577167] Call Trace: [ 701.579765] dump_stack+0x1c9/0x2b4 [ 701.583404] ? dump_stack_print_info.cold.2+0x52/0x52 [ 701.588611] ? kernel_text_address+0x79/0xf0 [ 701.593064] should_fail.cold.4+0xa/0x1a 09:01:20 executing program 1: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000040)) ioctl$TCSBRKP(r0, 0x5425, 0x8) 09:01:20 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3b, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 701.597144] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 701.602264] ? graph_lock+0x170/0x170 [ 701.606076] ? save_stack+0x43/0xd0 [ 701.609711] ? kasan_kmalloc+0xc4/0xe0 [ 701.613603] ? find_held_lock+0x36/0x1c0 [ 701.617694] ? __lock_is_held+0xb5/0x140 [ 701.621778] ? check_same_owner+0x340/0x340 [ 701.626116] ? rcu_note_context_switch+0x730/0x730 [ 701.631065] __should_failslab+0x124/0x180 [ 701.635318] should_failslab+0x9/0x14 [ 701.639133] kmem_cache_alloc_node_trace+0x26f/0x770 [ 701.644270] __kmalloc_node_track_caller+0x33/0x70 [ 701.649212] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 701.653978] __alloc_skb+0x155/0x790 [ 701.657705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 701.663251] ? skb_scrub_packet+0x580/0x580 [ 701.667592] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 701.673142] ? ip_generic_getfrag+0x124/0x2e0 [ 701.677641] ? ip_reply_glue_bits+0xc0/0xc0 [ 701.681952] ? trace_hardirqs_on+0x10/0x10 [ 701.686180] ? raw_getfrag+0x15b/0x220 [ 701.690058] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 701.695067] __ip_append_data.isra.47+0x2248/0x2a90 [ 701.700079] ? raw_destroy+0x30/0x30 [ 701.703789] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 701.709581] ? ipv4_mtu+0x37d/0x590 [ 701.713199] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 701.718641] ? find_held_lock+0x36/0x1c0 [ 701.722703] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 701.728232] ip_append_data.part.48+0xf3/0x180 [ 701.732799] ? raw_destroy+0x30/0x30 [ 701.736505] ip_append_data+0x6d/0x90 [ 701.740294] ? raw_destroy+0x30/0x30 [ 701.744035] raw_sendmsg+0x1db4/0x29c0 [ 701.747924] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 701.753029] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 701.757453] ? find_held_lock+0x36/0x1c0 [ 701.761510] ? lock_downgrade+0x8f0/0x8f0 [ 701.765650] ? lock_release+0xa30/0xa30 [ 701.769613] ? check_same_owner+0x340/0x340 [ 701.773924] ? __check_object_size+0x9d/0x5f2 [ 701.778410] inet_sendmsg+0x1a1/0x690 [ 701.782201] ? ipip_gro_receive+0x100/0x100 [ 701.786512] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 701.792043] ? security_socket_sendmsg+0x94/0xc0 [ 701.796783] ? ipip_gro_receive+0x100/0x100 [ 701.801094] sock_sendmsg+0xd5/0x120 [ 701.804798] __sys_sendto+0x3d7/0x670 [ 701.808587] ? __ia32_sys_getpeername+0xb0/0xb0 [ 701.813247] ? wait_for_completion+0x8d0/0x8d0 [ 701.817820] ? __lock_is_held+0xb5/0x140 [ 701.821882] ? __sb_end_write+0xac/0xe0 [ 701.825854] ? __ia32_sys_read+0xb0/0xb0 [ 701.829904] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 701.835433] __x64_sys_sendto+0xe1/0x1a0 [ 701.839481] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 701.844485] do_syscall_64+0x1b9/0x820 [ 701.848357] ? finish_task_switch+0x1d3/0x890 [ 701.852838] ? syscall_return_slowpath+0x5e0/0x5e0 [ 701.857754] ? syscall_return_slowpath+0x31d/0x5e0 [ 701.862676] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 701.868058] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 701.872893] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 701.878067] RIP: 0033:0x455a99 [ 701.881237] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:21 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x100000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 701.900575] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 701.908270] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 701.915524] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 701.922777] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 701.930035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 701.937288] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000044 09:01:21 executing program 1: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpgrp(0x0) listen(r1, 0x80000001) r3 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r2, 0x0, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000040)=""/35, 0x23) rt_sigtimedwait(&(0x7f0000448000), &(0x7f0000d31ff0), &(0x7f00007adff0)={0x77359400}, 0x8) close(r3) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000020}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r4, 0x804, 0x70bd28, 0x25dfdbfb, {0xe}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9cb}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x200}]}, 0x2c}, 0x1}, 0x40005) 09:01:21 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:21 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:21 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0xfffffffb], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:21 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:21 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(0xffffffffffffffff, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:21 executing program 4 (fault-call:4 fault-nth:69): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:21 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x200000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:21 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffdfd, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:21 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x400000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:21 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:21 executing program 3: syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x0, 0x13e) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000000240)='/dev/snd/seq\x00', 0x0, 0x101000) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue0\x00', 0x3}) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0x40605346, &(0x7f0000000340)={0x0, 0x0, 0x3, 'queue1\x00'}) 09:01:21 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6c, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:21 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0xf21f315b5c000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:21 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(0xffffffffffffffff, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:21 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0xfbffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 702.480404] FAULT_INJECTION: forcing a failure. [ 702.480404] name failslab, interval 1, probability 0, space 0, times 0 [ 702.491727] CPU: 0 PID: 23287 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 702.499082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 702.508427] Call Trace: [ 702.511018] dump_stack+0x1c9/0x2b4 [ 702.514650] ? dump_stack_print_info.cold.2+0x52/0x52 [ 702.519837] ? unwind_get_return_address+0x61/0xa0 [ 702.524764] ? graph_lock+0x170/0x170 [ 702.528569] should_fail.cold.4+0xa/0x1a [ 702.532633] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 702.537737] ? __lock_is_held+0xb5/0x140 [ 702.541801] ? __kmalloc_node_track_caller+0x47/0x70 [ 702.546905] ? graph_lock+0x170/0x170 [ 702.550707] ? find_held_lock+0x36/0x1c0 [ 702.554781] ? __lock_is_held+0xb5/0x140 [ 702.558851] ? check_same_owner+0x340/0x340 [ 702.563174] ? rcu_note_context_switch+0x730/0x730 [ 702.568102] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 702.573383] __should_failslab+0x124/0x180 [ 702.577621] should_failslab+0x9/0x14 [ 702.581418] kmem_cache_alloc_node+0x272/0x780 [ 702.586009] ? __kmalloc_node_track_caller+0x47/0x70 [ 702.591125] __alloc_skb+0x119/0x790 [ 702.594839] ? find_held_lock+0x36/0x1c0 [ 702.598902] ? skb_scrub_packet+0x580/0x580 [ 702.603229] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 702.608768] ? ip_generic_getfrag+0x124/0x2e0 [ 702.613264] ? ip_reply_glue_bits+0xc0/0xc0 [ 702.617588] ? trace_hardirqs_on+0x10/0x10 [ 702.621833] ? raw_getfrag+0x15b/0x220 [ 702.625718] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 702.630739] __ip_append_data.isra.47+0x2248/0x2a90 [ 702.635761] ? preempt_notifier_register+0x200/0x200 [ 702.640862] ? raw_destroy+0x30/0x30 [ 702.644587] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 702.650387] ? __schedule+0x884/0x1ed0 [ 702.654279] ? ipv4_mtu+0x37d/0x590 [ 702.657912] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 702.663361] ? find_held_lock+0x36/0x1c0 [ 702.667438] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 702.672984] ip_append_data.part.48+0xf3/0x180 [ 702.677567] ? raw_destroy+0x30/0x30 [ 702.681283] ip_append_data+0x6d/0x90 [ 702.685083] ? raw_destroy+0x30/0x30 [ 702.688795] raw_sendmsg+0x1db4/0x29c0 [ 702.692697] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 702.697800] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 702.702220] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 702.707244] ? find_held_lock+0x36/0x1c0 [ 702.711313] ? lock_downgrade+0x8f0/0x8f0 [ 702.715469] ? lock_release+0xa30/0xa30 [ 702.719444] ? check_same_owner+0x340/0x340 [ 702.723772] ? __check_object_size+0x9d/0x5f2 [ 702.728269] inet_sendmsg+0x1a1/0x690 [ 702.732072] ? ipip_gro_receive+0x100/0x100 [ 702.736400] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 702.741933] ? security_socket_sendmsg+0x94/0xc0 [ 702.746686] ? ipip_gro_receive+0x100/0x100 [ 702.751009] sock_sendmsg+0xd5/0x120 [ 702.754721] __sys_sendto+0x3d7/0x670 [ 702.758527] ? __ia32_sys_getpeername+0xb0/0xb0 [ 702.763199] ? wait_for_completion+0x8d0/0x8d0 [ 702.767785] ? __lock_is_held+0xb5/0x140 [ 702.771864] ? __sb_end_write+0xac/0xe0 [ 702.775849] ? __ia32_sys_read+0xb0/0xb0 [ 702.779910] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 702.785458] __x64_sys_sendto+0xe1/0x1a0 [ 702.789520] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 702.794539] do_syscall_64+0x1b9/0x820 [ 702.798428] ? syscall_return_slowpath+0x5e0/0x5e0 [ 702.803361] ? syscall_return_slowpath+0x31d/0x5e0 [ 702.808297] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 702.813672] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 702.818521] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 702.823709] RIP: 0033:0x455a99 [ 702.826891] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 702.846269] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 702.853981] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 702.861248] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 702.868512] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 702.875775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 702.883039] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000045 09:01:22 executing program 1: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpgrp(0x0) listen(r1, 0x80000001) r3 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r2, 0x0, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000040)=""/35, 0x23) rt_sigtimedwait(&(0x7f0000448000), &(0x7f0000d31ff0), &(0x7f00007adff0)={0x77359400}, 0x8) close(r3) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000020}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r4, 0x804, 0x70bd28, 0x25dfdbfb, {0xe}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9cb}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x200}]}, 0x2c}, 0x1}, 0x40005) 09:01:22 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff80, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:22 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7a, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:22 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x80ffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:22 executing program 3: syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x0, 0x13e) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000000240)='/dev/snd/seq\x00', 0x0, 0x101000) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue0\x00', 0x3}) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0x40605346, &(0x7f0000000340)={0x0, 0x0, 0x3, 'queue1\x00'}) 09:01:22 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x34000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:22 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(0xffffffffffffffff, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:22 executing program 4 (fault-call:4 fault-nth:70): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:22 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6c00000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:22 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:22 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket$inet(0x10, 0x3, 0xc) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x800, 0x0) ioctl$KVM_S390_UCAS_MAP(r2, 0x4018ae50, &(0x7f0000000040)={0x3, 0x5, 0x100000001}) sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000100)="240000000c0607031dfffd946fa2830020200a0009000100021d85680c1baba20400ff7e28000000110affffba16a0aa1c0009b356da5a80d18bec4c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) 09:01:22 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x80ffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:22 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0xfbffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 703.224964] FAULT_INJECTION: forcing a failure. [ 703.224964] name failslab, interval 1, probability 0, space 0, times 0 [ 703.236314] CPU: 1 PID: 23308 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 703.243677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 703.253026] Call Trace: [ 703.255626] dump_stack+0x1c9/0x2b4 [ 703.259274] ? dump_stack_print_info.cold.2+0x52/0x52 [ 703.264477] ? kernel_text_address+0x79/0xf0 [ 703.268902] should_fail.cold.4+0xa/0x1a [ 703.272978] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 703.278095] ? graph_lock+0x170/0x170 [ 703.281903] ? save_stack+0x43/0xd0 [ 703.285541] ? kasan_kmalloc+0xc4/0xe0 [ 703.289444] ? find_held_lock+0x36/0x1c0 [ 703.293522] ? __lock_is_held+0xb5/0x140 [ 703.297598] ? check_same_owner+0x340/0x340 [ 703.301945] ? rcu_note_context_switch+0x730/0x730 [ 703.306881] __should_failslab+0x124/0x180 [ 703.311125] should_failslab+0x9/0x14 [ 703.314932] kmem_cache_alloc_node_trace+0x26f/0x770 [ 703.320052] __kmalloc_node_track_caller+0x33/0x70 [ 703.324987] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 703.329752] __alloc_skb+0x155/0x790 [ 703.333474] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 703.339027] ? skb_scrub_packet+0x580/0x580 [ 703.343348] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 703.348890] ? ip_generic_getfrag+0x124/0x2e0 [ 703.353383] ? ip_reply_glue_bits+0xc0/0xc0 [ 703.357690] ? trace_hardirqs_on+0x10/0x10 [ 703.361915] ? raw_getfrag+0x15b/0x220 [ 703.365787] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 703.370790] __ip_append_data.isra.47+0x2248/0x2a90 [ 703.375794] ? raw_destroy+0x30/0x30 [ 703.379500] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 703.385284] ? ipv4_mtu+0x37d/0x590 [ 703.388896] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 703.394333] ? find_held_lock+0x36/0x1c0 [ 703.398386] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 703.403911] ip_append_data.part.48+0xf3/0x180 [ 703.408477] ? raw_destroy+0x30/0x30 [ 703.412176] ip_append_data+0x6d/0x90 [ 703.415959] ? raw_destroy+0x30/0x30 [ 703.419655] raw_sendmsg+0x1db4/0x29c0 [ 703.423536] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 703.428625] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 703.433043] ? find_held_lock+0x36/0x1c0 [ 703.437095] ? lock_downgrade+0x8f0/0x8f0 [ 703.441227] ? lock_release+0xa30/0xa30 [ 703.445184] ? check_same_owner+0x340/0x340 [ 703.449490] ? __check_object_size+0x9d/0x5f2 [ 703.453972] inet_sendmsg+0x1a1/0x690 [ 703.457771] ? ipip_gro_receive+0x100/0x100 [ 703.462082] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 703.467606] ? security_socket_sendmsg+0x94/0xc0 [ 703.472348] ? ipip_gro_receive+0x100/0x100 [ 703.476654] sock_sendmsg+0xd5/0x120 [ 703.480355] __sys_sendto+0x3d7/0x670 [ 703.484144] ? __ia32_sys_getpeername+0xb0/0xb0 [ 703.488799] ? wait_for_completion+0x8d0/0x8d0 [ 703.493368] ? __lock_is_held+0xb5/0x140 [ 703.497420] ? __sb_end_write+0xac/0xe0 [ 703.501383] ? __ia32_sys_read+0xb0/0xb0 [ 703.505432] ? syscall_slow_exit_work+0x500/0x500 [ 703.510263] __x64_sys_sendto+0xe1/0x1a0 [ 703.514308] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 703.519307] do_syscall_64+0x1b9/0x820 [ 703.523181] ? syscall_return_slowpath+0x5e0/0x5e0 [ 703.528096] ? syscall_return_slowpath+0x31d/0x5e0 [ 703.533025] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 703.538376] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 703.543209] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 703.548381] RIP: 0033:0x455a99 [ 703.551548] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:22 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x80ffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 703.570776] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 703.578467] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 703.585719] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 703.592968] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 703.600220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 703.607472] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000046 [ 703.619277] netlink: 'syz-executor3': attribute type 1 has an invalid length. 09:01:22 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xa, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:22 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) [ 703.655573] netlink: 20 bytes leftover after parsing attributes in process `syz-executor3'. 09:01:23 executing program 1: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000000)={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000100)={r1, 0x2}, &(0x7f0000000140)=0x8) r2 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x0, 0x0, 0xfff0000000000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f0000d97000)={0xffffffffffffffff, 0x1000000200007d}) 09:01:23 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x34000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:23 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x300000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:23 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0xffffff7f], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:23 executing program 4 (fault-call:4 fault-nth:71): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:23 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) fstat(r0, &(0x7f0000000240)) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000ff7)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000000)=""/246) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x1, &(0x7f0000000240)=[{}]}) ioctl$EVIOCGREP(r1, 0x40107446, &(0x7f0000000000)=""/174) accept4$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0xffffffff, @reserved=0x1}, 0x10, 0x0) close(r1) 09:01:23 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3300, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:23 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x0, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:23 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:23 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:23 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0xfffffffb], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:23 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(pcbc(fcrypt-generic),poly1305-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x390, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmmsg(r1, &(0x7f00000071c0)=[{{&(0x7f00000058c0)=@nfc_llcp, 0x80, &(0x7f0000005c40)=[{&(0x7f0000005b40)=""/78, 0x4e}, {&(0x7f0000005bc0)=""/94, 0x5e}], 0x2, &(0x7f0000005cc0)=""/112, 0x70}}, {{0x0, 0x0, &(0x7f0000006140)=[{&(0x7f0000005d40)=""/88, 0x58}, {&(0x7f0000005e00)=""/188, 0xbc}, {&(0x7f0000005ec0)=""/23, 0x17}, {&(0x7f0000005f00)=""/232, 0xe8}, {&(0x7f0000006000)=""/103, 0x67}, {&(0x7f0000006080)=""/160, 0xa0}], 0x6, &(0x7f00000061c0)=""/4096, 0x1000}}], 0x2, 0x0, &(0x7f0000007380)={0x0, 0x1c9c380}) 09:01:23 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0xffffff80], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:23 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x0, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:23 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4c000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:23 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x8dffffff00000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:23 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x400000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:23 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0xfbffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:23 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e5, 0x0, 0x665c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x1f, 0x0, 0x0, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x7, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000380)=[@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x800}], 0x1c) 09:01:23 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7a000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 704.531866] FAULT_INJECTION: forcing a failure. [ 704.531866] name failslab, interval 1, probability 0, space 0, times 0 [ 704.543196] CPU: 0 PID: 23409 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 704.550552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 704.559896] Call Trace: [ 704.562489] dump_stack+0x1c9/0x2b4 [ 704.566119] ? dump_stack_print_info.cold.2+0x52/0x52 [ 704.571314] ? unwind_get_return_address+0x61/0xa0 [ 704.576250] ? graph_lock+0x170/0x170 [ 704.580055] should_fail.cold.4+0xa/0x1a [ 704.584122] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 704.589225] ? __lock_is_held+0xb5/0x140 [ 704.593286] ? __kmalloc_node_track_caller+0x47/0x70 [ 704.598393] ? graph_lock+0x170/0x170 [ 704.602202] ? find_held_lock+0x36/0x1c0 [ 704.606270] ? __lock_is_held+0xb5/0x140 [ 704.610344] ? check_same_owner+0x340/0x340 [ 704.614670] ? rcu_note_context_switch+0x730/0x730 [ 704.619602] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 704.624877] __should_failslab+0x124/0x180 [ 704.629113] should_failslab+0x9/0x14 [ 704.632911] kmem_cache_alloc_node+0x272/0x780 [ 704.637491] ? __kmalloc_node_track_caller+0x47/0x70 [ 704.642599] __alloc_skb+0x119/0x790 [ 704.646330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 704.651970] ? skb_scrub_packet+0x580/0x580 [ 704.656293] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 704.661837] ? ip_generic_getfrag+0x124/0x2e0 [ 704.666344] ? ip_reply_glue_bits+0xc0/0xc0 [ 704.670668] ? trace_hardirqs_on+0x10/0x10 [ 704.674909] ? raw_getfrag+0x15b/0x220 [ 704.678798] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 704.683818] __ip_append_data.isra.47+0x2248/0x2a90 [ 704.688837] ? raw_destroy+0x30/0x30 [ 704.692561] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 704.698362] ? ipv4_mtu+0x37d/0x590 [ 704.701990] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 704.707439] ? find_held_lock+0x36/0x1c0 [ 704.711509] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 704.717047] ip_append_data.part.48+0xf3/0x180 [ 704.721625] ? raw_destroy+0x30/0x30 [ 704.725339] ip_append_data+0x6d/0x90 [ 704.729137] ? raw_destroy+0x30/0x30 [ 704.732848] raw_sendmsg+0x1db4/0x29c0 [ 704.736746] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 704.741849] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 704.746281] ? find_held_lock+0x36/0x1c0 [ 704.750375] ? lock_downgrade+0x8f0/0x8f0 [ 704.754527] ? lock_release+0xa30/0xa30 [ 704.758498] ? check_same_owner+0x340/0x340 [ 704.762819] ? __check_object_size+0x9d/0x5f2 [ 704.767326] inet_sendmsg+0x1a1/0x690 [ 704.771130] ? ipip_gro_receive+0x100/0x100 [ 704.775454] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 704.780991] ? security_socket_sendmsg+0x94/0xc0 [ 704.785747] ? ipip_gro_receive+0x100/0x100 [ 704.790069] sock_sendmsg+0xd5/0x120 [ 704.793793] __sys_sendto+0x3d7/0x670 [ 704.797599] ? __ia32_sys_getpeername+0xb0/0xb0 [ 704.802266] ? wait_for_completion+0x8d0/0x8d0 [ 704.806853] ? __lock_is_held+0xb5/0x140 [ 704.810928] ? __sb_end_write+0xac/0xe0 [ 704.814909] ? __ia32_sys_read+0xb0/0xb0 [ 704.818967] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 704.824508] __x64_sys_sendto+0xe1/0x1a0 [ 704.828569] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 704.833586] do_syscall_64+0x1b9/0x820 [ 704.837481] ? syscall_slow_exit_work+0x500/0x500 [ 704.842324] ? syscall_return_slowpath+0x5e0/0x5e0 [ 704.847254] ? syscall_return_slowpath+0x31d/0x5e0 [ 704.852189] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 704.857555] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 704.862402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 704.867589] RIP: 0033:0x455a99 [ 704.870768] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 704.890230] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 704.897947] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 704.905302] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 704.912566] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 704.919832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 09:01:24 executing program 4 (fault-call:4 fault-nth:72): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:24 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000280)={{{@in6, @in=@broadcast=0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@remote={0xac, 0x14, 0x14, 0xbb}, 0x0, 0x7f}, 0x0, @in, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xe8) 09:01:24 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:24 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x200000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:24 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x0, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:24 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x1000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:24 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6c00, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:24 executing program 1: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0xa, 0x50, r0, 0x0) syz_emit_ethernet(0x25a, &(0x7f00000000c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="e1767982c456", [], {@mpls_uc={0x8847, {[{0x6, 0x7, 0x1000, 0xa3f}, {0x3, 0x9, 0x37, 0x6}, {0x2a1, 0x4, 0x9, 0x8}, {0x0, 0xfffffffffffffff9, 0x40, 0x90000000000000}, {0x9, 0x100000001, 0x5c1, 0x8000}, {0x1, 0x9, 0x7, 0x20}, {0x4, 0x7, 0x101, 0x200}, {0x5, 0x6, 0x10000, 0xc66a}, {0x6, 0x7, 0x1, 0x5}, {0x7, 0x2, 0x5, 0x8}], @llc={@snap={0xaa, 0xaa, "e0", "8daff5", 0xc, "b1a2c59ba124852046641017db78184962dc6354c652e8f5a7a91396e01946a250a48c8a88cb0b073880f993cf4381a8bd4bb27f166cee897d745c80cfcfba4809d22d356c1bb8d455adf02e1f36706b96cd83c6e05bbf5b9ecf080d680d5d5e3f51f48222bc58a075064898b0c2ac5e26f5fe8c851a641ff6d43323a33c85bd76de378ec5824c38c81e69e2eedd7768f6b56231234ed78404a3a13ab4718a74c41b74c6018de95a2166ab6b"}}}}}}, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x1, 0x80) ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af13, &(0x7f0000000040)={0x5, 0x1f}) [ 704.927113] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000047 09:01:24 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f760070") r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x200, 0x0) setsockopt$inet_dccp_int(r1, 0x21, 0x1, &(0x7f0000000140)=0xfffffffffffff273, 0x4) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x800, 0x0) ioctl$KVM_GET_REGS(r2, 0x8090ae81, &(0x7f0000000040)) r3 = socket$inet(0x10, 0x1, 0x7) sync_file_range(r0, 0x0, 0x1fb, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$RDS_GET_MR_FOR_DEST(r2, 0x114, 0x7, &(0x7f0000000300)={@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x1, 0x3, 0x1, 0x1, {0xa, 0x4e24, 0x4, @ipv4={[], [0xff, 0xff]}, 0x7ff}}}, {&(0x7f0000000180)=""/203, 0xcb}, &(0x7f00000002c0), 0x11}, 0xa0) sendmsg(r3, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000020207031dfffd946fa2830020200a0009000200001d85680c1ba3a20400ff7e", 0x24}], 0x100001bb}, 0x0) [ 705.034107] FAULT_INJECTION: forcing a failure. [ 705.034107] name failslab, interval 1, probability 0, space 0, times 0 [ 705.045429] CPU: 1 PID: 23432 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 705.052799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 705.062150] Call Trace: [ 705.064752] dump_stack+0x1c9/0x2b4 [ 705.068398] ? dump_stack_print_info.cold.2+0x52/0x52 [ 705.073600] ? kernel_text_address+0x79/0xf0 [ 705.078021] should_fail.cold.4+0xa/0x1a [ 705.082083] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 705.087186] ? graph_lock+0x170/0x170 [ 705.090979] ? save_stack+0x43/0xd0 [ 705.094598] ? kasan_kmalloc+0xc4/0xe0 [ 705.098472] ? find_held_lock+0x36/0x1c0 [ 705.102522] ? __lock_is_held+0xb5/0x140 [ 705.106577] ? check_same_owner+0x340/0x340 [ 705.110889] ? rcu_note_context_switch+0x730/0x730 [ 705.115804] __should_failslab+0x124/0x180 [ 705.120033] should_failslab+0x9/0x14 [ 705.123822] kmem_cache_alloc_node_trace+0x26f/0x770 [ 705.128917] __kmalloc_node_track_caller+0x33/0x70 [ 705.133833] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 705.138575] __alloc_skb+0x155/0x790 [ 705.142273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 705.147814] ? skb_scrub_packet+0x580/0x580 [ 705.152125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 705.157644] ? ip_generic_getfrag+0x124/0x2e0 [ 705.162124] ? ip_reply_glue_bits+0xc0/0xc0 [ 705.166525] ? trace_hardirqs_on+0x10/0x10 [ 705.170750] ? raw_getfrag+0x15b/0x220 [ 705.174625] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 705.179716] __ip_append_data.isra.47+0x2248/0x2a90 [ 705.184722] ? raw_destroy+0x30/0x30 [ 705.188428] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 705.194216] ? ipv4_mtu+0x37d/0x590 [ 705.197830] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 705.203264] ? find_held_lock+0x36/0x1c0 [ 705.207320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 705.212842] ip_append_data.part.48+0xf3/0x180 [ 705.217406] ? raw_destroy+0x30/0x30 [ 705.221130] ip_append_data+0x6d/0x90 [ 705.224914] ? raw_destroy+0x30/0x30 [ 705.228614] raw_sendmsg+0x1db4/0x29c0 [ 705.232492] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 705.237580] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 705.241991] ? find_held_lock+0x36/0x1c0 [ 705.246046] ? lock_downgrade+0x8f0/0x8f0 [ 705.250182] ? lock_release+0xa30/0xa30 [ 705.254143] ? check_same_owner+0x340/0x340 [ 705.258452] ? __check_object_size+0x9d/0x5f2 [ 705.262933] inet_sendmsg+0x1a1/0x690 [ 705.266718] ? ipip_gro_receive+0x100/0x100 [ 705.271032] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 705.276553] ? security_socket_sendmsg+0x94/0xc0 [ 705.281302] ? ipip_gro_receive+0x100/0x100 [ 705.285609] sock_sendmsg+0xd5/0x120 [ 705.289307] __sys_sendto+0x3d7/0x670 [ 705.293095] ? __ia32_sys_getpeername+0xb0/0xb0 [ 705.297749] ? wait_for_completion+0x8d0/0x8d0 [ 705.302324] ? __lock_is_held+0xb5/0x140 [ 705.306376] ? __sb_end_write+0xac/0xe0 [ 705.310343] ? __ia32_sys_read+0xb0/0xb0 [ 705.314396] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 705.319919] __x64_sys_sendto+0xe1/0x1a0 [ 705.323963] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 705.328965] do_syscall_64+0x1b9/0x820 [ 705.332833] ? finish_task_switch+0x1d3/0x890 [ 705.337311] ? syscall_return_slowpath+0x5e0/0x5e0 [ 705.342225] ? syscall_return_slowpath+0x31d/0x5e0 [ 705.347143] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 705.352490] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 705.357319] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 705.362492] RIP: 0033:0x455a99 [ 705.365662] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:24 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc0ffffff, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:24 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0xffffff7f00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:24 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0xf21f315b5c000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 705.384897] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 705.392589] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 705.399841] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 705.407093] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 705.414343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 705.421592] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000048 09:01:24 executing program 1: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x3ffffd, 0x0) r1 = socket$inet6(0xa, 0x400000001, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000000100)={{0x7fffffff, 0x100000000000a}, {}, 0xfffffffffffffffe}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000000)={0x24f184df, 0x7, 0x8, 'queue0\x00', 0xca9}) 09:01:24 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7400, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:24 executing program 4 (fault-call:4 fault-nth:73): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:24 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:24 executing program 3: r0 = shmget$private(0x0, 0x3000, 0x10, &(0x7f0000001000/0x3000)=nil) shmctl$SHM_UNLOCK(r0, 0xc) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = signalfd(r2, &(0x7f0000000000), 0x8) getsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000040)=0x3f2c, &(0x7f00000000c0)=0x1) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x0, 0x26852, r3, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000100)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x15}}}, 0x7ff, 0x6, 0x5, 0x401, 0xfffffffffffffffe}, &(0x7f00000001c0)=0x98) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000200)={r4, 0x8}, 0x8) 09:01:24 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x80ffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:24 executing program 1: unshare(0x40000000) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e23}, @in6={0xa, 0x4e22, 0x7}, @in6={0xa, 0x4e23, 0x2, @dev={0xfe, 0x80, [], 0x18}, 0x7}, @in6={0xa, 0x4e21, 0x400, @empty, 0x7}, @in6={0xa, 0x4e23, 0x51, @dev={0xfe, 0x80, [], 0x20}, 0x46}, @in6={0xa, 0x4e20, 0x1, @loopback={0x0, 0x1}, 0xffffffffffffffec}], 0x9c) sendto$inet6(r0, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1}}, 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000000), &(0x7f0000000040)=0x8) 09:01:24 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0xffffff80], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 705.624185] IPVS: ftp: loaded support on port[0] = 21 [ 705.699957] FAULT_INJECTION: forcing a failure. [ 705.699957] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 705.711806] CPU: 1 PID: 23465 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 705.719164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 705.728513] Call Trace: [ 705.731103] dump_stack+0x1c9/0x2b4 [ 705.734738] ? dump_stack_print_info.cold.2+0x52/0x52 [ 705.739931] ? graph_lock+0x170/0x170 [ 705.743775] should_fail.cold.4+0xa/0x1a [ 705.747841] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 705.752954] ? trace_hardirqs_on+0x10/0x10 [ 705.757192] ? lock_downgrade+0x8f0/0x8f0 [ 705.761359] ? kasan_check_read+0x11/0x20 [ 705.765509] ? rcu_is_watching+0x8c/0x150 [ 705.769658] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 705.774067] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 705.778475] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 705.782888] ? is_bpf_text_address+0xd7/0x170 [ 705.787389] ? kernel_text_address+0x79/0xf0 [ 705.791797] ? __kernel_text_address+0xd/0x40 [ 705.796289] ? unwind_get_return_address+0x61/0xa0 [ 705.801221] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 705.806757] ? should_fail+0x223/0xbed [ 705.810650] __alloc_pages_nodemask+0x36e/0xdb0 [ 705.815327] ? __alloc_pages_slowpath+0x2d90/0x2d90 [ 705.820341] ? save_stack+0x43/0xd0 [ 705.823970] ? kasan_kmalloc+0xc4/0xe0 [ 705.827862] ? find_held_lock+0x36/0x1c0 [ 705.831930] ? __lock_is_held+0xb5/0x140 [ 705.836001] ? check_same_owner+0x340/0x340 [ 705.840327] cache_grow_begin+0x91/0x710 [ 705.844394] kmem_cache_alloc_node_trace+0x692/0x770 [ 705.849507] __kmalloc_node_track_caller+0x33/0x70 [ 705.854442] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 705.859200] __alloc_skb+0x155/0x790 [ 705.862915] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 705.868455] ? skb_scrub_packet+0x580/0x580 [ 705.872779] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 705.878316] ? ip_generic_getfrag+0x124/0x2e0 [ 705.882811] ? ip_reply_glue_bits+0xc0/0xc0 [ 705.887134] ? trace_hardirqs_on+0x10/0x10 [ 705.891375] ? raw_getfrag+0x15b/0x220 [ 705.895260] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 705.900281] __ip_append_data.isra.47+0x2248/0x2a90 [ 705.905312] ? raw_destroy+0x30/0x30 [ 705.909035] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 705.914836] ? ipv4_mtu+0x37d/0x590 [ 705.918462] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 705.923908] ? find_held_lock+0x36/0x1c0 [ 705.927999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 705.933540] ip_append_data.part.48+0xf3/0x180 [ 705.938119] ? raw_destroy+0x30/0x30 [ 705.941836] ip_append_data+0x6d/0x90 [ 705.945632] ? raw_destroy+0x30/0x30 [ 705.949344] raw_sendmsg+0x1db4/0x29c0 [ 705.953241] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 705.958340] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 705.962771] ? find_held_lock+0x36/0x1c0 [ 705.966838] ? lock_downgrade+0x8f0/0x8f0 [ 705.970986] ? lock_release+0xa30/0xa30 [ 705.974961] ? check_same_owner+0x340/0x340 [ 705.979285] ? __check_object_size+0x9d/0x5f2 [ 705.983782] inet_sendmsg+0x1a1/0x690 [ 705.987585] ? ipip_gro_receive+0x100/0x100 [ 705.991908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 705.997443] ? security_socket_sendmsg+0x94/0xc0 [ 706.002196] ? ipip_gro_receive+0x100/0x100 [ 706.006518] sock_sendmsg+0xd5/0x120 [ 706.010234] __sys_sendto+0x3d7/0x670 [ 706.014038] ? __ia32_sys_getpeername+0xb0/0xb0 [ 706.018720] ? wait_for_completion+0x8d0/0x8d0 [ 706.023308] ? __lock_is_held+0xb5/0x140 [ 706.027385] ? __sb_end_write+0xac/0xe0 [ 706.031370] ? __ia32_sys_read+0xb0/0xb0 [ 706.035437] ? syscall_slow_exit_work+0x500/0x500 [ 706.040284] __x64_sys_sendto+0xe1/0x1a0 [ 706.044345] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 706.049364] do_syscall_64+0x1b9/0x820 [ 706.053248] ? finish_task_switch+0x1d3/0x890 [ 706.057743] ? syscall_return_slowpath+0x5e0/0x5e0 [ 706.062674] ? syscall_return_slowpath+0x31d/0x5e0 [ 706.067608] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 706.072976] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 706.077825] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 706.083009] RIP: 0033:0x455a99 09:01:25 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:25 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff5, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:25 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:25 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x1f) ioctl(r0, 0x4000008912, &(0x7f0000000100)="297ee1311f16f477671070") r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x80000) ioctl$KDGETKEYCODE(r2, 0x4b4c, &(0x7f0000000000)={0x8, 0x401}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_ADD(r1, 0x4c81, r3) 09:01:25 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x200000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:25 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x2], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 706.086188] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 706.105564] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 706.113278] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 706.120542] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 706.127806] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 706.135069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 706.142330] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 0000000000000049 09:01:25 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:25 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x1000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:25 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfdfdffff00000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:25 executing program 4 (fault-call:4 fault-nth:74): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:25 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x5c5c1fdc5d], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 706.354912] FAULT_INJECTION: forcing a failure. [ 706.354912] name failslab, interval 1, probability 0, space 0, times 0 [ 706.366272] CPU: 0 PID: 23499 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 706.373637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 706.382988] Call Trace: [ 706.385583] dump_stack+0x1c9/0x2b4 [ 706.389226] ? dump_stack_print_info.cold.2+0x52/0x52 [ 706.394429] ? kernel_text_address+0x79/0xf0 [ 706.398851] should_fail.cold.4+0xa/0x1a [ 706.402928] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 706.408053] ? graph_lock+0x170/0x170 [ 706.411866] ? save_stack+0x43/0xd0 [ 706.415505] ? kasan_kmalloc+0xc4/0xe0 [ 706.419408] ? find_held_lock+0x36/0x1c0 [ 706.423484] ? __lock_is_held+0xb5/0x140 [ 706.427565] ? check_same_owner+0x340/0x340 [ 706.431893] ? rcu_note_context_switch+0x730/0x730 [ 706.436827] __should_failslab+0x124/0x180 [ 706.441065] should_failslab+0x9/0x14 [ 706.444871] kmem_cache_alloc_node_trace+0x26f/0x770 [ 706.449990] __kmalloc_node_track_caller+0x33/0x70 [ 706.454927] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 706.459687] __alloc_skb+0x155/0x790 [ 706.463406] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 706.468944] ? skb_scrub_packet+0x580/0x580 [ 706.473270] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 706.478808] ? ip_generic_getfrag+0x124/0x2e0 [ 706.483301] ? ip_reply_glue_bits+0xc0/0xc0 [ 706.487623] ? trace_hardirqs_on+0x10/0x10 [ 706.491866] ? raw_getfrag+0x15b/0x220 [ 706.495757] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 706.500780] __ip_append_data.isra.47+0x2248/0x2a90 [ 706.505802] ? raw_destroy+0x30/0x30 [ 706.509523] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 706.515328] ? ipv4_mtu+0x37d/0x590 [ 706.518961] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 706.524411] ? find_held_lock+0x36/0x1c0 [ 706.528492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 706.534035] ip_append_data.part.48+0xf3/0x180 [ 706.538616] ? raw_destroy+0x30/0x30 [ 706.542327] ip_append_data+0x6d/0x90 [ 706.546127] ? raw_destroy+0x30/0x30 [ 706.549033] IPVS: ftp: loaded support on port[0] = 21 [ 706.549840] raw_sendmsg+0x1db4/0x29c0 [ 706.549871] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 706.549886] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 706.549918] ? find_held_lock+0x36/0x1c0 [ 706.572506] ? lock_downgrade+0x8f0/0x8f0 [ 706.576662] ? lock_release+0xa30/0xa30 [ 706.580639] ? check_same_owner+0x340/0x340 [ 706.584966] ? __check_object_size+0x9d/0x5f2 [ 706.589470] inet_sendmsg+0x1a1/0x690 [ 706.593276] ? ipip_gro_receive+0x100/0x100 [ 706.597614] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 706.603153] ? security_socket_sendmsg+0x94/0xc0 [ 706.607915] ? ipip_gro_receive+0x100/0x100 [ 706.612252] sock_sendmsg+0xd5/0x120 [ 706.615972] __sys_sendto+0x3d7/0x670 [ 706.619782] ? __ia32_sys_getpeername+0xb0/0xb0 [ 706.624454] ? wait_for_completion+0x8d0/0x8d0 [ 706.629049] ? __lock_is_held+0xb5/0x140 [ 706.633128] ? __sb_end_write+0xac/0xe0 [ 706.637116] ? __ia32_sys_read+0xb0/0xb0 [ 706.641191] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 706.646737] __x64_sys_sendto+0xe1/0x1a0 [ 706.650803] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 706.655828] do_syscall_64+0x1b9/0x820 [ 706.659836] ? finish_task_switch+0x1d3/0x890 [ 706.664340] ? syscall_return_slowpath+0x5e0/0x5e0 [ 706.669276] ? syscall_return_slowpath+0x31d/0x5e0 [ 706.674218] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 706.679584] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 706.684431] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 706.689618] RIP: 0033:0x455a99 09:01:25 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x1f) ioctl(r0, 0x4000008912, &(0x7f0000000100)="297ee1311f16f477671070") r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x80000) ioctl$KDGETKEYCODE(r2, 0x4b4c, &(0x7f0000000000)={0x8, 0x401}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_ADD(r1, 0x4c81, r3) 09:01:25 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:25 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:25 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x80ffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:25 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x48000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:25 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128l\x00'}, 0x58) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x801, 0x0) ioctl$RNDADDENTROPY(r1, 0x40085203, &(0x7f0000000240)=ANY=[@ANYBLOB="06000000a0000000e8b48d977e78f49e7b42189a8ce2b08b58ddcd05d68c02263ac5fb54c1e10204cd9c968b593229b6c30bda404de6d3a9a5a0bec08bb7d76692c546e8c3d2e19ffdd9590b127de8b7f74f19139ed5c02d5c3835add462cfe6fe0efa749e4fa2f493815cc57517e49809d163656e71586622e8f04c0b01ec13872d12a17f935fbd9bdc02f0b3e3ab1df35efcd400db9104569cd01bd781f5351e96ad02000a3e64afd4929c94fb4d72f7eb6d8d19003b93bb4e46e425e58b09c17b0b88a366acf17cb9d1cc8ec3b612b3f8124a3ecdce17a5ed1dde0510b70293da444fa8aa9ba99fbdcc6c95998e211ab8f5ed1675f6806bae7152ac3ccd9dd94f76fc4ca494b735027ce32c677cc625abe039a90fba3ad09414828bb14a4f8e0fb14ddb5a8af0f1221d0ef81ef8fe67c07bbb3b9f5b02f0e4d98f5c6b3566809d345d5664184d200d9f4c43d85efb851e1f6612614839be75dffc50a9a14e321bf80d8c5d87f2ed1fcce9954778e587df1180cff2c0ea4324423ca6b8d8"]) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080), 0x0) [ 706.692798] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 706.712175] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 706.719881] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 706.727144] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 706.734421] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 706.741686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 706.748954] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000004a 09:01:25 executing program 4 (fault-call:4 fault-nth:75): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:26 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x1f) ioctl(r0, 0x4000008912, &(0x7f0000000100)="297ee1311f16f477671070") r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x80000) ioctl$KDGETKEYCODE(r2, 0x4b4c, &(0x7f0000000000)={0x8, 0x401}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_ADD(r1, 0x4c81, r3) 09:01:26 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:26 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x5ddc1f5c5c000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:26 executing program 1: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x700c0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000880)=@nat={'nat\x00', 0x19, 0x3, 0x488, [0x200003c0, 0x0, 0x0, 0x20000660, 0x20000690], 0x0, &(0x7f0000000380), &(0x7f00000003c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x9, 0x2, 0x6001, 'bond0\x00', 'bridge_slave_1\x00', 'veth1_to_bridge\x00', 'team0\x00', @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [0x0, 0xff, 0x0, 0xff, 0xff, 0xff], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [0x0, 0xff, 0xff, 0xff, 0xff], 0xd8, 0x110, 0x148, [@cpu={'cpu\x00', 0x8, {{0xfffffffffffffffc}}}, @realm={'realm\x00', 0x10, {{0x7, 0x6}}}]}, [@snat={'snat\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 0x10}}}]}, @arpreply={'arpreply\x00', 0x10, {{@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x10}, 0xffffffffffffffff}}}}, {{{0x11, 0x48, 0x6000, 'lo\x00', 'bcsf0\x00', 'lo\x00', 'veth0_to_bridge\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, [0xff, 0x0, 0xff, 0xff, 0x0, 0xff], @empty, [0xff, 0x0, 0x0, 0xff, 0xff, 0xff], 0x70, 0xf0, 0x128}, [@snat={'snat\x00', 0x10, {{@broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], 0x10}}}, @common=@ERROR={'ERROR\x00', 0x20, {"43d7f7de5c0dca89d7003b9a23440ec2ee0d7cdd78a5fc1963299faa028f"}}]}, @snat={'snat\x00', 0x10}}]}, {0x0, '\x00', 0x2}, {0x0, '\x00', 0x2, 0xfffffffffffffffe, 0x1, [{{{0x9, 0x18, 0x8917, 'yam0\x00', 'gre0\x00', 'nr0\x00', 'veth1\x00', @random="c25b09c8ae00", [0xff, 0xff, 0xff], @random="818198d4e671", [0xff, 0xff, 0xff, 0xff, 0xff, 0xff], 0xe0, 0x150, 0x188, [@time={'time\x00', 0x18, {{0xffff, 0x1f, 0x144d0, 0x3b77, 0x1, 0x400, 0x3}}}, @state={'state\x00', 0x8, {{0x7000000000000000}}}]}, [@snat={'snat\x00', 0x10, {{@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, 0xffffffffffffffff}}}, @arpreply={'arpreply\x00', 0x10, {{@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, 0xfffffffffffffffd}}}]}, @arpreply={'arpreply\x00', 0x10, {{@random="2c3cf544db61", 0xfffffffffffffffd}}}}]}]}, 0x500) ioctl$KVM_DEASSIGN_PCI_DEVICE(r0, 0x4040ae72, &(0x7f0000000240)={0x8, 0x3, 0x0, 0x4, 0x20}) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)={&(0x7f0000000000)='./file0\x00', r0}, 0x10) r1 = getuid() quotactl(0x1, &(0x7f0000000100)='./file0/file0/file0\x00', r1, &(0x7f0000000140)="098626c5b69c") mount(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='proc\x00', 0x80, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340), 0x0) syz_fuseblk_mount(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='nv\x00', 0x3) mknod$loop(&(0x7f0000000280)='./file0/file0/file0\x00', 0x3a, 0x0) 09:01:26 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 706.937949] FAULT_INJECTION: forcing a failure. [ 706.937949] name failslab, interval 1, probability 0, space 0, times 0 [ 706.949264] CPU: 0 PID: 23524 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 706.956630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 706.965989] Call Trace: [ 706.968589] dump_stack+0x1c9/0x2b4 [ 706.972229] ? dump_stack_print_info.cold.2+0x52/0x52 [ 706.977437] ? kernel_text_address+0x79/0xf0 [ 706.981862] should_fail.cold.4+0xa/0x1a 09:01:26 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-aesni\x00'}, 0xffffffffffffff46) accept$alg(r1, 0x0, 0x0) 09:01:26 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:26 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) [ 706.985935] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 706.991053] ? graph_lock+0x170/0x170 [ 706.994858] ? save_stack+0x43/0xd0 [ 706.998489] ? kasan_kmalloc+0xc4/0xe0 [ 707.002386] ? find_held_lock+0x36/0x1c0 [ 707.006461] ? __lock_is_held+0xb5/0x140 [ 707.010539] ? check_same_owner+0x340/0x340 [ 707.014872] ? rcu_note_context_switch+0x730/0x730 [ 707.019810] __should_failslab+0x124/0x180 [ 707.024087] should_failslab+0x9/0x14 [ 707.027897] kmem_cache_alloc_node_trace+0x26f/0x770 [ 707.033028] __kmalloc_node_track_caller+0x33/0x70 [ 707.037962] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 707.042723] __alloc_skb+0x155/0x790 [ 707.046440] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 707.051978] ? skb_scrub_packet+0x580/0x580 [ 707.056306] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 707.061843] ? ip_generic_getfrag+0x124/0x2e0 [ 707.066340] ? ip_reply_glue_bits+0xc0/0xc0 [ 707.070660] ? trace_hardirqs_on+0x10/0x10 [ 707.074904] ? raw_getfrag+0x15b/0x220 [ 707.078882] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 707.083911] __ip_append_data.isra.47+0x2248/0x2a90 [ 707.088940] ? raw_destroy+0x30/0x30 [ 707.092665] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 707.098470] ? ipv4_mtu+0x37d/0x590 [ 707.102100] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 707.107555] ? find_held_lock+0x36/0x1c0 [ 707.111631] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 707.117171] ip_append_data.part.48+0xf3/0x180 [ 707.121754] ? raw_destroy+0x30/0x30 [ 707.125471] ip_append_data+0x6d/0x90 [ 707.129269] ? raw_destroy+0x30/0x30 [ 707.132990] raw_sendmsg+0x1db4/0x29c0 [ 707.136892] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 707.141993] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 707.146428] ? find_held_lock+0x36/0x1c0 [ 707.150502] ? lock_downgrade+0x8f0/0x8f0 [ 707.154650] ? lock_release+0xa30/0xa30 [ 707.158620] ? check_same_owner+0x340/0x340 [ 707.162942] ? __check_object_size+0x9d/0x5f2 [ 707.167442] inet_sendmsg+0x1a1/0x690 [ 707.171245] ? ipip_gro_receive+0x100/0x100 [ 707.175570] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 707.181107] ? security_socket_sendmsg+0x94/0xc0 [ 707.185882] ? ipip_gro_receive+0x100/0x100 [ 707.190207] sock_sendmsg+0xd5/0x120 [ 707.193923] __sys_sendto+0x3d7/0x670 [ 707.197738] ? __ia32_sys_getpeername+0xb0/0xb0 [ 707.202421] ? wait_for_completion+0x8d0/0x8d0 [ 707.207004] ? __lock_is_held+0xb5/0x140 [ 707.211077] ? __sb_end_write+0xac/0xe0 [ 707.215065] ? __ia32_sys_read+0xb0/0xb0 [ 707.219213] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 707.224756] __x64_sys_sendto+0xe1/0x1a0 [ 707.228817] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 707.233835] do_syscall_64+0x1b9/0x820 [ 707.237727] ? finish_task_switch+0x1d3/0x890 [ 707.242223] ? syscall_return_slowpath+0x5e0/0x5e0 [ 707.247155] ? syscall_return_slowpath+0x31d/0x5e0 [ 707.252091] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 707.257462] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 707.262309] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 707.267496] RIP: 0033:0x455a99 09:01:26 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:26 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0xffffff80], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 707.270677] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 707.290052] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 707.297763] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 707.305029] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 707.312295] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 707.319568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 707.326845] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000004b 09:01:26 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x1f) ioctl(r0, 0x4000008912, &(0x7f0000000100)="297ee1311f16f477671070") r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x80000) ioctl$KDGETKEYCODE(r2, 0x4b4c, &(0x7f0000000000)={0x8, 0x401}) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_ADD(r1, 0x4c81, r3) 09:01:26 executing program 4 (fault-call:4 fault-nth:76): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:26 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5dc, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:26 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x1000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:26 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6e090000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 707.502007] FAULT_INJECTION: forcing a failure. [ 707.502007] name failslab, interval 1, probability 0, space 0, times 0 [ 707.513414] CPU: 0 PID: 23558 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 707.520782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 707.530123] Call Trace: [ 707.532707] dump_stack+0x1c9/0x2b4 [ 707.536324] ? dump_stack_print_info.cold.2+0x52/0x52 [ 707.541498] ? kernel_text_address+0x79/0xf0 [ 707.545897] should_fail.cold.4+0xa/0x1a [ 707.549946] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 707.555039] ? graph_lock+0x170/0x170 [ 707.558825] ? save_stack+0x43/0xd0 [ 707.562434] ? kasan_kmalloc+0xc4/0xe0 [ 707.566310] ? find_held_lock+0x36/0x1c0 [ 707.570368] ? __lock_is_held+0xb5/0x140 [ 707.574425] ? check_same_owner+0x340/0x340 [ 707.578735] ? rcu_note_context_switch+0x730/0x730 [ 707.583649] __should_failslab+0x124/0x180 [ 707.587878] should_failslab+0x9/0x14 [ 707.591663] kmem_cache_alloc_node_trace+0x26f/0x770 [ 707.596756] __kmalloc_node_track_caller+0x33/0x70 [ 707.601672] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 707.606415] __alloc_skb+0x155/0x790 [ 707.610114] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 707.615638] ? skb_scrub_packet+0x580/0x580 [ 707.619944] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 707.625464] ? ip_generic_getfrag+0x124/0x2e0 [ 707.629944] ? ip_reply_glue_bits+0xc0/0xc0 [ 707.634249] ? trace_hardirqs_on+0x10/0x10 [ 707.638472] ? raw_getfrag+0x15b/0x220 [ 707.642346] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 707.647350] __ip_append_data.isra.47+0x2248/0x2a90 [ 707.652353] ? raw_destroy+0x30/0x30 [ 707.656059] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 707.661846] ? ipv4_mtu+0x37d/0x590 [ 707.665459] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 707.670894] ? find_held_lock+0x36/0x1c0 [ 707.674946] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 707.680473] ip_append_data.part.48+0xf3/0x180 [ 707.685042] ? raw_destroy+0x30/0x30 [ 707.688745] ip_append_data+0x6d/0x90 [ 707.692527] ? raw_destroy+0x30/0x30 [ 707.696229] raw_sendmsg+0x1db4/0x29c0 [ 707.700113] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 707.705201] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 707.709610] ? find_held_lock+0x36/0x1c0 [ 707.713670] ? lock_downgrade+0x8f0/0x8f0 [ 707.717804] ? lock_release+0xa30/0xa30 [ 707.721763] ? check_same_owner+0x340/0x340 [ 707.726072] ? __check_object_size+0x9d/0x5f2 [ 707.730559] inet_sendmsg+0x1a1/0x690 [ 707.734349] ? ipip_gro_receive+0x100/0x100 [ 707.738654] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 707.744179] ? security_socket_sendmsg+0x94/0xc0 [ 707.748917] ? ipip_gro_receive+0x100/0x100 [ 707.753238] sock_sendmsg+0xd5/0x120 [ 707.756946] __sys_sendto+0x3d7/0x670 [ 707.760736] ? __ia32_sys_getpeername+0xb0/0xb0 [ 707.765390] ? wait_for_completion+0x8d0/0x8d0 [ 707.769958] ? __lock_is_held+0xb5/0x140 [ 707.774014] ? __sb_end_write+0xac/0xe0 [ 707.777985] ? __ia32_sys_read+0xb0/0xb0 [ 707.782032] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 707.787554] __x64_sys_sendto+0xe1/0x1a0 [ 707.791600] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 707.796686] do_syscall_64+0x1b9/0x820 [ 707.800555] ? finish_task_switch+0x1d3/0x890 [ 707.805036] ? syscall_return_slowpath+0x5e0/0x5e0 [ 707.809960] ? syscall_return_slowpath+0x31d/0x5e0 [ 707.814885] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 707.820235] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 707.825080] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 707.830254] RIP: 0033:0x455a99 [ 707.833421] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:27 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x2], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 707.852649] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 707.860342] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 707.867592] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 707.874847] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 707.882099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 707.889349] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000004c 09:01:27 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:27 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x1f) ioctl(r0, 0x4000008912, &(0x7f0000000100)="297ee1311f16f477671070") r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x80000) ioctl$KDGETKEYCODE(r2, 0x4b4c, &(0x7f0000000000)={0x8, 0x401}) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) 09:01:27 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7a00, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:27 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x4], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:27 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0xffffff7f00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:27 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:27 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:27 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x96e, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:27 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0xfbffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:27 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x1f) ioctl(r0, 0x4000008912, &(0x7f0000000100)="297ee1311f16f477671070") r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) dup3(r1, r0, 0x80000) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) 09:01:27 executing program 4 (fault-call:4 fault-nth:77): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:27 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000000)="295ee1311f16f477671070") r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000d0fff5)='/dev/audio\x00', 0x802, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$binfmt_misc(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="0062f84f6071572b54a3a28a0270c8c8b54a586ebc26d92a036850ffff000000000000f09ab3b210e1db60fafab82b7a5ff08e25cd21d5b2fd27f7c25083f4a42e4276f0b959747cccc0b3b7cb9a546524b92c2fc205421a60c648f758f66ecaa35ec8250a3013361778fdf6fda146840160e79e83cbb80936c11a9b2169dc7d7cffdb2bd7d27aa752d22603e9ffc2ca61ee4b2f4062f54b3b87fd7f142532946f706f57f734752862747e55b85559b1442046b653f2e360a1b46891fa36008645d36300d30f84434a7920ec090e47"], 0x1) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl$int_in(r1, 0x800000800c5012, &(0x7f0000000500)) 09:01:27 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xc00, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:27 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x100000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:27 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x40030000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:27 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x600000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 708.304576] FAULT_INJECTION: forcing a failure. [ 708.304576] name failslab, interval 1, probability 0, space 0, times 0 [ 708.315878] CPU: 1 PID: 23605 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 708.323229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 708.332570] Call Trace: [ 708.335152] dump_stack+0x1c9/0x2b4 [ 708.338770] ? dump_stack_print_info.cold.2+0x52/0x52 [ 708.343961] ? kernel_text_address+0x79/0xf0 [ 708.348363] should_fail.cold.4+0xa/0x1a [ 708.352416] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 708.357510] ? graph_lock+0x170/0x170 [ 708.361299] ? save_stack+0x43/0xd0 [ 708.364922] ? kasan_kmalloc+0xc4/0xe0 [ 708.368804] ? find_held_lock+0x36/0x1c0 [ 708.372855] ? __lock_is_held+0xb5/0x140 [ 708.376919] ? check_same_owner+0x340/0x340 [ 708.381229] ? rcu_note_context_switch+0x730/0x730 [ 708.386147] __should_failslab+0x124/0x180 [ 708.390372] should_failslab+0x9/0x14 [ 708.394161] kmem_cache_alloc_node_trace+0x26f/0x770 [ 708.399253] __kmalloc_node_track_caller+0x33/0x70 [ 708.404173] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 708.408915] __alloc_skb+0x155/0x790 [ 708.412616] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 708.418137] ? skb_scrub_packet+0x580/0x580 [ 708.422447] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 708.427970] ? ip_generic_getfrag+0x124/0x2e0 [ 708.432451] ? ip_reply_glue_bits+0xc0/0xc0 [ 708.436759] ? trace_hardirqs_on+0x10/0x10 [ 708.440983] ? raw_getfrag+0x15b/0x220 [ 708.444879] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 708.449886] __ip_append_data.isra.47+0x2248/0x2a90 [ 708.454905] ? raw_destroy+0x30/0x30 [ 708.458619] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 708.464407] ? ipv4_mtu+0x37d/0x590 [ 708.468027] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 708.473480] ? find_held_lock+0x36/0x1c0 [ 708.477540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 708.483069] ip_append_data.part.48+0xf3/0x180 [ 708.487635] ? raw_destroy+0x30/0x30 [ 708.491334] ip_append_data+0x6d/0x90 [ 708.495119] ? raw_destroy+0x30/0x30 [ 708.498820] raw_sendmsg+0x1db4/0x29c0 [ 708.502698] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 708.507783] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 708.512193] ? find_held_lock+0x36/0x1c0 [ 708.516243] ? lock_downgrade+0x8f0/0x8f0 [ 708.520395] ? lock_release+0xa30/0xa30 [ 708.524354] ? check_same_owner+0x340/0x340 [ 708.528662] ? __check_object_size+0x9d/0x5f2 [ 708.533145] inet_sendmsg+0x1a1/0x690 [ 708.537024] ? ipip_gro_receive+0x100/0x100 [ 708.541356] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 708.546880] ? security_socket_sendmsg+0x94/0xc0 [ 708.551618] ? ipip_gro_receive+0x100/0x100 [ 708.555926] sock_sendmsg+0xd5/0x120 [ 708.559627] __sys_sendto+0x3d7/0x670 [ 708.563414] ? __ia32_sys_getpeername+0xb0/0xb0 [ 708.568067] ? wait_for_completion+0x8d0/0x8d0 [ 708.572634] ? __lock_is_held+0xb5/0x140 [ 708.576689] ? __sb_end_write+0xac/0xe0 [ 708.580663] ? __ia32_sys_read+0xb0/0xb0 [ 708.584706] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 708.590228] __x64_sys_sendto+0xe1/0x1a0 [ 708.594275] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 708.599277] do_syscall_64+0x1b9/0x820 [ 708.603157] ? syscall_slow_exit_work+0x500/0x500 [ 708.607983] ? syscall_return_slowpath+0x5e0/0x5e0 [ 708.612900] ? syscall_return_slowpath+0x31d/0x5e0 [ 708.617816] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 708.623166] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 708.628001] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 708.633178] RIP: 0033:0x455a99 [ 708.636349] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:27 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x1f) ioctl(r0, 0x4000008912, &(0x7f0000000100)="297ee1311f16f477671070") r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) dup3(r1, r0, 0x80000) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) [ 708.655593] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 708.663285] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 708.670539] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 708.677791] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 708.685131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 708.692381] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000004d 09:01:27 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xf00000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:27 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6800000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:27 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0xfbffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:27 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x4000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:27 executing program 4 (fault-call:4 fault-nth:78): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) [ 708.886649] FAULT_INJECTION: forcing a failure. [ 708.886649] name failslab, interval 1, probability 0, space 0, times 0 [ 708.897999] CPU: 0 PID: 23633 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 708.905364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 708.914710] Call Trace: [ 708.917305] dump_stack+0x1c9/0x2b4 [ 708.920935] ? dump_stack_print_info.cold.2+0x52/0x52 [ 708.926129] ? unwind_get_return_address+0x61/0xa0 [ 708.931070] ? graph_lock+0x170/0x170 [ 708.934884] should_fail.cold.4+0xa/0x1a [ 708.938961] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 708.944079] ? __lock_is_held+0xb5/0x140 [ 708.948143] ? __kmalloc_node_track_caller+0x47/0x70 [ 708.953248] ? graph_lock+0x170/0x170 [ 708.957058] ? find_held_lock+0x36/0x1c0 [ 708.961127] ? __lock_is_held+0xb5/0x140 [ 708.965197] ? check_same_owner+0x340/0x340 [ 708.969525] ? rcu_note_context_switch+0x730/0x730 [ 708.974452] ? kmem_cache_alloc_node_trace+0x34e/0x770 [ 708.979728] __should_failslab+0x124/0x180 [ 708.983965] should_failslab+0x9/0x14 [ 708.987769] kmem_cache_alloc_node+0x272/0x780 [ 708.992353] ? __kmalloc_node_track_caller+0x47/0x70 [ 708.997463] __alloc_skb+0x119/0x790 [ 709.001178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 709.006714] ? skb_scrub_packet+0x580/0x580 [ 709.011038] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 709.016574] ? ip_generic_getfrag+0x124/0x2e0 [ 709.021070] ? ip_reply_glue_bits+0xc0/0xc0 [ 709.025395] ? trace_hardirqs_on+0x10/0x10 [ 709.029635] ? raw_getfrag+0x15b/0x220 [ 709.033519] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 709.038537] __ip_append_data.isra.47+0x2248/0x2a90 [ 709.043558] ? raw_destroy+0x30/0x30 [ 709.047282] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 709.053083] ? ipv4_mtu+0x37d/0x590 [ 709.056709] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 709.062157] ? find_held_lock+0x36/0x1c0 [ 709.066230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 709.071771] ip_append_data.part.48+0xf3/0x180 [ 709.076352] ? raw_destroy+0x30/0x30 [ 709.080065] ip_append_data+0x6d/0x90 [ 709.083863] ? raw_destroy+0x30/0x30 [ 709.087586] raw_sendmsg+0x1db4/0x29c0 [ 709.091483] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 709.096606] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 709.101037] ? find_held_lock+0x36/0x1c0 [ 709.105105] ? lock_downgrade+0x8f0/0x8f0 [ 709.109254] ? lock_release+0xa30/0xa30 [ 709.113228] ? check_same_owner+0x340/0x340 [ 709.117559] ? __check_object_size+0x9d/0x5f2 [ 709.122057] inet_sendmsg+0x1a1/0x690 [ 709.125860] ? ipip_gro_receive+0x100/0x100 [ 709.130186] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 709.135726] ? security_socket_sendmsg+0x94/0xc0 [ 709.140479] ? ipip_gro_receive+0x100/0x100 [ 709.144802] sock_sendmsg+0xd5/0x120 [ 709.148520] __sys_sendto+0x3d7/0x670 [ 709.152321] ? __ia32_sys_getpeername+0xb0/0xb0 [ 709.157026] ? wait_for_completion+0x8d0/0x8d0 [ 709.161614] ? __lock_is_held+0xb5/0x140 [ 709.165687] ? __sb_end_write+0xac/0xe0 [ 709.169668] ? __ia32_sys_read+0xb0/0xb0 [ 709.173724] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 709.179264] __x64_sys_sendto+0xe1/0x1a0 [ 709.183326] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 709.188345] do_syscall_64+0x1b9/0x820 [ 709.192230] ? finish_task_switch+0x1d3/0x890 [ 709.196724] ? syscall_return_slowpath+0x5e0/0x5e0 [ 709.201651] ? syscall_return_slowpath+0x31d/0x5e0 [ 709.206584] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 709.211948] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 709.216803] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 709.221992] RIP: 0033:0x455a99 [ 709.225172] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 709.244546] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 709.252256] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 709.259520] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 709.266783] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 709.274047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 709.281313] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000004e 09:01:28 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:28 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xa000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:28 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x1f) ioctl(r0, 0x4000008912, &(0x7f0000000100)="297ee1311f16f477671070") r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) dup3(r1, r0, 0x80000) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) 09:01:28 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:28 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0xffffff7f], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:28 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0xfbffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:28 executing program 1: r0 = memfd_create(&(0x7f0000033ff3)='\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x20005) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r1, 0xc0105303, &(0x7f0000000000)={0x3c847480}) ioctl$sock_SIOCGIFCONF(r0, 0x8910, &(0x7f0000000040)=@req) dup2(r1, r0) write$sndseq(r0, &(0x7f0000000240)=[{0x7fff, 0x0, 0x0, 0x0, @tick, {}, {}, @quote={{}, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, @time}}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32}], 0x60) 09:01:28 executing program 4 (fault-call:4 fault-nth:79): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:28 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x5, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 709.466864] FAULT_INJECTION: forcing a failure. [ 709.466864] name failslab, interval 1, probability 0, space 0, times 0 [ 709.478185] CPU: 1 PID: 23656 Comm: syz-executor4 Not tainted 4.18.0-rc2+ #118 [ 709.485550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 709.494903] Call Trace: [ 709.497496] dump_stack+0x1c9/0x2b4 [ 709.501131] ? dump_stack_print_info.cold.2+0x52/0x52 [ 709.506329] ? kernel_text_address+0x79/0xf0 [ 709.510748] should_fail.cold.4+0xa/0x1a [ 709.514818] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 709.519932] ? graph_lock+0x170/0x170 [ 709.523739] ? save_stack+0x43/0xd0 [ 709.527369] ? kasan_kmalloc+0xc4/0xe0 [ 709.531262] ? find_held_lock+0x36/0x1c0 [ 709.535330] ? __lock_is_held+0xb5/0x140 [ 709.539401] ? check_same_owner+0x340/0x340 [ 709.543724] ? rcu_note_context_switch+0x730/0x730 [ 709.548670] __should_failslab+0x124/0x180 [ 709.552919] should_failslab+0x9/0x14 [ 709.556732] kmem_cache_alloc_node_trace+0x26f/0x770 [ 709.561858] __kmalloc_node_track_caller+0x33/0x70 09:01:28 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x1f) ioctl(r0, 0x4000008912, &(0x7f0000000100)="297ee1311f16f477671070") r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) 09:01:28 executing program 1: r0 = gettid() r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x10000, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f0000000080)={0x1, 0x7, 0x123, 0x4}) timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000)) r2 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vsock\x00', 0x20000, 0x0) read(r2, &(0x7f00000001c0)=""/105, 0x69) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r1, 0x50, &(0x7f00000000c0)}, 0x10) ioctl$KVM_SET_NR_MMU_PAGES(r3, 0x9204, 0x3) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r0, 0x15) [ 709.566796] __kmalloc_reserve.isra.40+0x3a/0xe0 [ 709.571567] __alloc_skb+0x155/0x790 [ 709.575288] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 709.580826] ? skb_scrub_packet+0x580/0x580 [ 709.585157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 709.590698] ? ip_generic_getfrag+0x124/0x2e0 [ 709.595196] ? ip_reply_glue_bits+0xc0/0xc0 [ 709.599525] ? trace_hardirqs_on+0x10/0x10 [ 709.603766] ? raw_getfrag+0x15b/0x220 [ 709.607657] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 709.612687] __ip_append_data.isra.47+0x2248/0x2a90 [ 709.617718] ? raw_destroy+0x30/0x30 [ 709.621462] ? __ip_flush_pending_frames.isra.43+0x2d0/0x2d0 [ 709.627275] ? ipv4_mtu+0x37d/0x590 [ 709.630919] ? __build_flow_key.constprop.53+0x5f0/0x5f0 [ 709.636379] ? find_held_lock+0x36/0x1c0 [ 709.640468] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 709.646012] ip_append_data.part.48+0xf3/0x180 [ 709.650600] ? raw_destroy+0x30/0x30 [ 709.654316] ip_append_data+0x6d/0x90 [ 709.658113] ? raw_destroy+0x30/0x30 [ 709.661831] raw_sendmsg+0x1db4/0x29c0 [ 709.665735] ? raw_send_hdrinc.isra.21+0x19f0/0x19f0 [ 709.670839] ? rcu_report_qs_rnp+0x7a0/0x7a0 [ 709.675271] ? find_held_lock+0x36/0x1c0 [ 709.679343] ? lock_downgrade+0x8f0/0x8f0 [ 709.683495] ? lock_release+0xa30/0xa30 [ 709.687473] ? check_same_owner+0x340/0x340 [ 709.691793] ? __check_object_size+0x9d/0x5f2 [ 709.696278] inet_sendmsg+0x1a1/0x690 [ 709.700070] ? ipip_gro_receive+0x100/0x100 [ 709.704384] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 709.709910] ? security_socket_sendmsg+0x94/0xc0 [ 709.714649] ? ipip_gro_receive+0x100/0x100 [ 709.718960] sock_sendmsg+0xd5/0x120 [ 709.722661] __sys_sendto+0x3d7/0x670 [ 709.726453] ? __ia32_sys_getpeername+0xb0/0xb0 [ 709.731110] ? wait_for_completion+0x8d0/0x8d0 [ 709.735680] ? __lock_is_held+0xb5/0x140 [ 709.739736] ? __sb_end_write+0xac/0xe0 [ 709.743704] ? __ia32_sys_read+0xb0/0xb0 [ 709.747748] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 709.753273] __x64_sys_sendto+0xe1/0x1a0 [ 709.757321] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 709.762323] do_syscall_64+0x1b9/0x820 [ 709.766208] ? finish_task_switch+0x1d3/0x890 [ 709.770692] ? syscall_return_slowpath+0x5e0/0x5e0 [ 709.775609] ? syscall_return_slowpath+0x31d/0x5e0 [ 709.780529] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 709.785878] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 709.790713] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 709.795885] RIP: 0033:0x455a99 [ 709.799065] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:29 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:29 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x2000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:29 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x5c5b311ff2], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 709.818296] RSP: 002b:00007f10dc962c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 709.825997] RAX: ffffffffffffffda RBX: 00007f10dc9636d4 RCX: 0000000000455a99 [ 709.833255] RDX: 000000000000ffeb RSI: 0000000020000080 RDI: 0000000000000014 [ 709.840509] RBP: 000000000072bea0 R08: 0000000020000d00 R09: 0000000000000063 [ 709.847770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 709.855027] R13: 00000000004c0f2e R14: 00000000004d0e60 R15: 000000000000004f 09:01:29 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x600, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:29 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:29 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x400300], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:29 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x1f) ioctl(r0, 0x4000008912, &(0x7f0000000100)="297ee1311f16f477671070") ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) 09:01:29 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x4], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:29 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:29 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4800, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:29 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:29 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xffeb, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) [ 710.435662] Unknown ioctl 37380 [ 710.500787] Unknown ioctl 37380 09:01:29 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff8d, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:29 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x1f) ioctl(r0, 0x4000008912, &(0x7f0000000100)="297ee1311f16f477671070") ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) 09:01:29 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xd020, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="d259b3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x400000, 0x0) r4 = inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x300) inotify_rm_watch(r3, r4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000000), 0x1000000000000040) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:01:29 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x34000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:29 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xffffffff00000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:29 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x100000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:29 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f47767") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:29 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:29 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6c000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:29 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x1f) ioctl(r0, 0x4000008912, &(0x7f0000000100)="297ee1311f16f477671070") ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) 09:01:29 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x400000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:29 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x6810, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:29 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0xfbffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:29 executing program 1: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x50800, 0x0) ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f00000001c0)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x5d, &(0x7f0000000580), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000100)="0f0103f26d67f2f7320fc79b000000000f01cbc4c23dab8b0a000000f2a3381dd45266baf80cb8bcbd3f80ef66bafc0cb803000000ef0f239df20f5a5b00", 0x3e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="0f23d20f01c966b8060000000f23c00f21f86635010007000f23f80f080f73d5a9360f080f5f9000003ef236d3dcbaf80c66b84c90b58666efbafc0cedbaf80c66b80e76718066efbafc0cb003ee", 0x4e}], 0x1, 0x0, &(0x7f0000000140), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 09:01:30 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:30 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xca58, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:30 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f47767") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:30 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0xfffffffb], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:30 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:30 executing program 3: socket$inet6(0xa, 0x1, 0x1f) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 09:01:30 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x2000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:30 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xf000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:30 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x20000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:30 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xe740, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:30 executing program 1: capset(&(0x7f0000000080)={0x1998032f}, &(0x7f00005ccfe8)={0x80, 0x0, 0x0, 0x0, 0x0, 0xffffdfffffff0101}) r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) sendmsg$can_bcm(r1, &(0x7f0000000280)={&(0x7f00000000c0)={0x1d, r2}, 0x10, &(0x7f0000000240)={&(0x7f00000001c0)={0x5, 0x4, 0x1c000000000, {r3, r4/1000+30000}, {0x0, 0x2710}, {0x2, 0x8c15, 0x6, 0x200}, 0x1, @can={{0x2, 0x74, 0x100000000, 0x400}, 0x6, 0x1, 0x0, 0x0, "5fa2b1ebfd596fff"}}, 0x48}, 0x1, 0x0, 0x0, 0x24004000}, 0x8011) r5 = inotify_init1(0x0) fcntl$setown(r5, 0x8, 0xffffffffffffffff) fcntl$getownex(r5, 0x10, &(0x7f000045fff8)={0x0, 0x0}) fcntl$getownex(r0, 0x10, &(0x7f0000000000)) move_pages(r6, 0x0, &(0x7f00000002c0), 0x0, &(0x7f00000000c0), 0x0) 09:01:30 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:30 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x400300], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:30 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 09:01:30 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:30 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xa00000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:30 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f47767") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f47767") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:30 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x1000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:30 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) 09:01:30 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xb000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:30 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0xfffffffb], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:30 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x2, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:30 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:30 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0xfbffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:30 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x39d0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:30 executing program 3 (fault-call:1 fault-nth:0): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 09:01:30 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:30 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f4776710") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f47767") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:30 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x40030000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:30 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2000000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:30 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x100000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:30 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffff, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:30 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 09:01:30 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xb900, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:30 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x74000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:30 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x4000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:30 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f4776710") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:30 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0xc0045878) 09:01:30 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x400300], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:30 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000280)="295ee1311f16f477671070") mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) timer_create(0x3, &(0x7f0000000100)={0x0, 0x5, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000140)=0x0) clock_gettime(0x0, &(0x7f0000001c40)={0x0, 0x0}) recvmmsg(r0, &(0x7f0000001bc0)=[{{&(0x7f00000002c0)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000340)=""/129, 0x81}, {&(0x7f0000000400)=""/81, 0x51}, {&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000001480)=""/153, 0x99}], 0x4, &(0x7f0000001540)=""/57, 0x39, 0x80000000}, 0x1f}, {{&(0x7f0000001580)=@in={0x0, 0x0, @dev}, 0x80, &(0x7f0000001a40)=[{&(0x7f0000001600)=""/137, 0x89}, {&(0x7f00000016c0)=""/127, 0x7f}, {&(0x7f0000001740)=""/48, 0x30}, {&(0x7f0000001780)=""/167, 0xa7}, {&(0x7f0000001840)=""/157, 0x9d}, {&(0x7f0000001900)=""/88, 0x58}, {&(0x7f0000001980)=""/191, 0xbf}], 0x7, &(0x7f0000001ac0)=""/216, 0xd8, 0x100000001}, 0x4}], 0x2, 0x1, &(0x7f0000001c80)={r3, r4+10000000}) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001cc0)='mounts\x00') getdents(r5, &(0x7f0000001d00)=""/29, 0x1d) timer_getoverrun(r2) r6 = accept4(0xffffffffffffffff, &(0x7f0000000000)=@sco, &(0x7f00000000c0)=0x80, 0x0) getgid() ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000180)=0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x11, 0x2, @tid=r7}, &(0x7f0000000200)) setsockopt$RDS_RECVERR(r1, 0x114, 0xa, &(0x7f0000000080), 0x4) 09:01:30 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xb00, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:30 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xd5e8, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:30 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1f00000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:30 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0xfbffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:30 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x5451) 09:01:31 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x5c5c1fdc5d], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:31 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3b00, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:31 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000000)="295ee1311f16f477671070") r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000400)='/dev/sequencer\x00', 0x48800, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1040000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x78, r2, 0x300, 0x70bd2b, 0x25dfdbfd, {0xd}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5e}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x400}, @IPVS_CMD_ATTR_DEST={0x30, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e21}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@ipv4={[], [0xff, 0xff]}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x6c5be961b8491270}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xd2b}]}, 0x78}, 0x1, 0x0, 0x0, 0x40}, 0x20000040) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(morus640)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r4 = accept$alg(r3, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={0x0}, &(0x7f0000000140)=0xc) setpriority(0x3, r5, 0x2) recvmmsg(r4, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) 09:01:31 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f4776710") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:31 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7a00000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:31 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x200000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:31 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x7f30, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:31 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x40049409) 09:01:31 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xdc05000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:31 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x4], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:31 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x2) 09:01:31 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:31 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x1000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:31 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xad70, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:31 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x5452) 09:01:31 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:31 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0xffffff7f00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:31 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:31 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0xc0189436) 09:01:31 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x500, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:31 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x4000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:31 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x1ce8, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:31 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000000)="295ee1311f16f477671070") r1 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xffffffffffffffff) r2 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, 0x0, 0x0, r1) r3 = add_key$user(&(0x7f00003bd000)='user\x00', &(0x7f0000a00000)={0x73, 0x79, 0x7a}, &(0x7f0000facfff)="01", 0x1, r2) r4 = add_key$user(&(0x7f0000fc0ffb)='user\x00', &(0x7f0000752ffb)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000001940)="b3", 0x1, r2) keyctl$update(0x2, r4, &(0x7f0000000780)="df02754689212dfc3e2acc26fdc3ff864813da494137e175e9f2780ac5e2a09f43a1fcebf272a5a135de92bf4a9033933824f6e6aa023895117054ac2f1c00ad642733d9f84eee66d20e0f2751e18774fc2227cbb60fc68b143963541844fe7d4199d50e69010000006164c8f3e1181e6d50986cd98a5c44ac0ec3755bae750fe9a073eadeb27eafcf10d82f9aa122e7dc2faed85adcd88ca30e07000000002d94defa187e48b89efbbbcc9b9a9aaffce4e9149e5d3aa299f97c682a404ef6b122", 0xc1) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000880)=ANY=[@ANYBLOB="6d616e676c6500000000000000000000000000000000000000000000000000001f00000006000000b8060000f0030000d8020000d8020000f804000000000000e8050000e8050000e8050000e8050000e805000006000000", @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e9ffffffffffffff00000000000000000000000000000000000000000000000000000000000000"], @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180160010000000000000000000000000000000000000000000000002800686c000000000000000000000000000000000000000000000000000000000204000000000000280069707636686561646572000000000000000000000000000000000000000008830000000000004800444e50540000000000000000000000000000000000000000000000000000ff010000000000000000000000000001ac1414aa0000000000000000000000001a2e060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffff00ffffff0000000000ffffffff69666230000000000000000000000000697036746e6c30000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000003b00020212000000000000000000000000000000380178010000000000000000000000000000000000000000000000002800727066696c7465720000000000000000000000000000000000000000000004000000000000004800686268000000000000000000000000000000000000000000000000000000580000000201040009000600ffff010005000010080009000400000000100400e2008000f8ff010040005443504f505453545249500000000000000000000000000000000000000084000000ffffff7fff7f000001000080080000009a530000f7ffffff3d7300000000000000000000000000000000000100000000000000000000000000000001ffffffff0000000000000000ffffffff00000000000000ff00000000000000ff73797a5f74756e00000000000000000062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000006700fa0411000000000000000000000000000000f00018010000000000000000000000000000000000000000000000002800727066696c74657200000000000000000000000000000000000000000000060000000000000028004453435000000000000000000000000000000000000000000000000000001b0000000000000000000000000000000000000000000001ff010000000000000000000000000001000000ff000000ff000000ffff000000ffffff0000000000ffffff00ffffffff73797a6b616c6c65723100000000000065716c00000000000000000000000000000000000000000000ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002b00080010000000000000000000000000000000c8000801000000000000000000000000000000000000000000000000400052415445455354000000000000000000000000000000000000000000000073797a3000000000000000000000000001000000000000000500000000000000fe80000000000000000000000000000eff020000000000000000000000000001ff00000000000000ff000000ffffffff000000ffff0000ff00000000000000ff73797a5f74756e00000000000000000069706464703000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000002b00ff0268000000000000000000000000000000c800f0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x718) keyctl$dh_compute(0x17, &(0x7f00000019c0)={r3, r4, r4}, &(0x7f0000001a00)=""/157, 0x9d, &(0x7f0000001b40)={&(0x7f00000001c0)={'tgr128\x00'}, &(0x7f0000001b00), 0x31c}) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000140)={0x0, 0x7f}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r5, @in6={{0xa, 0x4e20, 0x3f, @mcast1={0xff, 0x1, [], 0x1}, 0x3}}, 0x7, 0x3, 0x7, 0xb9, 0x2}, 0x98) 09:01:31 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x33000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:31 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0xffffff7f], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:31 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x500000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:31 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81) 09:01:31 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:31 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x34000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:31 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x6dd8, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:31 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000000)="295ee1311f16f477671070") r1 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={0x73, 0x79, 0x7a}, 0x0, 0x0, 0xffffffffffffffff) r2 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000000)={0x73, 0x79, 0x7a}, 0x0, 0x0, r1) r3 = add_key$user(&(0x7f00003bd000)='user\x00', &(0x7f0000a00000)={0x73, 0x79, 0x7a}, &(0x7f0000facfff)="01", 0x1, r2) r4 = add_key$user(&(0x7f0000fc0ffb)='user\x00', &(0x7f0000752ffb)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000001940)="b3", 0x1, r2) keyctl$update(0x2, r4, &(0x7f0000000780)="df02754689212dfc3e2acc26fdc3ff864813da494137e175e9f2780ac5e2a09f43a1fcebf272a5a135de92bf4a9033933824f6e6aa023895117054ac2f1c00ad642733d9f84eee66d20e0f2751e18774fc2227cbb60fc68b143963541844fe7d4199d50e69010000006164c8f3e1181e6d50986cd98a5c44ac0ec3755bae750fe9a073eadeb27eafcf10d82f9aa122e7dc2faed85adcd88ca30e07000000002d94defa187e48b89efbbbcc9b9a9aaffce4e9149e5d3aa299f97c682a404ef6b122", 0xc1) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000880)=ANY=[@ANYBLOB="6d616e676c6500000000000000000000000000000000000000000000000000001f00000006000000b8060000f0030000d8020000d8020000f804000000000000e8050000e8050000e8050000e8050000e805000006000000", @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e9ffffffffffffff00000000000000000000000000000000000000000000000000000000000000"], @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180160010000000000000000000000000000000000000000000000002800686c000000000000000000000000000000000000000000000000000000000204000000000000280069707636686561646572000000000000000000000000000000000000000008830000000000004800444e50540000000000000000000000000000000000000000000000000000ff010000000000000000000000000001ac1414aa0000000000000000000000001a2e060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffff00ffffff0000000000ffffffff69666230000000000000000000000000697036746e6c30000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000003b00020212000000000000000000000000000000380178010000000000000000000000000000000000000000000000002800727066696c7465720000000000000000000000000000000000000000000004000000000000004800686268000000000000000000000000000000000000000000000000000000580000000201040009000600ffff010005000010080009000400000000100400e2008000f8ff010040005443504f505453545249500000000000000000000000000000000000000084000000ffffff7fff7f000001000080080000009a530000f7ffffff3d7300000000000000000000000000000000000100000000000000000000000000000001ffffffff0000000000000000ffffffff00000000000000ff00000000000000ff73797a5f74756e00000000000000000062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000006700fa0411000000000000000000000000000000f00018010000000000000000000000000000000000000000000000002800727066696c74657200000000000000000000000000000000000000000000060000000000000028004453435000000000000000000000000000000000000000000000000000001b0000000000000000000000000000000000000000000001ff010000000000000000000000000001000000ff000000ff000000ffff000000ffffff0000000000ffffff00ffffffff73797a6b616c6c65723100000000000065716c00000000000000000000000000000000000000000000ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002b00080010000000000000000000000000000000c8000801000000000000000000000000000000000000000000000000400052415445455354000000000000000000000000000000000000000000000073797a3000000000000000000000000001000000000000000500000000000000fe80000000000000000000000000000eff020000000000000000000000000001ff00000000000000ff000000ffffffff000000ffff0000ff00000000000000ff73797a5f74756e00000000000000000069706464703000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000002b00ff0268000000000000000000000000000000c800f0000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x718) keyctl$dh_compute(0x17, &(0x7f00000019c0)={r3, r4, r4}, &(0x7f0000001a00)=""/157, 0x9d, &(0x7f0000001b40)={&(0x7f00000001c0)={'tgr128\x00'}, &(0x7f0000001b00), 0x31c}) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000140)={0x0, 0x7f}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={r5, @in6={{0xa, 0x4e20, 0x3f, @mcast1={0xff, 0x1, [], 0x1}, 0x3}}, 0x7, 0x3, 0x7, 0xb9, 0x2}, 0x98) 09:01:31 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:31 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1100, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:31 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:31 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4020940d) 09:01:31 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x9650, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:31 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x400000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:31 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:31 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c80) 09:01:31 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:31 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:31 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000010407031dfffd946fa283000a200a0009000100010800000c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000080)=0x6, 0x4) 09:01:31 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0xffffff80], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:31 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x5421) [ 712.716467] netlink: 20 bytes leftover after parsing attributes in process `syz-executor1'. 09:01:31 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x10000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:31 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x7968, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:31 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xb00000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:31 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x34000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:31 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0xffffff7f], 0x1}}}]}, 0x70}, 0x1}, 0x0) [ 712.776928] netlink: 20 bytes leftover after parsing attributes in process `syz-executor1'. 09:01:32 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:32 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000040)="0047fc2f07d82c99240970") unshare(0x400) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xa, &(0x7f0000000100)=@req3, 0x1c) r2 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$IOC_PR_RESERVE(r2, 0x1261, &(0x7f0000000100)) 09:01:32 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x5460) 09:01:32 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x900, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:32 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xf898, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:32 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:32 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0xfbffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:32 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x200000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:32 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0xc0045877) 09:01:32 executing program 1: r0 = getpid() r1 = syz_open_procfs(r0, &(0x7f00000002c0)="2f6578650000000000049b840572137291be10eebf000ee9a90f798058439ed5e901d2da75060002acc7edbcd7a071fb35331ce39c5a000000080000007c54ecf16b46e8f5eb845f06c2b4833f0f84b356f039192806008f7ce66c7288410412f83962fc4ae2805c44331afe5705952580b49acad4596489f4455f2cba58ee6d298147dfab3256c742c1b69f67793dfd6a9b4db888e646223be7fb8b2717202ea956118f193fb8ab5dd2c0fdaf9716ed51bd15d81d43b89e1cecabcba5d2e62f5b3ec8667778db1218b7bc16e0571138971db98e50262419de58d747295da8aebc0f7f7f5680e4d3eeade20a2d3e420b354561803109549e4ef0e1b55691030039ce36a24837297a9b9f7a674b065f6f33f02b4ff484f04d8bba269191d364ec5ac1383d9ab7460d2a89938fb7600936d99b6a7926fafb27e09600c5030b051d15119f710af1a0") getpeername$inet6(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, @remote}, &(0x7f0000000080)=0x1c) getsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000100), &(0x7f0000000140)=0x4) fgetxattr(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="58080037bf2f"], &(0x7f00000000c0)=""/2, 0x2) 09:01:32 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4800000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:32 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:32 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:32 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xa7a8, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:32 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3b00000000000000, 0xffffffc0, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:32 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000200)) r2 = syz_open_pts(r1, 0x0) read(r2, &(0x7f0000000300)=""/1, 0xfffffef8) r3 = gettid() timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) r4 = dup2(r0, r2) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) dup3(r5, r4, 0x0) lremovexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@random={'osx.', '/dev/ptmx\x00'}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r3, 0x1000000000016) 09:01:32 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0xc020660b) 09:01:32 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x40030000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:32 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0xffffff80], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:32 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x68, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:32 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x56b8, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:32 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x5450) 09:01:32 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff50, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:32 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:32 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:32 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x5ddc1f5c5c000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:32 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x40030000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:32 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x6c801, 0x24) umount2(&(0x7f00000015c0)='./file0\x00', 0xb) ioctl$KVM_GET_DEBUGREGS(r0, 0x8080aea1, &(0x7f0000000180)) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000000)=0x0) ioctl$sock_ifreq(r0, 0x8946, &(0x7f0000001540)={'ifb0\x00', @ifru_data=&(0x7f0000001500)="e5ffc8031c01ecba3e6a2864b145db98e16b00bd0810a2e398272798755d75e5"}) r2 = gettid() r3 = accept4$inet(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0x10, 0x80000) r4 = openat$md(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0\x00', 0x80, 0x0) sendmsg(r3, &(0x7f0000001480)={&(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x1, 0x3, 0x3, 0x0, {0xa, 0x4e21, 0x5, @empty, 0xffffffff}}}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000280)="b654db1f2e3c91eea9f6b3695da5a941e6a0c73efaf32f8a1d9d6093fb8880b602f5b3f7331666060ad6d7fa5d586cab796ddd391e9b312ff89ef273f0b3c85c09b958ce3ef5394ee15af706a697a1515f444f338b95d66d787b8dee505fc807aaae714e6e2aecb9554bb6b30b950e3a32c111ec8416ba6dd2ed83d34e15b2ea6fb09f", 0x83}], 0x1, &(0x7f0000000380)=[{0x1010, 0x116, 0xffffffffffffff00, "66a3bb3072bfe29490edaa825b6726d55e6dcf775b26c9c8e897f7b00f075ca70d65de4a7542248a06e3aed85a67fbbbe52087d351fe5c83a74c81f1a46b8b97764042cfb46ac2ae1862873971eab7cc6c4fd409a80a0d52bcb6c48fe00b7b0ebd6e88b8f9667d105c37d20cc9e326d9291ac81effd7c1e903f783457e7d0f248c454e6dc921f20a19ec6dc0035db80add09f0137074fd907ea0aa8f5bcfa32d360a5f6c8bb2779315957843c32337b40f580a5f1a4cce7cbabd9a2edc964de12da2a8c78be8b70f644c4715e5257215ca44071df1a7ac663df449a8c0cb65c60399a8070fbdf12e4fbb330636b4a546245320479463e681ba1bdd29dc5baa9e919de0120cde1c2c711dd966dd4d83ed20c46cefbb42e65e651f250d3bd569b856c8da50c3fb4a79e3e2fcef87a17711c0072b77d0738827f924b9be29b58e69bf24696593c179acea2b7f8545105745f63c53bc2885d8c6eee6fd23b7812c44ec79c6e6afa1a32960dcc0a6922cc42a4aa860102959bb34cebdbff37c6fe6eda4e3d6e7767199cb80fb91d79572aa91ddd2d6c1ecd44628d29cbfdaf9f834bdb677681f27b1e917a7421ab361cf530309499dd825bbc90ecceb99624b28b18d4efe87331219c9dff2c9f004685f4da2bc4cd1e4587a91aec3cea9edbf270b12dc093efa4d7cc44ac6d1f0d12876cd5b79faccbe6d15c8c80649188b72e12d13235e72bb78c45c84732d0b90f2396463f65fdbd64c5bbf762477c470072facc83d535001c528bb62ec536f84d64380182aa537053c7d50953097ee91fdc1d43922ad8b42313e4675abcd73cf7113243f084fbdd4874eb3d36af1f1badc7deebee8b26dc67c0b1969b49869598add568ab1bbf0210c78698bc0578cd0aeefd4d28f29f3d6534de3c2187c95195a782acc0e2bb728e5d2f5401701ec3643210a20d220a28b2cae825e8a5ad530c4b1c5a10c8b80112a3404a5ce6bd1fbbedddd10719201963ea2cc26469ef762457102daa7161d870ad402cdd6760f6f827884dae70aba9b064b84ab9a318ead4b7731e91ccd1daf6f4a0c42ea71604ba1cca40465d8665771e4a8dd5e7f8cdcaeaa953d6b2ebd8c07474016420e5be727401a91069f2667be036a24c36b8da9957a44770c447142a9728ff85635fb30503b0a83b1d2ac46c32eac9f51639d2446a308f98d42f41fa617bf009088f74f2a1bb1b6dce961cab2a37a24f04357cf07606b0e8255a12809626a7e88daa6a52ef496ad538c0cb31d56f24c6ebd461471260094d9bba0c349db75dde7d13bbecee8e1eaf077914be95f7fdf6c978632479b66005d26dccb1104757144877d8db2f1f5b11ad37130b2cd5e64828e126427830828b8d2a22aeffad69ae3059173d12b5fa7be7efe93f8a3a082c8684ea4e12d0a61adbecba66f4c735647590b88a57f34e76184ec44605862b3840524c11bf4cfae4d02b18c133af374c8f7e1d8046037e43bf361d0a5d12633df3313c44774e2d6ded8847fe150b12ef26d594cd0a18c21814b3fbebe6ebc55c9460723a71e96847e7e90195c8bf6b3e969ee100574b62b57fffe6de4029c332d9c19e9888e7fa815b8c0ad2572199f9cb4b35ffeb428a862d3576751c4c456d2f85f7ce9ae0cc0528b9248316dec22e45c4f44d6455f234264fdd202905020ab5aa1acd2f328e939ad4c18999d32ead05d5163b035594eb3cbec58d62b6d2a0aaee0086a097ba66d0af57da91c591fbb0f5ec053fb559752aca8f577d3bdee17791eecebfcf76dd375a6e366eee4b784b59f91c5eb4ddd814f4af755f2aafdb11d8ad0396b204173e295177965fe301f5600e39ff80441404e98f02edf603a13bf59264a073adffb587a6ca4a89efdaaeea2953dcb4ecae099738acb65fb4b5f811aa4c4018aa9ee9ffbae09cab0a7c62992a8ef4c22fb5de5d502fe0468543275459dba9bb1225a148c06b52418de4189844129a22086483c1f7eb19096dc0a295e49d9432b35edd31500dae1bd1a8ccd28afb8f332be92ffd25577dd0d3d86818195e7de3fed663784a3eac190e1a9a2a9cbc884a905d39a77febc14c2232d282c58c31b44dca355f3f5bb40aaf604b0530ffc01b6cf337abe12d49b69c7dc0224cfe654902f53f370f2d0edb1a4c05337edd5cce6e8e565c19042e6ce504f0be7e62c2becab035e1a5bfccb63ef852faa3cc12f1c3b15e41248e5d7c980bf32bb2766a721bd14e27888ea0479443fa4332b51a9aff95df9ec7310452b6766f89384c2472cfb89ac40e2d73ebc43a56b0abf23f9e9ec2ddbe35c076b7e35aceaebad9cbffa6ffe0e71e93cf279314c134e4afdf280ed15bce432d8dc57f811544dcbb50c78ff5eccbc00cf63be894964752eea6664ad812d91d46e9736866093f1cfcd4e77b03c23182ee06d90f6a77492860a9e0a96ec65a468a686f4bd7ec28c315a482cbfbd93489d71d5b35ed7e1872b0cecc4a6affbbc45b97f977cee632c3cbd09c1095ac5c3f080c1be4d242b46fa154678d39350c57282210d5cfe62ff09e0fdb61f96317e5a2d75d09faea06e981b857aa076efb6f1876af66d9d653715453dd68a460a62bb643ef685901df30f23bc3f7369bcd7f05ca8f391bd5e901f274916826f03dd5261f4fdaf1c058958701024ae4bd3a395d4823c6e612f3b432a443b5ccec3f35dc1059c9e8bacce8ba6a1013abd97fe9fc89d2c8cf1a639985238d17b46902989da77da02e7b4ea8a9704d65998d1578766cbaf1e0b64083a30750f534c7cdb9a9f1f3efdb0f23ce11cef4ad5951225173248c2c36cec124c22bcc164aa786b5a8dbe6536470203b5d37ace75fbdc12fa2d08b2be88362a616e3822b27ac5fb9626769924491712e430f0c754082c1b3acd8dff44cea5c02ed85433de0a18f4af331202b6ffa72dc88d8a028aba0e303a6eef98fdc7daf932b360621ef56ae471313160fa1df1743316fc0c0904041d3756cd05d287b4edda63b4eb9367daaea7de0d4cb4e4f54c65ec0e31fbe83094203930454cbb04ecb6845dbc280c662fa0613871c19d0b6cfd7247805041e00cd8348b855cd146d43433c75f151c3620e9a442e16c3124d18b4101312f75320339ce05de40fa7a38acd2c4006005d9b42ec6230e548915242c331a613d2f30d9e3061e54ebe89c9fd8a1165f49e307fb6209ac7a0ed6ba37103ea2a9d6218faa4436e5b7778b95cdb9c24c7a2d41b8dde15dec91fc22fe6415c7d3e5a3df0c996a2d5dfdfab73ae7e033a8a10477205bfba75e84a6b9602ccbcde2eb2043af809a3628d081798bd98710ba49bf1d03aba110224e70df4f05051e78061119b1b09ef1c8ad4f5e4a2d323dd80566cfc7f59df8151a29fdcdae0320db877fe32c4c30c8eb6a4a16e4ff2d63a22dc82d668ac19509cff3ec2a9c073cfffd3217c357b60a57a50f27d421b23a49d2c65ba39b70162b101679c456f8f0733bc9d2f4277c9298d39fcbc243f9d45884a0335285652ecbb5fa4684d3a8bdf7724c33a86e89b002917084c5584f716e772f01228d9be8a3bce098b628467aa2511de0e2a6c40035386bb410538948101ef0664a1885bb10e79e2b751f65bd99a513fe994044ad0c0a9c602a38958ad6263220bba739896c5aaeedf31c03d07e7d37169d388e446a21f193ccad4e878e479699af090e599b5f17837c41ac02df2f459c30fdd9a9c3e0d6a60ab0743e412a81d71548d6148aecf766712f5d23042c0d93ea01c22bf75ae9cfbefc875854ba9297d8db7f43cba269f244ac8db7652de8d65da1f9b12e0796cee55c50689e1df29dfc3488e76b52c2009c0837ae4652d7cb78daf23e1bfe97ca679eb9addc06a2a3809b0589de4db7941727300706546dd0c772be95731870ff323b5705791f7eb26248d0c122c42e7cf0c2cb96f1bfb8100dfac2266eff8e276dea5b0dd9b86d5400cc4a07e1a2698f869b958b7a3f93226a83e78a9951e1186422f229bef9aaecb3c80667bc6094b285576cafec145663f99ead57de57424b8cccbd1930c7613e1200413abe79f7abcadcecf13165682544f340f31013eaac503603f97d0c71fd7a125bc53bc002d40b1f784724e4098d717f75341285a4314e516205c409a42eefe5a921b09e144afb8ac96a4374fd41187311a8134c1bf4cbccbd4700254beb82ffb11b009ee7e6d4eb7bc86eb037a44d9a265195bab00d2dcf450fb3ad219ec016d3085845fc64786abf95345be9ceefb164f1f329649b93448bd234ce81d45b8808c86467059b9c3a775702ab3741091953276731ec039da2fc1569b71a5cab7e10ed368479527d65dbce49a28a627c7c5ee3db816d2bd37f70ed101b72e6a8cfb1b340949866ec0cdfe99b0a2c535b3d7909f82ce4590bd4c8da261c1578f094865114beeff873d3475f6a4da743e4d7007772292e08ff5425fc1021ccb23ec9af50daae3e60ccb5f49d9e900b0b3dbebf67d0d8202d0da0aa4f6e5604c434aa08e18ec172984e5122e083fb2041667d2a1442a131e0f74a1157b1d90dad4a26ccad072bcf983678ce9c7746c27be95ba875fcd645f196482abcf2f0874cec24afb13e8c21213c8bf24a3cc1410ca08342cb624215ba6000c3134fc7f2c2aa6ff430945d1ba84820fcf1ff1da5df75543a37cffb35ebf7eca21674f54933769201be7a2a32890bd5514367408293369ebc2cebcd4ee0f13612b7d4ec450bfd82063d3093158453038676427dec3a59676425ccb194caa14412580919bd8f9c2bff9bce27a8d51cd66ab99adf2c2373b2bbf450a2e55ce3cfe02018d8a1a8102fdee219dbb9b4a394dfa03ca4443636265449a2bcc7a282bfdfb296487dbfd344257bc8658aa68479509763c4b9fe62e201e639d10cff650b6b52a7e4393241a8b7e88d3a4dfcbde33c43bd1aff51a18b19dcc0f2d820cf39714ba9e9433c8e4421e435feab50110f904ea1fc7df8cb6258c136e3be6f739f91b753e0ef30f14aa4f269768c11452a6a06874c080b35bc17087daf51e6740668fc174b0927de27703ad5b6e10ad673b411c6ac9996ce9ce496782a37605851e404f189de43aa09a61572e732c74bb1cc4712bebb35bc6273fa66942fa8c9ded6bb45c35147c26230c98cd14c3005199b1404405bc6a9ef5366cdba2a457719ebd471b53bd7a183a0f178caf563c2bf9e2ac3a33a1e256f12b96387078c331381efbbaf8aed06e8d994de3a22b4af62a97abdc39bd8fc4d4d1ea7adbf957a4c5477b3793daa93e93415a528ca80d2ac6ad69f4f281e0a41202912bb424c50e3e04c6489cd3d1a50dbf38bfe52a5d6c3d610dcb4f481fa4dacf2bc562cb8f1bb5efea5a6c1b2a3d444e782a87c0cc0958014b2732156ad1c5ee6949b57835b57811be095fa533101691f344d48885f43a2df43d9c6f283869c6c111ba878520130a7014ef885bb7d4d23229a4c73eb4b9b20c632957fc6ecd4095787a293c70ec41b0e058165a4b1930757813c77c9c5cfd6d8eaa2c79cfd9900c4c2bc441ca72f0f094d74d159aaadcd900043361ac95c5314f44972765eaf8bbfc7aae79ad577731709ae38a02bac424c780c5a90ba8ac46da7e9e4546a0da5457204c4f8c1bab2947a533703fbe91b465082db6ce406ee56df9cb05c4edd85b88b85ad4fb3cd83af41f8384de9233a05cb6fe6e030831cf0a9c003636f997db053a1d564b5766d595973c8c520c9745846fcb1314153c1c35ea42395a4bb7db88fa7e1172ce828f8eca663ff6504ec21e1971567989a3f35dfe6"}, {0xe8, 0x11, 0x101, "8e4cc987155437a56ad16bbc6bb987e34fd1a37f47c4e7133f8407e109c0137d02ef01b66387ca6adf3e80e398e7bd31154c681710b621bcb910b7a968b17d31c2e721e11281ee0d376fb7a6cc93b8d1b9f5bca3e4426e3e4126f8c7609c87ffcd4dddf337f37b1d732173f28ff598661c8a31d23e6b9b132612d67b21d5396675cf87beefac468534997792a20add93d6bff3ef41fc275762b7d67195faf458b877a492b73e34fd40564fadee476deedd9026e95f1da760a286c10d58a3f9621f3fcb7b96c6eb3d0377b8d20850370d30"}], 0x10f8, 0x200400c1}, 0x8000) kcmp(r1, r2, 0x7, r3, r4) ioctl$KDGKBMETA(r0, 0x4b62, &(0x7f0000001580)) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) openat$rtc(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/rtc0\x00', 0x20040, 0x0) 09:01:32 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff58, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:32 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x3408, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:32 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xa00, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:33 executing program 1: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff58, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:33 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x50f0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:33 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7b, 0x0, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:33 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x4000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:33 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x100000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:33 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0x0, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:33 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x0, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x7, 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r1, 0x40405514, &(0x7f0000000040)={0x1, 0x7, 0x4, 0x0, 'syz1\x00', 0x3}) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000100)='fou\x00') sendmsg$FOU_CMD_DEL(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r2, 0xf34, 0x70bd26, 0x25dfdbfc, {0x2}, [@FOU_ATTR_IPPROTO={0x8, 0x3, 0x6c}, @FOU_ATTR_TYPE={0x8, 0x4, 0x3}, @FOU_ATTR_AF={0x8, 0x2, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000040) ioctl$PERF_EVENT_IOC_REFRESH(r1, 0x2402, 0xfffffffffffffff9) 09:01:33 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x74, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:33 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) prctl$void(0x15) r1 = socket$vsock_dgram(0x28, 0x2, 0x0) accept(r1, 0x0, &(0x7f0000000000)) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 09:01:33 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0xe, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:33 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x84f8, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:33 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4c, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:33 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x2000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:33 executing program 1: r0 = socket$inet6(0xa, 0x806, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="025cc83d6d345f8f760070") r1 = socket(0x1e, 0x1, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000001c0)=@req={0x80000001}, 0x10) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000040)={{{@in=@dev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6=@ipv4={[], [], @local}}}, &(0x7f0000000140)=0xe8) r3 = dup(r0) ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000000340)) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) sendmsg$can_bcm(r1, &(0x7f0000000300)={&(0x7f0000000180)={0x1d, r2}, 0x10, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="010b0000000000009155000000000000", @ANYRES64=r4, @ANYRES64=r5/1000+10000, @ANYRES64=0x0, @ANYRES64=0x7530, @ANYBLOB="0100006001000000630922918e8249b1d67e06ae00f0e5debbfaaf7cdc03e7b8a6d25ad652223bd90fe7da141f813daa62edee3f012309747453a870b26c99528dbff4aae5b5128c3ba554ee86"], 0x80}, 0x1, 0x0, 0x0, 0x8080}, 0x800) r6 = socket(0x1e, 0x1, 0x0) setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000b89fe4)=@req3={0x10001}, 0x1c) 09:01:33 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x80ffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:33 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000040)={{0x2, 0x4e21, @loopback=0x7f000001}, {0x1, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}, 0x10, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1c}}, 'bond_slave_1\x00'}) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 09:01:33 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0x0, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:33 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x400000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:33 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0x600000000000000, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:33 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xf2d0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:33 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x400300], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:33 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x2], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:33 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x6, 0x80) getsockopt$inet_dccp_buf(r2, 0x21, 0xcf, &(0x7f00000000c0)=""/62, &(0x7f0000000100)=0x3e) bind$inet6(r1, &(0x7f0000000040)={0xa}, 0x1c) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) madvise(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4) 09:01:33 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x22) sendto$unix(r1, &(0x7f0000000040)="e3ba", 0x2, 0x0, 0x0, 0x0) 09:01:33 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1f000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:33 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0x80ffffff00000000, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:33 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0x0, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:33 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x80ffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:33 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 09:01:33 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x400000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:33 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xfe60, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:33 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0x3b00, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:33 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7400000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:33 executing program 1: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000b5ff1)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000000040)) socket$inet6(0xa, 0x1, 0x0) r2 = accept4$inet6(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, @loopback}, &(0x7f00000001c0)=0x1c, 0x80800) ioctl(r2, 0x4040008912, &(0x7f0000000140)="29d7e131de86880e1ddf9fa96c1f160577651070f20e0467320b1cee94d7daf954953f7edef5cadf09ec3ca30c668e1dd9869699da4ea334b26c6fa4af00") ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) setsockopt$inet_buf(r0, 0x0, 0x2f, &(0x7f0000000080)="e18d967fe7f8369a7bce5497bcb8739d24844290d5c2597737520d39ed02d405c3a36b1e10367c49773a29791dd2100da0fdb3ad88ffa1c9af171e0c1c8ec4a4", 0x40) 09:01:33 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x440000, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x40000, 0x0) ioctl$KDDELIO(r1, 0x4b35, 0x7f) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000040)=@assoc_value={0x0, 0x8}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r2, 0x2}, &(0x7f0000000100)=0x8) 09:01:33 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x2], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:33 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0x300, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:33 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5c5c1fdc5d], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:34 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) [ 714.857980] Unknown ioctl 19253 09:01:34 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x5c8, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) [ 714.880327] Unknown ioctl 19253 09:01:34 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:34 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f760070") setsockopt$inet6_tcp_buf(r0, 0x6, 0x1f, &(0x7f0000000040)="6a2d6bb4b7f24a18ee67921f89774d7557aebc70fe8c9dfad9ff", 0x1a) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$FICLONE(r1, 0x40049409, r0) sendmsg$nl_route(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)=@mpls_delroute={0x20, 0x19, 0x1, 0x0, 0x0, {0x1c}, [@RTA_DST={0x4, 0x1}]}, 0x20}, 0x1}, 0x0) 09:01:34 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0x8004020000000000, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:34 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r1 = dup(r0) r2 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x7, 0x80) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000040)={r2}) 09:01:34 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0xfffffffb], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:34 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:34 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1f00, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 714.984290] netlink: 'syz-executor1': attribute type 1 has an invalid length. 09:01:34 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x6248, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:34 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:34 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000000)={0xfffffffffffffffb, 0x48, 0x100000000, 0x1, 0x9}) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x400100, 0x0) ioctl$TUNGETSNDBUF(r2, 0x800454d3, &(0x7f0000000180)) ioctl$sock_inet_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000100)) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)={0x81}) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x101800, 0x0) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x40002}) 09:01:34 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0x8, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:34 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000400)={0x0, 0x1, 0x6, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}, 0x10) r1 = socket(0x11, 0x100000803, 0x0) r2 = syz_open_dev$tun(&(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x20000000002) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={"6966623000faffffffffffffff00", 0x5002}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000280)={'ifb0\x00', 0xa201}) ioctl$TUNSETSNDBUF(r2, 0x400454d4, &(0x7f0000000040)=0x3) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000180)={0x0, @multicast1, @remote}, &(0x7f00000001c0)=0xc) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000200)={r3, 0x1, 0xffffffffffffffd1, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}}, 0x10) io_setup(0x469, &(0x7f0000000100)=0x0) io_submit(r4, 0x1, &(0x7f00000016c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000100), 0x3f000000}]) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={0x0, 0x1, 0x6}, 0x10) 09:01:34 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x5c5b311ff2], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:34 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfbffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:34 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4c00, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:34 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 09:01:34 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xb90, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:34 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0xffffffff00000000, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:34 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) dup2(r0, r2) dup2(r2, r1) 09:01:34 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0xf21f315b5c000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:34 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4000000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:34 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg(r1, &(0x7f00000000c0)=[{{&(0x7f0000000000)=@ax25={0x3, {"4d798036c8be1a"}, 0xfffffffffffff801}, 0x80, &(0x7f0000000080), 0x0, &(0x7f0000000200)=[{0x100, 0x10a, 0x40, "c86097b4628f83ae008601be29d6555a2c4ee8092319c898c4a3e5b12b82eca0bee8ad58c62c64e2f032bb5d2c509a11f79e1cfb92f54ba166b4ba59c2dc81e1bba27a68c07c4e8eaa8fa3050354f48499a2d621926f627b4882d18d723b6f3cbac0a78bc10c4491b5b3e21e64194b45c408a8c620f257348b2b4f0a360367e462144252388a999de63e80ca636b477b2c8ad96be5c3150358e45449f86fb99a68be69eb4c5d3cff07f08784109d275cf82dd1b464493f312762d08dbb446a2da5918768442d8866f37004f66f088260188af10ebd8c0d3258a89fae5a5b342b0215f651d0269c9aeb52d9"}, {0x98, 0x11f, 0x1ff, "964cb0c4a6641025cf7a84d7ceb8f3d9d6a18ae72516c4cfe7bb0e87e150c8f241c75f427b3c45bbd4986f8baa73ec1c46107946579ce77ffb997574cd5a151695a4223cb1b91d5018eff5bae43309c7ba0851d13f26a5c37fdb7cec060e873aba45b93006bb91439f3add916604a61eab99c2227f2fb06d2c7b87c1fde437c9c8e5"}, {0x60, 0xff, 0x2a6, "4a26163288a4a0c84c1d3399759145c08360d091ea3bf68f700739030e3151fb35ee4bded51f33fc3bbb77ba6a7bdfd8d82b6ca0866e64fe70c1e075a72543f12e1764a9d0459ff7f32c9b91c5"}, {0x110, 0x84, 0x6, "95d5c1b6c897a1274a41611cbea45781d03fd6f8c8d56eba0b6353004b32573b39440e13b0cebb5fb0b7e90cc8aaf7412f93a05de23270e876218a18f9d2d42aa9f687a07ff834127b6ac02ef086c71b9f686c33b561f879ca54000f2a20e1db51de93466e894bc2ed4d91ded5b01bad64db6bddbd398efe1c1e80eaafc0ae1c8408126d231790de7b89bd87c1bc03e2065b16be92874401ab2f9c6bc1914aeea46bd06e55d9d44eee62c627fb8342d616555882c7dbc8e5385aefb0dbd18b4b8121aa08bfad01360d944e2def7496ed90ea1409aa0f25a0a0b3767d711d6b485ba238f57b1e462b87236a8ddf4fbfeb87af4434ca893cc817"}, {0x70, 0x117, 0x8, "c46f655d022c65dd51ed41a20386eb6044ba0012ee4ff189da3eb732c1bb1848625bf1d2b768d960a00641818220a9f0e9116e9937b38699c145ee699ab416fe877d89fec944322b57a02b7007f19e889d19d690352276d3936e48abb3"}, {0xd8, 0x11b, 0x3, "4386de8ca1d2d0272a8575c21275013b5842105cb60ff7568c39a8d33348d8f928329e722f447bfe4f20fe7f1f4c16ea560213ee74984be37b3bd8a28b8cebcc08cb4da1a804785ccc1ec0f38f34a67171bd95ac194122aab92ca2ca7126e429e33b99084495cf0973a8a49da8212eb34488a18ba547d22217333feb780b10647103e04310bfec337389157a3212d803011dcc4b1661c03ceccc5854d096240ef0b56e29be2abd95014f99f8bbd5e58bf04fd35481204f8f99d632214b2c4451f822ada094"}, {0x98, 0x4099e9fc5ef6798c, 0x8, "7ce9a7c611d7074dba3fdfd7aa7ac55cd7b4855edb9f2564b551f85e1af3e22038cc98523200a55cbd2e1206624ccc5c44b766be2cf4683b1eb940df6ce44f6593ffe58e448ade99d222c7a455b2d2e36dc82b877d4028f129606351cabbe958f25d4419ddef726c85173b9ee78b80cb4b4f7bde4374a776035d1629811ed25a55"}, {0x38, 0x119, 0x9, "cffb1263aaffbbb1ca9a2cd16b674927d383940840741a1592011d90c5778babf8bedfc0"}, {0x68, 0x11f, 0x8001, "4979663e4551cfa6d6e6e8b7b55f2ccf8b94a0dec90304a506129b0e7717da767a9ee4bbf2ec7cbd0d57ad09973c29e3d0df8f9b15f07408f89ec0ad051e8dc38321c0703e4e34c4ff7e531ebb62c8cbab7eec0ab9b2be"}], 0x588, 0x10}, 0x7}], 0x1, 0x8000) 09:01:34 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40030000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:34 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x2878, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:34 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) getsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000040), &(0x7f0000000080)=0x8) 09:01:34 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x101080, 0x0) mq_timedreceive(r1, &(0x7f0000000040)=""/213, 0xd5, 0x8, &(0x7f0000000140)={0x77359400}) 09:01:34 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x2000, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x100000001, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000140)={0xffffffff}, 0x111, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_DISCONNECT(r1, &(0x7f0000000200)={0xa, 0x4, 0xfa00, {r2}}, 0xc) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={0xffffffff}, 0x13f, 0x1}}, 0x20) r4 = gettid() ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000240)=r4) write$RDMA_USER_CM_CMD_DESTROY_ID(r1, &(0x7f0000000100)={0x1, 0x10, 0xfa00, {&(0x7f0000000040), r3}}, 0x18) 09:01:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) ioctl$TIOCSCTTY(r1, 0x540e, 0x4) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000000), 0x4) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r1, 0x7fffffff, 0x6, r1}) 09:01:34 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xa2ac0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_flowlabel\x00') ioctl$ION_IOC_HEAP_QUERY(r1, 0xc0184908, &(0x7f0000000080)={0x0, 0x8, 0x1, r2}) socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 09:01:34 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0x3, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:34 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xa1e0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:34 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x5000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:34 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:34 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0xffffff7f00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:35 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(0xffffffffffffffff, r2) dup2(r2, r1) 09:01:35 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00') getpeername$packet(0xffffffffffffffff, &(0x7f0000002880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000028c0)=0x14) r4 = accept$packet(0xffffffffffffffff, &(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000002a00)=0x14) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000004600)={{{@in6=@ipv4={[], [], @dev}, @in6=@ipv4={[], [], @rand_addr}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@multicast2}}, &(0x7f0000004700)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000100)={'team0\x00', r5}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000009180)={'bond_slave_1\x00', 0x0}) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f00000091c0)={0x0, @broadcast, @broadcast}, &(0x7f0000009200)=0xc) accept4$packet(0xffffffffffffff9c, &(0x7f0000009240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000009280)=0x14, 0x800) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000009380)={{{@in=@multicast2, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}}}, &(0x7f0000009480)=0xe8) getpeername$packet(0xffffffffffffffff, &(0x7f00000094c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000009500)=0x14) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000009540)={0x0, @empty, @local}, &(0x7f0000009580)=0xc) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f00000095c0)={{{@in6=@dev, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@remote}}, &(0x7f00000096c0)=0xe8) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000009700)={@remote, 0x0}, &(0x7f0000009740)=0x14) getsockname$packet(0xffffffffffffff9c, &(0x7f0000009d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000009d40)=0x14) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x20, &(0x7f0000009d80)={@broadcast, @multicast1, 0x0}, &(0x7f0000009dc0)=0xc) r18 = getpgrp(0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x2, 0xa8, 0x7fffffff, 0x3fd, 0x0, 0x81, 0x404c1, 0x4, 0xff, 0x3, 0xfffffffffffff5b4, 0x100000001, 0x1f, 0x4, 0x8af, 0x80000000, 0xd5, 0x3, 0x8, 0x9, 0xe8, 0x9, 0x1f, 0xf8e8, 0x2, 0x84, 0xfffffffffffffffe, 0xffffffffffffffff, 0x7ff, 0x0, 0x100000001, 0x0, 0x5, 0x9, 0x8, 0x4, 0x0, 0xc, 0x0, @perf_config_ext={0x8, 0xffffffff}, 0x2, 0x2, 0xf800000000000000, 0x7, 0x0, 0x0, 0x7ff}, r18, 0xf, 0xffffffffffffff9c, 0x9) getsockname$packet(0xffffffffffffff9c, &(0x7f000000a000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f000000a040)=0x14) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f000000a080)={'syzkaller0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f000000a580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x9000}, 0xc, &(0x7f000000a540)={&(0x7f000000a0c0)=ANY=[@ANYBLOB="54040000", @ANYRES16=r2, @ANYBLOB="100227bd7000fddbdf250000000008000100", @ANYRES32=r3, @ANYBLOB="c00002003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004000200000008000600", @ANYRES32=r6, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32=r7, @ANYBLOB="130010000000000008000100", @ANYRES32=r8, @ANYBLOB="7c00020038000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000800030003000000080004006300000040000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b0000000800040000000000080007000000000008000100", @ANYRES32=r9, @ANYBLOB="3c00020038000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000080003000300000008000400d00f000008000100", @ANYRES32=r10, @ANYBLOB="b800020038000100240001006d636173745f72656a6f696e5f636f756e74000000000000000000000000000008000300030000000800040000020000400001002400010071756575655f6964000000000000000000000000000000000000000000000000080003000300000008000400ff7f000008000600", @ANYRES32=r11, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r12, @ANYBLOB="08000100", @ANYRES32=r13, @ANYBLOB="680102003800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r14, @ANYBLOB="3c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b0000000c00040080ff06ac0100000038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000080003000300000008000400000100003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r15, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r16, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b0000000800040007000000080007000000000008000100", @ANYRES32=r17, @ANYBLOB="780002003800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r19, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r20], 0x454}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) r21 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x42500, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$KVM_SET_PIT2(r21, 0x4070aea0, &(0x7f0000000140)={[{0x4, 0x571d, 0x5, 0x9, 0x100000000, 0x6, 0xffffffffffff0195, 0x8, 0x100000000, 0x3, 0x79c2, 0x80000000, 0x1}, {0x8001, 0xa9a0, 0x1, 0x7, 0x6, 0x9, 0x10000, 0x80000001, 0x4, 0x0, 0x6, 0xd0, 0x40}, {0xffffffffffffffe1, 0x3f, 0x9, 0x8, 0x8, 0x0, 0x6, 0x9, 0x0, 0x4, 0x5, 0x1000, 0x4}], 0x7}) 09:01:35 executing program 1: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x0, 0x0) mkdir(&(0x7f0000001b40)='./file0\x00', 0x0) mount(&(0x7f0000000080)='./file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000100)='jfs\x00', 0x10000, &(0x7f000000a000)) chdir(&(0x7f0000000000)='./file0\x00') r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r1, 0x8200) unlinkat(r0, &(0x7f00000000c0)='./bus\x00', 0x200) r2 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) readv(r0, &(0x7f00000007c0)=[{&(0x7f0000002300)=""/4096, 0x1000}], 0x30e) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000240)="0047fc2f07d82c99240970") mbind(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, &(0x7f00000001c0), 0x1f, 0x3) 09:01:35 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0xa, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:35 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:35 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0xe178, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:35 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x80ffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:35 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:35 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0x4, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:35 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x1000000ffb, 0x400000) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_ADD(r1, 0x4c80, r2) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 09:01:35 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0xbffffffffffffff0, &(0x7f0000000100)) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x10000, 0x140) renameat(r0, &(0x7f0000000080)='./file0\x00', r1, &(0x7f0000000140)='./file0\x00') 09:01:35 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfdfdffff, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:35 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(0xffffffffffffffff, r2) dup2(r2, r1) 09:01:35 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x8ac0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:35 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0xfbffffff00000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:35 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:35 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) setsockopt$inet_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000080)={0x2}, 0x4) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='cubic\x00', 0x6) 09:01:35 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0x1100000000000000, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:35 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:35 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000340)={0x10005b5f, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000040)=0x7) write$tun(r1, &(0x7f0000000200)={@val={0x0, 0x18}, @val={0x3, 0x7, 0x401, 0x8, 0x0, 0x12}, @llc={@snap={0xaa, 0x1, "159f", "2c2be1", 0x89a6, "2f95d2d8c8e90b9a5811eb41e2980caaf7f3a371e6e0e618b1922d6bb26adfb05d060bbb573f3142257f2ac6687aab42012064a5ce32f69754ed5dab4d12d1ba7498682a96af3fdb512721d4ac99bed5c6f03c696792b75820e4855a440afae181aa6f3af2b9230f9dbb0f095dd357cf5536a3307a67c425502c0540e7dbec5c660500429dd3fed2ce690d33301e26678b9ed1792a08c45038a0308e6e4104f1d85f6ac1122408c86b7f044a8f50cd13f25350efd86a74eeb2192bde4763c434df5f872fb1f53076e703de88051b54a0d949fd6a738d6f2e09f41a4d09bada5a9e7f7cc66b9b23ee4bf9cbb75c6fad2545fd12c90e38fbc1"}}}, 0x10f) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f00000001c0)=0x1) 09:01:35 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x4], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:35 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x1158, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:35 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r1 = shmget(0x0, 0x1000, 0x4, &(0x7f0000ffc000/0x1000)=nil) shmctl$SHM_LOCK(r1, 0xb) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x268000, 0x0) 09:01:35 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfbffffff], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:35 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0xf0ffffffffffff, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:35 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(0xffffffffffffffff, r2) dup2(r2, r1) 09:01:35 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:35 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x3f98, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:35 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000280)="295ee1311f16f477671070") mkdir(&(0x7f0000f4eff8)='./file0\x00', 0x0) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local, 0x0}, &(0x7f00000001c0)=0xc) sendmsg(r0, &(0x7f00000005c0)={&(0x7f00000002c0)=@can={0x1d, r1}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000240)="b11c249f674920ed8598f95769a47e0c6d34cd3734776efe72ef11fd80ba53288360c3dd0a470c3b1fadc2edc3696910088a52065afc402a9933494088c82a59", 0x40}, {&(0x7f0000000480)="52cb04be1352f59f97d584b38d67dcc4b1ce3247aa21a3c0a17d11f11ad70526121b2bebc20fb588853bb84a9fe956412e22c1a5d5da7cb948957e89116b053828bfebed76d89b45a9961e1bf78767d7a3819ee00657353680b8bb80d393ac83089ec801af76165df611e2661c36871e88d791adde47b841eb67eb640584850d4f7c3f3dfaebeba33629048b422fe25bfcaf7242ab342de41a7c4c313f48d4023f1b9f0baaaf7bf78d378f3b8d32b372e9a45ed95c8316f6ab6481e70b3e0ee27ae371befd5e55", 0xc7}, {&(0x7f0000000380)="d90b4d7034de13d1393ef0638919b17af6b31239793f629511a12ca704d14ab7fb081b136514c5435ceab43effde9094a2d4db1afc3d733cbce60a5a4736558a8872caeda9836f2fcc7647bf34b79a6ec9cc1c077ac58812c49fedbc438ace5750bded4341f8d9d2acda01b1b34b1eef18f3106b836fb186391da2267f4ab6ab01b88d26cc7b0f96fc16ba42ad", 0x8d}], 0x3, &(0x7f0000000640)=[{0x58, 0x10f, 0x8, "0c5878d453b68d4e3da1e0b327c4308c4e479088ffd5329ebd67158dc9db83853eb17953106fb3d08488d09da049522f4e3cdb7ca19ef23d5c5ac0a26073a6210abc5c960facc2"}, {0x30, 0x188, 0xfffffffffffffffe, "a6be44824d007ba47fb878dbffdd6147877032050ac63eea919603"}, {0xa0, 0x105, 0x5, "921513826d7da69c20400171f6f2567bffebf695ce01c6f22321e62dbb6995b2ce42dc5c22db469c6ca8ee6fabbdd983cd56bae543309bb6689084140a9ec5a70f9715973444cdb0f2d76e4a2975af92bf473b0eeb2e329ccbd70a1016c6a2bcb7ddf3e63cd0600e0bb3815c21740ec1b8e0365dcdc0b293f734c9e3e6d094cdda9aba2a0d384c13a1"}, {0x108, 0x0, 0x3, "c6181bebccf9f5e545d0645363b3fbdf13873f41d6cdcc404a751cf5fe96384e6eb05d01f7f90fd299811ed6bdb18f888dbf2bcb93e5729abc967aa533fd4140407afe57413c1451908056c5c630fad05b1fb5fb52a2f74d81c3f4cca0d5d70d515d00301ceb444cab8cf5b71259427e288c82ee9ea7496e5217fc2757e3390558beb79b62c0186d7241bacaf595979ef6a1444af9532ab35d74606edc7f572c1b38e039d1f101ee8ff9aeb9a053673f14b743998c299073def449e9b297e14e8779204ef547a6a5e9a7c468d744a46074e313bc79e997d4f31d752a8be618a19132e51b61f5b0e08e9b595ee74b7e9eeb"}, {0x90, 0x11f, 0x4, "5fc4d3badd6e61cb6370d0fa0117de835ca6b92349b2d388115c2d3660d5e1c43a8b60c5e5bf51b5f88ba684d056f1952fa7b8a3fbc85fc04e99e553ada642d06ca79753f5cddd27b9064ef27db03b888656cf1590cadedebdf7a57a57bf00e76dfd8bdaa2cd801f805ce22d9fb290d79cb1aa70fbb4007c11"}], 0x2c0, 0x4000}, 0x44000) mount(&(0x7f0000000340)='./file1/file0\x00', &(0x7f0000000440)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000001c000)) chdir(&(0x7f0000000600)='./file0\x00') r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x20100, 0x0) ioctl$IOC_PR_REGISTER(r2, 0x401870c8, &(0x7f0000000900)={0x8001, 0x0, 0x1}) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x12800, 0x0) ioctl$BLKROTATIONAL(r3, 0x127e, &(0x7f0000000040)) symlink(&(0x7f0000000140)='..', &(0x7f00000000c0)='./file0\x00') umount2(&(0x7f0000000180)='../file0\x00', 0x2) chdir(&(0x7f0000000200)='./file0/file0\x00') 09:01:35 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) write$binfmt_script(r0, &(0x7f0000000000)={'#! ', './file0', [{0x20, '+'}, {0x20, 'mime_type{-*'}, {0x20, '/dev/loop-control\x00'}], 0xa, "21974890eb3a1ae229fd3466462bac20db2b4c85327edc44eabd4eccc9f619f0613dd52f481c5091c75d"}, 0x57) 09:01:35 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x2], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:35 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:35 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0x7, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:35 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r1 = socket(0x40000000002, 0x2000000000000003, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)="626f6e6430000000ecd000", 0x2cf) sendto$unix(r1, &(0x7f0000000080), 0x9c18, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x63) 09:01:35 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4c00000000000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) 09:01:35 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop-control\x00', 0x40000, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 09:01:35 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x100000000000000], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:35 executing program 1: r0 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000280)={0x73, 0x79, 0x7a}, &(0x7f0000000180)="a4", 0x1, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f00000002c0)={0x73, 0x79, 0x7a}, &(0x7f0000000300)="848432503e1ac2bae9d92c5d144121fbb1962144eae8978bd4f065eadead9ca85fd3c49e925de4007488bf80a2152f25efb149bbddc4493ad0c625b2e5cfabf2f745b9a6586673f693fc49f3b2e10e38afb34f9befefa874c9e7033ccc0e967bec6de22d59ece236cb34ca95781888a02e9796e3342b40b123e5f81ff5e36b907efecba4cfbf634fd3fe7f546dba4cdcc4fe13ac83893eef8276820db8efd0e90729fb71a71d96dd945238acddb8375d4b349d571748902d266efb9ab909b8b6", 0xc0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000480)={r0, r1, r1}, &(0x7f00000004c0)=""/155, 0x9b, &(0x7f0000000100)={&(0x7f0000000400)={'sha224-ssse3\x00'}, &(0x7f0000000080)}) 09:01:35 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) ioctl(r3, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000040)="c4c27d1a28f04083248bccc4e3791d170066430f3a41e000b9a10a0000b8ed000000ba000000000f30c462d1bafe440f3566baf80cb88c91668aef66bafc0cec66b8d8008ec80f0118"}], 0x1, 0xfee64b5def490aec, &(0x7f0000000340), 0x100000000000024d) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(r0, 0xffffffffffffffff) dup2(r2, r1) 09:01:35 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000da9000)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x2, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f], 0x1}}}]}, 0x70}, 0x1}, 0x0) 09:01:35 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) ioctl(r0, 0x4000008912, &(0x7f00000003c0)="295ee1311f16f477671070") syz_emit_ethernet(0x41, &(0x7f0000000100)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@ipv6={0x86dd, {0x0, 0x6, "dcd50f", 0xb, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0, 0x100000000000000, 0x800e], 0xaa}, @local={0xfe, 0x80, [], 0xaa}, {[], @icmpv6=@echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, ':Jw'}}}}}}, &(0x7f0000000340)) 09:01:35 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x82) r1 = memfd_create(&(0x7f00000000c0)='nodev\x00', 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) ioctl(r2, 0x4000008912, &(0x7f0000000000)="cea1781c9068aaba671070") ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3000000, 0x0, "10dec303415fe113b503cf1ae125cffac7e0f30f657e036d8beab09fd20f016238cbff4c48bedba30ba1508f70d88ebe0a077b1bb29ee38b71b351d15ce4ec82", "c3174cfe994a2869e5662e1e2a72e0fb4aee287df2df380b95e5b25a31c8f999938bfe8bf214ff8e583ea7b0e03ff510bcddd4757451a798594da244e721450c", "a2b98fba2b259731fba7132ce30a6db82958009e4ff06da85422d63bc7d0db26"}) [ 716.721930] ==================================================================