ute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  984.944503] Call Trace:
[  984.944535] ip_tables: iptables: counters copy to user failed while replacing table
[  984.947086]  dump_stack+0x142/0x197
05:39:23 executing program 0:
open(&(0x7f0000000000)='./bus\x00', 0x10d440, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x2, @perf_config_ext, 0x1480}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00')
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_GATEWAYS(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)={0x1c, r0, 0x711, 0x0, 0x0, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0)

[  984.947107]  should_fail.cold+0x10f/0x159
[  984.947122]  should_failslab+0xdb/0x130
[  984.947132]  kmem_cache_alloc+0x2d7/0x780
[  984.947149]  ? save_stack+0xa9/0xd0
[  984.947161]  get_empty_filp+0x8c/0x3f0
[  984.947174]  path_openat+0x96/0x3e50
[  984.947184]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  984.987643]  ? trace_hardirqs_on+0x10/0x10
[  984.991892]  ? check_preemption_disabled+0x3c/0x250
[  984.996917]  ? path_lookupat.isra.0+0x7b0/0x7b0
[  985.001585]  ? find_held_lock+0x35/0x130
05:39:23 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
dup3(r2, r3, 0x0)

[  985.005651]  ? save_trace+0x290/0x290
[  985.009455]  ? __alloc_fd+0x1d4/0x4a0
[  985.013256]  do_filp_open+0x18e/0x250
[  985.017054]  ? may_open_dev+0xe0/0xe0
[  985.020533] audit: type=1800 audit(2844653963.443:113): pid=21713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=16897 res=0
[  985.020856]  ? lock_downgrade+0x740/0x740
[  985.020869]  ? do_raw_spin_unlock+0x174/0x260
[  985.020880]  ? _raw_spin_unlock+0x2d/0x50
[  985.020890]  ? __alloc_fd+0x1d4/0x4a0
[  985.020910]  do_sys_open+0x2c5/0x430
[  985.020922]  ? filp_open+0x70/0x70
[  985.020929]  ? fput+0xd4/0x150
[  985.020939]  ? SyS_pwrite64+0xca/0x140
[  985.074686]  SyS_open+0x2d/0x40
[  985.075446] audit: type=1800 audit(2844653963.443:114): pid=21713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=16897 res=0
[  985.077966]  ? do_sys_open+0x430/0x430
[  985.077980]  do_syscall_64+0x1e8/0x640
[  985.077990]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  985.078008]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  985.078015] RIP: 0033:0x415131
[  985.078020] RSP: 002b:00007fc1a18e6a60 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  985.078031] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 0000000000415131
[  985.078037] RDX: 00007fc1a18e6b0a RSI: 0000000000000002 RDI: 00007fc1a18e6b00
[  985.078042] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[  985.078047] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000003
[  985.078055] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000000a
05:39:23 executing program 3 (fault-call:0 fault-nth:11):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:23 executing program 0:
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000cc0)=ANY=[@ANYBLOB="73656375726974790000000000000000000000000000000000000000000000000e000000040000007805000000000000a8040000800200002001000000000000a8040000a8040000a8040000a8040000a8040000040000000000000000000000fe800000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000767863616e3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f80020010000000000000000000000000000000000000000000000002800686c0000000000000000000000000000000000000000000000000000000000000000000000002800736f636b657400000000000000000000000000000000000000000000000200000000000000002800434f4e4e5345434d41524b000000000000000000000000000000000000000200000000000000ff02000000000000000000000000000163c6521b3019635b932764570b3f733700000000000000000000000000000000000000000000000000000000000000006e657464657673696d30000000000000677265746170300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000379000160010000000000000000000000000000000000000000000000003000636f6e6e6d61726b0000000000000000000000000000000000000000000100000000000000000000000000000000280069707636686561646572000000000000000000000000000000000000000000000000000000006000484d41527a7e000000000000000000000000000000000000000000000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffac1e0001000000000000000000000000000000000000000000000000000000000000000073797a5f74756e00000000000000000076657468305f746f5f62726964676500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022802000000000000000000000000000000000000000000000000c800636f6e6e747261636b000000000000000000000000000000000000000003fe88000000000000000000000000000100000000000000000000000000000000e000000100000000000000000000000000000000000000000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000000ffffe0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090007372680000000000000000000000000000000000000000000000000000010000000000000000fe8000000000000000000000000000bbff010000000000000000000000000001d40e7ffa30aad9d19b31d8d9fa1748d20000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000280053594e50524f58590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff34caac29fcd632bb30a6e2442b55"], 0x1)
r2 = memfd_create(&(0x7f0000000080)='$\xf7\x97U<1', 0x0)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r2, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0xfffffffffffffffd, 0x80000000, 0x0}, 0x0, 0x8, &(0x7f0000000000))
syz_open_procfs(0x0, &(0x7f0000000040)='auxv\x00')
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000140)='net/ip_tables_targets\x00')

05:39:23 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
dup3(r2, r3, 0x0)

05:39:23 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x5, 0x40)
setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000080), 0x4)
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)

[  985.321798] FAULT_INJECTION: forcing a failure.
[  985.321798] name failslab, interval 1, probability 0, space 0, times 0
[  985.339438] CPU: 1 PID: 21729 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[  985.347353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  985.356708] Call Trace:
[  985.359306]  dump_stack+0x142/0x197
[  985.362955]  should_fail.cold+0x10f/0x159
[  985.367127]  should_failslab+0xdb/0x130
[  985.367141]  kmem_cache_alloc+0x2d7/0x780
[  985.375238]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[  985.380691]  ? check_preemption_disabled+0x3c/0x250
[  985.385708]  selinux_file_alloc_security+0xb4/0x190
[  985.390707]  security_file_alloc+0x6d/0xa0
[  985.394924]  get_empty_filp+0x162/0x3f0
[  985.398877]  path_openat+0x96/0x3e50
[  985.402614]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  985.407990]  ? trace_hardirqs_on+0x10/0x10
[  985.412207]  ? check_preemption_disabled+0x3c/0x250
[  985.417207]  ? path_lookupat.isra.0+0x7b0/0x7b0
[  985.421887]  ? find_held_lock+0x35/0x130
[  985.425936]  ? save_trace+0x290/0x290
[  985.429717]  ? __alloc_fd+0x1d4/0x4a0
[  985.433497]  do_filp_open+0x18e/0x250
[  985.437275]  ? may_open_dev+0xe0/0xe0
[  985.441056]  ? lock_downgrade+0x740/0x740
[  985.445182]  ? do_raw_spin_unlock+0x174/0x260
[  985.449659]  ? _raw_spin_unlock+0x2d/0x50
[  985.453789]  ? __alloc_fd+0x1d4/0x4a0
[  985.457576]  do_sys_open+0x2c5/0x430
[  985.461271]  ? filp_open+0x70/0x70
[  985.464786]  ? fput+0xd4/0x150
[  985.467957]  ? SyS_pwrite64+0xca/0x140
[  985.471825]  SyS_open+0x2d/0x40
[  985.475086]  ? do_sys_open+0x430/0x430
[  985.478952]  do_syscall_64+0x1e8/0x640
[  985.482820]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  985.487643]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  985.492812] RIP: 0033:0x415131
[  985.495991] RSP: 002b:00007fc1a18e6a60 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  985.503690] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 0000000000415131
[  985.510937] RDX: 00007fc1a18e6b0a RSI: 0000000000000002 RDI: 00007fc1a18e6b00
[  985.518194] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[  985.525454] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000003
[  985.532706] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000000b
[  985.593367] xt_CONNSECMARK: cannot load conntrack support for proto=10
05:39:26 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:26 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r2 = dup2(r1, 0xffffffffffffffff)
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000f00)='NLBL_UNLBL\x00')
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r5, r4, 0x0, 0x209)
recvfrom$unix(r4, &(0x7f0000000f40)=""/4096, 0x1000, 0x2100, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e)
sendmsg$NLBL_UNLABEL_C_ACCEPT(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0x14, r3}, 0x14}, 0x1, 0x0, 0x0, 0x4040000}, 0x20000800)
sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000040)={&(0x7f0000000240)={0x84, r3, 0x20, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:depmod_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast2}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @dev={0xfe, 0x80, [], 0x41}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x5}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @loopback}]}, 0x84}, 0x1, 0x0, 0x0, 0xc811}, 0x4)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
r6 = getpid()
sched_getattr(r6, &(0x7f0000000380)={0x38}, 0x38, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:26 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
dup3(r2, r3, 0x0)

05:39:26 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_NET_GET(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f00000003c0)={0x244, r4, 0x8, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0x9c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffc1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}]}, @TIPC_NLA_BEARER={0x168, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x5, @dev={0xfe, 0x80, [], 0x30}, 0x4}}, {0x14, 0x2, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1d}}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x35be}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_BEARER_NAME={0x16, 0x1, @l2={'ib', 0x3a, 'batadv_slave_0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x2, @loopback, 0x7}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x9}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e23, @broadcast}}}}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x41d2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfb}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x0, @local, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e21, @empty}}}}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffff0000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x244}, 0x1, 0x0, 0x0, 0x40}, 0x20000040)

05:39:26 executing program 3 (fault-call:0 fault-nth:12):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:26 executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
close(r0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x10000, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r2, 0xc1004110, &(0x7f0000000300)={0x7, [0x2, 0x56, 0x10001], [{0xa0a8, 0x6, 0x0, 0x1, 0x1, 0x1}, {0x9, 0x1, 0x0, 0x1, 0x1, 0x1}, {0x1, 0x2}, {0x453, 0x6}, {0x7fffffff, 0x6, 0x1, 0x1, 0x1}, {0x10001, 0x3, 0x1, 0x1, 0x1, 0x1}, {0x7, 0xb1, 0x1, 0x1, 0x1, 0x1}, {0x3, 0x80000000, 0x0, 0x1}, {0x6f5f, 0x0, 0x0, 0x1}, {0x7, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x7, 0xb05}, {0x8bc0, 0x5, 0x1, 0x1}]})
pwritev(r1, &(0x7f00000004c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="db", 0xfffff000}], 0x3, 0x8040000)

05:39:26 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, 0xffffffffffffffff, 0x0)

[  987.967559] FAULT_INJECTION: forcing a failure.
[  987.967559] name failslab, interval 1, probability 0, space 0, times 0
[  987.994189] CPU: 1 PID: 21747 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[  988.002110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  988.011470] Call Trace:
[  988.014070]  dump_stack+0x142/0x197
[  988.017714]  should_fail.cold+0x10f/0x159
[  988.021872]  should_failslab+0xdb/0x130
[  988.025833]  kmem_cache_alloc_trace+0x2e9/0x790
[  988.030491]  ? __lockdep_init_map+0x10c/0x570
[  988.034987]  ? loop_get_status64+0x120/0x120
[  988.039409]  __kthread_create_on_node+0xe3/0x3e0
[  988.044164]  ? kthread_park+0x140/0x140
[  988.048148]  ? __fget+0x210/0x370
[  988.051610]  ? loop_get_status64+0x120/0x120
[  988.056021]  kthread_create_on_node+0xa8/0xd0
[  988.060519]  ? __kthread_create_on_node+0x3e0/0x3e0
05:39:26 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, 0xffffffffffffffff, 0x0)

[  988.065541]  ? __lockdep_init_map+0x10c/0x570
[  988.070050]  lo_ioctl+0xce3/0x1cd0
[  988.073592]  ? debug_check_no_obj_freed+0x2aa/0x7b7
[  988.078615]  ? loop_probe+0x160/0x160
[  988.082428]  blkdev_ioctl+0x95f/0x1850
[  988.086314]  ? blkpg_ioctl+0x970/0x970
[  988.088354] ptrace attach of "/root/syz-executor.4"[21761] was attempted by "/root/syz-executor.4"[21762]
[  988.090209]  ? __might_sleep+0x93/0xb0
[  988.090220]  ? __fget+0x210/0x370
[  988.090234]  block_ioctl+0xde/0x120
[  988.090243]  ? blkdev_fallocate+0x3b0/0x3b0
05:39:26 executing program 0:
syz_mount_image$xfs(&(0x7f0000000180)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000010000)='XFSB', 0xfffffffffffffec8}, {&(0x7f0000000240)="c60e1ebc2ba90dff2b14e0290319af07912d2c322dfdace1a8472ad329602cb0fb65a744b8a8c64635c65801d2d72885e673ae3990098622e5999ab4d3253f94296044549ced279133cd61b773e21b07088570a44e02fd0d227c222a7c361c", 0x5f, 0x8}, {0x0, 0x0, 0xffffffff80000001}, {&(0x7f0000000000)="a09c7eecb6aa5084aee6053b1c60d880799fc2bdf731be41674f5fceff600cbb37fb0e3ae7d2321c47cefba02d60161b69714eabfe996171af2d25adf2556fa5628b14c9b6cbcf8f013b3a831a9c7b1a2489a2302b4ab1", 0x57, 0x1}], 0x0, 0x0)
ioctl$VIDIOC_G_TUNER(0xffffffffffffffff, 0xc054561d, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  988.090255]  do_vfs_ioctl+0x7ae/0x1060
[  988.090266]  ? selinux_file_mprotect+0x5d0/0x5d0
[  988.090275]  ? lock_downgrade+0x740/0x740
[  988.090286]  ? ioctl_preallocate+0x1c0/0x1c0
[  988.132383]  ? __fget+0x237/0x370
[  988.135864]  ? security_file_ioctl+0x89/0xb0
[  988.140285]  SyS_ioctl+0x8f/0xc0
[  988.143649]  ? do_vfs_ioctl+0x1060/0x1060
[  988.147798]  do_syscall_64+0x1e8/0x640
[  988.151686]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  988.156537]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  988.161726] RIP: 0033:0x45b207
05:39:26 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, 0xffffffffffffffff, 0x0)

05:39:26 executing program 1:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x68002, 0x0)
ioctl$TIOCMGET(r0, 0x5415, &(0x7f0000000080))
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0xfffffffe)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f00000000c0)=0x4)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0)
r2 = syz_open_dev$media(&(0x7f0000000100)='/dev/media#\x00', 0x2, 0x218a00)
sendmsg$inet_sctp(r2, &(0x7f0000000500)={&(0x7f0000000140)=@in={0x2, 0x4e20, @multicast2}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000180)="da9cda845d441afa5d2301a7f40217360aae2319dc81f9f784df4c0657b5fc02", 0x20}, {&(0x7f00000001c0)="ff9f66c88efd43dd4ff00a53f158f1d979bffba02c492efc0853256a65d081f1f232d0f101da7abd7c6d0df60009f2bd25a2ba57dc3722d41f11cf76703c8de3f547c0d3cc7a72240c86706c940616b9dc0c37f7b42e8d0a2ea5e8b8ad698f74d96659f472a776af7bbefb1a9bc4fedc6f6b240ac99c6ae0d63b29c0403e4b4d82f1b34ecf94e29f9c57996711a1c8c8b5", 0x91}, {&(0x7f00000003c0)="2568281a5bdca3b337ec6fcc3c7a751d3517ce0fe29cae70a88898069d57646254d39d20886a5d7aec3bb89d66df40f290aef53ebd8009439366bfc4023bc290db542c56e04254f72a6450483b4792a5e8daeea20dd47803435a10b33f6acf3199d63ff0e4f6678fee7d31a270c458322e93fa", 0x73}, {&(0x7f0000000440)="e95e3fa57c81e62e147b0f8b8e236b3e88c729144a071000c506fb974982808272570162557f45b80a5aa34c5af316c666a0af6da8e8bcd58270dd299c18e64898496b0c1fd5528104d20cf5e68e5f740d46328a6c9fbd647a0b70c4f0b8147ed1373eb879ddba82e4a9a02926fb54d0020d101a132e9b33c10516732f87271e", 0x80}], 0x4, 0x0, 0x0, 0xc090}, 0x24010800)
ioctl$ASHMEM_SET_NAME(r1, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r3 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r3, r1, 0x0)

05:39:26 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x9, r0, 0x0, 0x0)

[  988.164912] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  988.172623] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[  988.179892] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  988.187159] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[  988.194430] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[  988.201698] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000000c
05:39:26 executing program 3 (fault-call:0 fault-nth:13):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[  988.244879] Unknown ioctl 21525
[  988.253530] Unknown ioctl 21525
[  988.343057] FAULT_INJECTION: forcing a failure.
[  988.343057] name failslab, interval 1, probability 0, space 0, times 0
[  988.354547] CPU: 0 PID: 21785 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[  988.362439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  988.371790] Call Trace:
[  988.374389]  dump_stack+0x142/0x197
[  988.378028]  should_fail.cold+0x10f/0x159
[  988.382190]  should_failslab+0xdb/0x130
[  988.386171]  kmem_cache_alloc+0x47/0x780
[  988.390236]  ? save_stack+0x45/0xd0
[  988.393867]  ? kasan_kmalloc+0xce/0xf0
[  988.397753]  ? kasan_slab_alloc+0xf/0x20
[  988.401816]  ? kmem_cache_alloc+0x12e/0x780
[  988.406144]  ? __kernfs_new_node+0x70/0x480
[  988.410468]  ? kernfs_new_node+0x80/0xf0
[  988.414523]  ? kernfs_create_dir_ns+0x41/0x140
[  988.419105]  ? internal_create_group+0xea/0x7b0
[  988.423780]  radix_tree_node_alloc.constprop.0+0x1c7/0x310
[  988.429412]  idr_get_free_cmn+0x5a4/0x8e0
[  988.433592]  idr_alloc_cmn+0x10e/0x210
[  988.437492]  ? __fprop_inc_percpu_max+0x1e0/0x1e0
[  988.442343]  ? __lock_is_held+0xb6/0x140
[  988.446405]  ? check_preemption_disabled+0x3c/0x250
[  988.451424]  idr_alloc_cyclic+0xd0/0x1e2
[  988.455495]  ? ida_simple_remove+0x60/0x60
[  988.459734]  __kernfs_new_node+0xb0/0x480
[  988.463883]  kernfs_new_node+0x80/0xf0
[  988.467774]  kernfs_create_dir_ns+0x41/0x140
[  988.472187]  internal_create_group+0xea/0x7b0
[  988.476687]  sysfs_create_group+0x20/0x30
[  988.480840]  lo_ioctl+0x1162/0x1cd0
[  988.484473]  ? loop_probe+0x160/0x160
[  988.488273]  blkdev_ioctl+0x95f/0x1850
[  988.492162]  ? blkpg_ioctl+0x970/0x970
[  988.496067]  ? __might_sleep+0x93/0xb0
[  988.499972]  ? __fget+0x210/0x370
[  988.503427]  block_ioctl+0xde/0x120
[  988.507055]  ? blkdev_fallocate+0x3b0/0x3b0
[  988.511476]  do_vfs_ioctl+0x7ae/0x1060
[  988.515366]  ? selinux_file_mprotect+0x5d0/0x5d0
[  988.520124]  ? lock_downgrade+0x740/0x740
[  988.524273]  ? ioctl_preallocate+0x1c0/0x1c0
[  988.528686]  ? __fget+0x237/0x370
[  988.532144]  ? security_file_ioctl+0x89/0xb0
[  988.536555]  SyS_ioctl+0x8f/0xc0
[  988.539924]  ? do_vfs_ioctl+0x1060/0x1060
[  988.544069]  do_syscall_64+0x1e8/0x640
[  988.548064]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  988.552908]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  988.558087] RIP: 0033:0x45b207
[  988.561265] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  988.568957] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[  988.576217] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  988.583470] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[  988.590722] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[  988.597980] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000000d
05:39:29 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
pipe(&(0x7f0000000080))
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r3, 0x0, 0x209)
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r6, r5, 0x0, 0x209)
ioctl$ASHMEM_SET_SIZE(r5, 0x40087703, 0x40)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r8 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r8, r7, 0x0, 0x209)
write$6lowpan_enable(r7, &(0x7f0000000000)='1', 0x1)
r9 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r9, r0, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r5, 0x8935, &(0x7f00000000c0)={'ip6tnl0\x00', 0x4656})
r10 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r11 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r11, r10, 0x0, 0x209)
getsockname$inet(r11, &(0x7f0000000140)={0x2, 0x0, @remote}, &(0x7f0000000180)=0x10)

05:39:29 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:39:29 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x99, 0x2, 0x0, 0x0, 0x3}, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000100)={0x0, @in={{0x2, 0x4e23, @loopback}}, 0x0, 0x3ff}, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r0, 0x5)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000000), 0xc)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000002c0)=[@in6={0xa, 0x4e20, 0x5, @rand_addr="ce3911bda51ca788de61d1b41296ef25", 0x10001}, @in6={0xa, 0x4e22, 0x0, @ipv4={[], [], @rand_addr=0x5}, 0xffff47e4}, @in={0x2, 0x4e21, @rand_addr=0x7e11a1f2}], 0x48)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e1f, @empty}}, 0x0, 0x0, 0x300, 0x0, 0x1000000000054}, 0x98)

05:39:29 executing program 3 (fault-call:0 fault-nth:14):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:29 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e20, @multicast2}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x1039c)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x200, 0x0)
setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000140)="7c0d111317b1ff8ec8f29f81319ec5b10d0d003f00efd9448dbef1ffb4e3a6af87131512da528f6235fe35d3053b5cb4877c1b89bbf83f6d749d5b00679601a3abdc204cf1ad797252bb0c7b43e3e9763221cb2c8d76f824f4bea338f53aa75703f465e50e434e2193900c39ab79d37cc0ce7a", 0xffffffffffffffd0, 0x401c005, 0x0, 0xffffffffffffff36)
socket$kcm(0x10, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff})
r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0)
dup3(r4, r3, 0x0)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000440)='/dev/dlm-monitor\x00', 0x600, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r6 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000280)='cgroup.type\x00', 0x2, 0x0)
io_setup(0x4, &(0x7f00000002c0)=<r7=>0x0)
io_cancel(r7, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x9, 0x0, 0x3}, &(0x7f0000000680))
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
r8 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x280000, 0x0)
ioctl$PPPIOCGNPMODE(r8, 0xc008744c, &(0x7f0000000040)={0xc021, 0x3})
ptrace$cont(0x9, r0, 0x0, 0x0)
tkill(r0, 0xc)

05:39:29 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

[  990.998083] FAULT_INJECTION: forcing a failure.
[  990.998083] name failslab, interval 1, probability 0, space 0, times 0
[  991.009611] CPU: 0 PID: 21798 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[  991.017557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  991.026896] Call Trace:
[  991.029481]  dump_stack+0x142/0x197
[  991.033115]  should_fail.cold+0x10f/0x159
[  991.037272]  should_failslab+0xdb/0x130
[  991.041254]  kmem_cache_alloc+0x47/0x780
[  991.045307]  ? save_stack+0x45/0xd0
[  991.048922]  ? kasan_kmalloc+0xce/0xf0
[  991.052796]  ? kasan_slab_alloc+0xf/0x20
[  991.056860]  ? kmem_cache_alloc+0x12e/0x780
[  991.061169]  ? __kernfs_new_node+0x70/0x480
[  991.065471]  ? kernfs_new_node+0x80/0xf0
[  991.069518]  ? kernfs_create_dir_ns+0x41/0x140
[  991.074096]  ? internal_create_group+0xea/0x7b0
[  991.078766]  radix_tree_node_alloc.constprop.0+0x1c7/0x310
[  991.084410]  idr_get_free_cmn+0x5a4/0x8e0
[  991.088546]  idr_alloc_cmn+0x10e/0x210
[  991.092426]  ? __fprop_inc_percpu_max+0x1e0/0x1e0
[  991.097273]  ? __lock_is_held+0xb6/0x140
[  991.101315]  ? check_preemption_disabled+0x3c/0x250
[  991.106316]  idr_alloc_cyclic+0xd0/0x1e2
[  991.110378]  ? ida_simple_remove+0x60/0x60
[  991.114606]  __kernfs_new_node+0xb0/0x480
[  991.118740]  kernfs_new_node+0x80/0xf0
[  991.122611]  kernfs_create_dir_ns+0x41/0x140
[  991.127001]  internal_create_group+0xea/0x7b0
[  991.131491]  sysfs_create_group+0x20/0x30
[  991.135665]  lo_ioctl+0x1162/0x1cd0
[  991.139277]  ? loop_probe+0x160/0x160
[  991.143101]  blkdev_ioctl+0x95f/0x1850
[  991.146996]  ? blkpg_ioctl+0x970/0x970
[  991.150880]  ? __might_sleep+0x93/0xb0
[  991.154783]  ? __fget+0x210/0x370
[  991.158226]  block_ioctl+0xde/0x120
[  991.161831]  ? blkdev_fallocate+0x3b0/0x3b0
[  991.166147]  do_vfs_ioctl+0x7ae/0x1060
[  991.170028]  ? selinux_file_mprotect+0x5d0/0x5d0
[  991.174775]  ? lock_downgrade+0x740/0x740
[  991.178907]  ? ioctl_preallocate+0x1c0/0x1c0
[  991.183309]  ? __fget+0x237/0x370
[  991.186755]  ? security_file_ioctl+0x89/0xb0
[  991.191162]  SyS_ioctl+0x8f/0xc0
[  991.194520]  ? do_vfs_ioctl+0x1060/0x1060
[  991.198664]  do_syscall_64+0x1e8/0x640
[  991.202557]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  991.207396]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  991.212568] RIP: 0033:0x45b207
[  991.215750] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  991.223439] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[  991.230697] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  991.237956] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
05:39:29 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:29 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000880)='\x16C\x12\x9f\'\x97\x98\x06\xba7\xf4\x00\x00\x00n\x89\v1*\xa1\xba\xe9\x84\xee\xf0\xf8Zm\x1br\x13\xe46\xc2\xdb :\x00p!!\x04&.\f\x84Y\xac\xf58^\xae\xf7N\x18c)\x94N1\xc5\xe0\v\x0f\xd2K\xf3\xfb\xea\xcc\x83\xa1\x03\xc96kl\xa30N\xb3bL!I\xb3\xf3\xa3\xc0f\xf0\x91Ih\xa9E\x13\x0e|7\a\xfdC\xde\xda\xa4e\x9e6\xd3z\xe4\x80\xa4\x88\xd2\x87\xd1(k=\x93\xc4\xec\xd7HSm[\xae<\x80\x1a\vg]rM\xbfQ;\xc9\xb6\x0e\xa8\xd8\x92bK\xed\x1e\xde\x84%\x86\xee\xf6\xf4\xc8>F\x94\xc7\t\bw\x95 Y2B\xcb\xb3\x9d\xdb\\`\x19\xd8/<\xe6\xef\x1b\xd8k2\xcda\f{\x8f\x9a\xd79U\x8c\xff\x85[\xe5><\xd1\xf2<,\xab\xba\xdbw\x8a~Q\xe1\n\xbc\xf8\x0e8\t\xca\xf2\xd2o\x03\x9e\xc5\xb2k\x17\x91v\xae\xf6\xbe\r\xd0\x80\xcdXS\x1br/\xee\f\xd3\xdf~\x89{O\xac\x02`\xa3\xa7 \x93F\x16\xf2*3\x84_\x8b\x15\x89>T\xe2I_Y\xcd\xe7tW\xcc_\xba<\xed\x92f\x93I\xab\xaan\x88\x83\xa2\x1c)\xf0W\x8e\xf2\x92\xc9\xcc\xc3\xa0W\xe35\xe5yL\aR91\xcc\xdb\xc96S\xc7\x7f\xdcji\xb4~\xc3RS\x0fw/;\xc0\xbb\xb5\x85\xff\xfe\xe8\xfcVb\xd8\xf9=dK&\xa1\x06\vn\xeb\xd0}\x89G\x1f\xabJ0\b\xaf\x9c}U\xdc|\x1dk\xb6\x9e\x86NI\x05\xf6Q\x93$1\v%/@q\xbd~5~+\xe6\x1f\xc9\xc0\xa4U,\x87\xb2k\xf3\x88\xd0B\x03\xfef\xf0\'\t\x18n3\xcb,\'0T\xd19Zp\xf6\xdfqi\x1dY\a\xac\x0e\x19\xaa:\x84\xe51e\xe8-\xc3\xee1|\xda\xfa\xe0\n\xa0[kU\xc4\x9d\x93\xb3\xa9\x8ar\x8fw\xbe9\xda\xea2f\xadw@\x9dc\xbd\x98t\xd2\x98\x14\x9e]\xa0l\xb0N(\xdfyeg\xa7t\x03pn\xd3/\x12\x9e\x11L]\xe7-]\xa5\x93\xbdy\x1eR\"\x92Y\xcf\xda\xa4\x83\xe8\x01w\x18\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00', 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
getsockopt$PNPIPE_INITSTATE(r3, 0x113, 0x4, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff})
setsockopt$TIPC_MCAST_BROADCAST(r4, 0x10f, 0x85)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x103000, 0x0)
dup3(r1, r0, 0x0)

[  991.245210] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[  991.252483] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000000e
05:39:29 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
sched_rr_get_interval(r0, &(0x7f0000000000))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:29 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:39:29 executing program 3 (fault-call:0 fault-nth:15):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:30 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:39:30 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r10 = getpid()
tkill(r10, 0x9)
r11 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r12 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r12, r11, 0x0, 0x209)
perf_event_open(&(0x7f0000000540)={0x1, 0x70, 0x40, 0x3, 0x1, 0x8, 0x0, 0x3, 0x2020, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x10000, 0x5, @perf_config_ext={0x1000, 0x9}, 0x32114, 0x6, 0x5, 0x2, 0x5, 0x0, 0x3ff}, r10, 0x2, r12, 0x0)
sendfile(r9, r8, 0x0, 0x209)
ioctl$VHOST_SET_OWNER(r8, 0xaf01, 0x0)

[  991.474401] FAULT_INJECTION: forcing a failure.
[  991.474401] name failslab, interval 1, probability 0, space 0, times 0
[  991.486719] CPU: 0 PID: 21831 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[  991.494616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  991.503971] Call Trace:
[  991.506595]  dump_stack+0x142/0x197
[  991.510237]  should_fail.cold+0x10f/0x159
[  991.514407]  should_failslab+0xdb/0x130
[  991.518384]  kmem_cache_alloc+0x2d7/0x780
[  991.522535]  ? __mutex_unlock_slowpath+0x71/0x800
[  991.527382]  ? __lock_is_held+0xb6/0x140
[  991.531443]  ? svm_cancel_injection+0x140/0x230
[  991.536103]  __kernfs_new_node+0x70/0x480
[  991.540243]  kernfs_new_node+0x80/0xf0
[  991.544138]  __kernfs_create_file+0x46/0x323
[  991.548528]  sysfs_add_file_mode_ns+0x1e4/0x450
[  991.553181]  internal_create_group+0x232/0x7b0
[  991.557868]  sysfs_create_group+0x20/0x30
[  991.562100]  lo_ioctl+0x1162/0x1cd0
[  991.565711]  ? loop_probe+0x160/0x160
[  991.569500]  blkdev_ioctl+0x95f/0x1850
[  991.573387]  ? blkpg_ioctl+0x970/0x970
[  991.577277]  ? __might_sleep+0x93/0xb0
[  991.581148]  ? __fget+0x210/0x370
[  991.584583]  block_ioctl+0xde/0x120
[  991.588191]  ? blkdev_fallocate+0x3b0/0x3b0
[  991.592495]  do_vfs_ioctl+0x7ae/0x1060
[  991.596372]  ? selinux_file_mprotect+0x5d0/0x5d0
[  991.601122]  ? lock_downgrade+0x740/0x740
[  991.605259]  ? ioctl_preallocate+0x1c0/0x1c0
[  991.609661]  ? __fget+0x237/0x370
[  991.613109]  ? security_file_ioctl+0x89/0xb0
[  991.617521]  SyS_ioctl+0x8f/0xc0
[  991.620891]  ? do_vfs_ioctl+0x1060/0x1060
[  991.625036]  do_syscall_64+0x1e8/0x640
[  991.628904]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  991.633734]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  991.638902] RIP: 0033:0x45b207
[  991.642072] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  991.649887] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[  991.657141] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  991.664394] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[  991.671648] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[  991.679008] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000000f
05:39:30 executing program 2:
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(0xffffffffffffffff, r0, 0x0)

[  991.754098] QAT: Invalid ioctl
05:39:30 executing program 0:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x602, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x12a1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x0, 0xd, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, &(0x7f00000001c0)='/selinux/policy\x00')
r0 = gettid()
tkill(r0, 0x3c)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
socket$inet6(0xa, 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000300), 0x0)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000), 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c0100001000130700000000ac1414aa000000000000000000000000000000f400"/60, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="f0000000000000000000ffffffffffff0000000032000000fe80000000000000ab362900000000aa00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000005900020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000880000007ad475a2476b8039671e2a3d0c4cc66b86000000d7c05a2e87f8e1e3eb87ed2fe292bb1e8f48e872f20ca5e006c47d73f6cf53ab33c33e8dbca4595a6e671a56d7cb57f99d7b47110039c9516da09f58ca7c0bb5cb37f19db621cc1d6b09ad7b116a839b76e56dabfd6b8030466b6b52e3fb1cfce89d55593fa2a8d510438e985c649e89930b8f81694dfcf8a1e442abca4cd96ff7e5d7f571883d30335c73da796b4d19aa58c767afa127fea6f1c3"], 0x14c}}, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000180), 0x0)
modify_ldt$read_default(0x2, &(0x7f00000051c0)=""/4063, 0xfdf)

05:39:30 executing program 3 (fault-call:0 fault-nth:16):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:30 executing program 2:
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(0xffffffffffffffff, r0, 0x0)

[  991.838431] audit: type=1800 audit(2844653970.340:115): pid=21844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.1" name="bus" dev="sda1" ino=16866 res=0
[  991.886738] FAULT_INJECTION: forcing a failure.
[  991.886738] name failslab, interval 1, probability 0, space 0, times 0
[  991.898189] CPU: 0 PID: 21857 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[  991.906073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  991.915420] Call Trace:
[  991.918012]  dump_stack+0x142/0x197
[  991.921662]  should_fail.cold+0x10f/0x159
[  991.925822]  should_failslab+0xdb/0x130
[  991.929807]  kmem_cache_alloc+0x2d7/0x780
[  991.933961]  ? wait_for_completion+0x420/0x420
[  991.938554]  __kernfs_new_node+0x70/0x480
[  991.942704]  ? kernfs_activate+0x13a/0x190
[  991.946945]  kernfs_new_node+0x80/0xf0
[  991.950837]  __kernfs_create_file+0x46/0x323
[  991.955260]  sysfs_add_file_mode_ns+0x1e4/0x450
[  991.959936]  internal_create_group+0x232/0x7b0
[  991.964510]  sysfs_create_group+0x20/0x30
[  991.968650]  lo_ioctl+0x1162/0x1cd0
[  991.972274]  ? loop_probe+0x160/0x160
[  991.976076]  blkdev_ioctl+0x95f/0x1850
[  991.979954]  ? blkpg_ioctl+0x970/0x970
[  991.983831]  ? perf_trace_lock+0x109/0x500
[  991.988052]  ? __might_sleep+0x93/0xb0
[  991.991922]  ? __fget+0x210/0x370
[  991.995370]  block_ioctl+0xde/0x120
[  991.999073]  ? blkdev_fallocate+0x3b0/0x3b0
[  992.003377]  do_vfs_ioctl+0x7ae/0x1060
[  992.007246]  ? selinux_file_mprotect+0x5d0/0x5d0
[  992.011991]  ? lock_downgrade+0x740/0x740
[  992.016127]  ? ioctl_preallocate+0x1c0/0x1c0
[  992.020522]  ? __fget+0x237/0x370
[  992.023965]  ? security_file_ioctl+0x89/0xb0
[  992.028396]  SyS_ioctl+0x8f/0xc0
[  992.031739]  ? do_vfs_ioctl+0x1060/0x1060
[  992.035864]  do_syscall_64+0x1e8/0x640
[  992.039739]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  992.044575]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  992.049748] RIP: 0033:0x45b207
[  992.052924] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  992.060617] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[  992.067873] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  992.075123] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
05:39:30 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
getpid()
sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x0, 0x20}, 0x0)
perf_event_open(&(0x7f0000002740)={0x0, 0x70, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10001, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6ac}, 0x0, 0x2, 0xffffffffffffffff, 0x0)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000002700))
rt_sigaction(0x0, &(0x7f00000002c0)={0x0, 0x18000000, 0x0, {[0x7]}}, 0x0, 0x8, &(0x7f0000000300))
creat(&(0x7f0000000400)='./file0\x00', 0x80)
perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x6, 0x0, 0x4, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x80000000000000}, 0x0, 0x0, 0xfffffffe, 0xc, 0x0, 0x0, 0x1}, 0x0, 0x8, 0xffffffffffffffff, 0x1)
perf_event_open(&(0x7f000000a000)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xa2b5, 0x4}, 0x8000000200036108, 0x7, 0x0, 0x4, 0x3, 0xfe000100, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000500)='ncpfs\x00', 0x0, &(0x7f0000001800)='\x99\xd4\x89y\x1a\xcd\xf6h\xc4{\xa3\x04 U\x10ku\xbb\xb4K\x18\xb0\xb5\xc7\xa46\x95\xe7\x96\xe0\xd8?\x83\xc7\xb50\b@\x95\n\xf6\x01T\x12E-~\xcf\xd5\x1c\x9b\xa4\xd1(\xd0x\xc3\x03\x91\x83\xbc\x9e\xe9\xd6\x92\r\xb7\x01 \xe2q\x8b%\xd3\xef\xca\xee\x8a\xd1*\xf5?\xb8S\xa5\x8c8\xab|\x0eN\xa8\xa39\xed\x1d\x8f\x9e\xd4\x81\xfaN\x8f\x84\xf0\xdfN~\xfd\xfe`\xc8\x03\xc8\xb4\xce\xe3\xb2\xba\xb6:\xb6\xff\x19\x13\xa7\x15\x7f\x91\xc2V\xd7\x15\x7f\x8an\x00\xb5\xd3q=\xb7i\xed=\xd6\xb9\x94\x94\xfdz\xed\x93\xabIG7\x8c\r\x9eh\xcc')
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f00000000c0)={0xd428})
capset(&(0x7f0000000340), &(0x7f0000000380)={0x8001, 0x5, 0x0, 0x0, 0x0, 0x1})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000540))
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f00000003c0)='asymmetric\x00', &(0x7f0000000000)=@secondary='builtin_and_secondary_trusted\x00')
add_key$user(&(0x7f0000000140)='user\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000280)="fc", 0x1, 0x0)
r4 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000140)='user\x00', &(0x7f0000000200)={'syz', 0x0}, &(0x7f0000000280)="fc", 0x1, 0x0)
r5 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f0000000340)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$user(&(0x7f0000001780)='user\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000900)="585ccbc4ed83b836c1a6474914dc5500b66147b3c7218a91690000000042e3d35228897501f93191b076ac446ff0022b8753a1fa74ff569f435fb3bae96efb74b50e3c9066f9815e8fe629e5c0cfc60000ce0637cef580b4ec24c53d86571ff5ff70e4feffca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff33c1e8e036e5031949762d009d308bd73f477252d0000000000004000000000000000000000000000000000195e23", 0xc0, r5)
r6 = add_key(&(0x7f0000000480)='cifs.idmap\x00', &(0x7f00000004c0)={'syz', 0x1}, &(0x7f0000000680)="22d3e93152a1e7485d43ba2ac6c053a4402dda4d968eeac90ed5f36093d3c42d07b5940de28b40a9ee6cc601ad80ef5b6288a9829fd85f61c3e41652ed08c2483d783540a551f6b42809a9567e678f42ab7f4341399d0707d17ff3ef48b6d878869a0048a6fc474f0795515f6ba1cf3aea904314fa2ec9e1e6caf5283ba063331352e4cdd3e98a8c6522e52ba9759e6a37778ef017baeaa4635c3595aa542ed4ff8c5e6607340cd523511144fe474150f8fa722a12bf24a81ccfca22c2bd24937db4440be5edab4f9a5306ec66d8190b9c70bc67729252a1fccba76f04fd04cc73861e07aab74858dae272feefb88b7f243f89dad11c460abf50c899af0fe2017c663d9ac20d1973a97a13b10e11449c9f05d30d883afbd5b7052a5b2307ae10c33a0ee14f689239009208044d834c829d8388487654bf6fb37033c2b5f0ffccfd27e9dae88ea78d62ecb021cd8d4db23db76c4447c0562cb7b2dfab1665ffadaed56ebc67edd3f6493d8912df78fc59e90e2077a5c13346325567d8caa5c749f57c6ed68de070e63fb11dcadd03366c5eb3bc9758e92e11aecb9174c1e65546bb7f69069b11e1443fc7be6f071b07c478ba747e66197f8b7da0f0860ec7b5128ff7e815563b8ef6fb544a32ab4bf828362c9ebcd3e18b4d0721261235e4972f20bccd01319cc8d7df72456da8cf3969c2b063f9efa1d9860ef6a4eac915851f6d3448ff7b03f0fd3140be3b885f5d95110f89a0042347cd14e213c38e1e52f5e73d18c1227bdcb3d78687ffa98e188cc820cecef799da726f47e766c0cc0a44637c33692ae5d509b0452cee6cad9fdc113179d021c46a28fe325e7c7c7da76f8626e9bfe62e09b37071dda66c6a0a3fda8922044b51b7e1cc3c9e1de6a4a5040f7e1c0303e56a21b3f8561459b90029d29eff0eafed4234cb55040bd39f4b73e493f362e94e9d561b57210fdb502901c5fec0a3a4a219b2c432b60625e0948e5e78021a7aae688620ce005b27dd029fa2d30be343201d75c1f17c86d20f7e0c7a1afa72a55d6df170ec4dcf88d34ecfa6aeade5bb1b402b341507efc1d6a438f620166a2dfc77fcd81f3aa2320a657d19df5f5abea0ac0dccfb6280f9adf2db49551a6f8daf73e1211bce7a9ba829ee66a4a48a54741cd87f7ef68bfcae5a8b13e727798640f1b455e145d61f4c4c2f84ed57058570ef945979dedcfe4eaf1c424ecb3bde3a3813a211e36c8dc11a47755a3471f9e104c1b89acd01ae1a7acd79e96b726dde8bb774d441eba03226438798c79257c3551e92e6ba0c055986fe51bc79e79c577aa4207b77d1982052892b51d83a233f7b5508fa033875dafdd7d633bb2891779962ef4d45967f22397d9d7ff0a7dbadf49bdb87a7ca00ef27f71c11aa99c3b3075c27debb5989087cddbf37b2525bd36f1bbc01610eb6dd19094f10b548f69d607ff2f2840f0bc99b1cf26a9e7c84ac87f49cc9a6496ae71df57402f5b5964d96a761162d0eccf1d52808e811ee5019fc7a03472e035e33d849ab33a5d6271c4bfc4ac4eb9e5a35171c3b76e0171b5fc700abf9cb0feca46bb964ccedd309766d21d517b4663b5be4c02bcceecf5f25084df5b6d5728bdfb702848e1b56ecd595db474099768fc6a743ee48b7620b4751faff5b3b01b7ab778abfba01f1772dcc0664bfd427baa535982fca8c9aab067f79d67ef7f44f3f90d8b01410be692cf2ebc7e5a16fa27f1ad860f938077a4859669e8d6a2b3a252649fcb982f48d46cfa893329c00840118f9961b1f598706e8d2b22bea8ef9d47c6070b3999ba1f9298a73dd113d5edfdedf0810b359eb0f5025b2a8f9aaef9f57f995f584192aed32a8c39d24ce276c87c0c880e538d6b3c25899de9c001d4bfd4f42025ab74cbd0a6c675017b6d7ac037ff8591961f26848801152b4ad74fe6e0d3d51e10e13925c9f1fe69cfd1952218598c326ab74b583391d3898ad142d372d15463b7c7ed2062968c430711bb4ce1ea629186fca09ae145a3dcb9625ea52ba2a15c13ea2fdfba6db45325a4e03dbfc7717c0876267c2257f439bd27669c278e6fb066ad5e41a228bbaeb85b669860632e48609a06eedab8594e64f891d4d93c1cb6ca5e50500cd3bdf790b5e6168aee2c44bdab7e365618e4e3ea2590bff69b50f02bcb102ab084e29fc82af4b5ea8b249eebcdb1c4e3285761686175cb7b513c33845d185713f73f73f79cc291df579859c60c61f880e306a6725bd4e63a3d1721aa9ecdd0fe936553826099928bd87f454b68bbbd9c66ec85fce94f1b65290ada20ffe53e83a739661bf760f1b6077dcce65bb9a86f969c62f06e5364796888d79bcf90b5ce5504a46649fe956401627348b957b4d0a7197c78ea5f3fe7a524c00408c1605f8d845dc26cb3c078d310b2cdc9e69fda79fa6541ffeb9bd40c865eac9fdcf88973c33a9d72e5a2aee45d5ca6590dd320fd8612c77646d6b0b944e3a73df354935eb1f0b761630603bdb792e77ec36ffff2976e030b7d6eb2869e3b5c30783e9ca206276f8488fa32f3442a9aec3307b8287461d4bc13f240ebdc20858e9ce08151827e5b805323418af4bcbb28d2aec10cdde22799ef2721aaefb7a2aa695c71c40cd6aec26d648f9bef1cca1afd4afc11520e431fa86fa99702090f6afb4464ca47f05bdad73d1be6244078d1f4e789ae36c40505fce09b056fbf5f953ed424a968d9456726cf610176dc6506fbc63f6c3ed4b64b09c39984271de80499fe8b55b894d9f3ba872f6d36badf3a8d496174a8cf350243a4a45df121a406efa091d8d3ca46d71203f5503ef105e7e8109a5d0d5e1bd04658840348052493897079ad308d3472b338c1235adbe057c8d49a373b7b5306168eb8b519db8d075e8ddda455cd12e3492d26340296b182acaa9680dbc35ed620a088a2a3aad7e92dd52073c72cbd3b5484557f343cca8c6d6798eaafe766fd552c5f6e31bf0b1b78ef827ef46e981da07a054defad6310d0cf7566b7e6fc4f82640fe08c1ae7da35adcfeeb11a3937d592eade25fdd6b12fee6ccc3ba051d1a6528e4829a89d813918eeb9222e50d797dc38235f25bbb19dbfc73b4feb352a5d60fc8833117b22d7fa69a4bfb1354fed85ac08d97276a3c2266577eba57e190f1fa02a4757bac46900f0aadab4c69603f9ac121ae78d5daf5f372e3bc4289a3b9b6c7e37dab0a6adb6659f0163a80a75ba69e68690ce8c585a179319b96783b2aadde5f35ed4b1c818622e94fdd816d69f61c967d79563a728f7d80997bcfe8f1d29ac82af269e7b361e69cb79363478df94d60f5a03d5cc5ed2a6869e930412154daa62eb6abdd0f0c65adb5758ca0368ea16f1293dde8b68d229ed077a157c6300a3894bddeb5f7d618b9e177b8549c567441b26f71ae1fdd6344085d65d3a168eb6febb7c63a1b13fef3a9730b504e7dd8304e4d1603ffa15cc9b49c84ffeb97717eb01d0251e1f83c401feada28eed0ceba4fd3c686dd41bbbb2f2d0edaf972cbe11e8dd71e836f0ad68477055461b05d47ab039afbbe2bf276eefcac376af0f1bd16a8cbc31d3f89007813b5f59acacd35a9cd1bc6cdd12a463c7aea1de0f3e80f47e95688ad3bfc027f3ad221ad21814a0c29961fb398d0afdd9f02bbb7aed52fb0bee85044901db92406edf02847d689d98971eaf15931bb7e7498c9d0cd2dceb33fd8d5645fc1333bb01563cd3389876433323927b37f1c63e6d7f48bc1df3e27e208c5c590d27e6fffac33292a7033a3ace8a85e60e3d4eeced9c25c2781afef31024f002619d60fdc12ad19f95b2f3c937d9db3a9befd6a18495d154561f321ff04a4fc2691a2b336778ba040756c55e22b0f493763bbafe3e30169edd98f68cd762163db2ccd5ec3aa6709a6552abe8aa0d6054f32c4dca1926a7d4633f8d084162c89aabd155cfb7529faed25e419d1c1a7bf90f487b4cbb98b04624dff4c5cfb9b6c671c265a9079c377a1818037b12578ee04b9b65a61cbc31cb0c5f7c5b96f262ebd467cfb4600425679cf84a78598de43b773dafbadaaa6a6f02b5435e4f34c514a4948f5fe1cf36f6e3696da9b045e76dd915dc9b4eb4010ac92bf74b04fb4bf499dcef9e45340eba8575db87e1d7a5542116cfa3fe89e06c4f39b260c949b0a44fc9a68521666bba987764f2d8ec73d2b8f82c03f1e3302f39f89e5e8718ca919567373f7b87febb7b47387fee7bb321ec5621a548d3dbbaa780a29339722e661f0443267378057de2e8bfeda7b96fec71f342ac3964bcff41540e184c4bbe90442db37e7f2e0e755778145e68816cee57372b1e0fb61c06c6bd6011c23a39ffbd013728ef3a75bd21c9dd213e2d9dc28224c53686b72354282a00e0fd0a8e8f8db3d2e5fb52c7479f771fa60b42e5221333578a87e6a324737e52c7349b61ecdb7ecedb1a345707426d42251aac11d7b9185c3e01cfde7587e7d803123b29973df11979bd5996192f69fe80acf034c90f87a6efba00aeec0d7081ba0ce610a72fb3673e72f11e5dd4dcc2497f785f43c007b0f001ce634e9783ab62702f227fe5ecb33d6a2eb678b7a04bd182199402935b9594aec4440caf5dc568fc4ac4c059d3461c688b7682cde1cb612dbf682c936df130c2a94a7d98d1dbd01297bbd189d2f113d71af452b2352d45e227865a802adf480440726494998804a8b843d608827a8286c9ca136d8c0b82c2c6cda03b780f7568f5d953562846a493545b408f5810ffdd075188b6d402aaee5d5f81bbcb7dfc0ca3373a771c8f6118c3ed80f369030eed17957582b50b7ee1b084712546cb7a73ca7a7be7473301dec17283aa1ec163ca3939e69d8b62ea6a911b7522a3972625ff14a2689bc585831fec0930df4c06f3df683bd457f8eb47f12187e4cf7e41e8ed601103283b118e348d03e84f5792cf48c556a8053d5ba8679cfb95b287f1f16b398fa4befb40ccce0e2ddf72f9ead8ad7ed9827ad5a730a19ef5d7197744a648f7b5bc704294aade53b7f649f312972e63d2e50dc4b4bc866a74c9b5e6e2f7173a3e4b4093a45ebcb91bb1b76a4ad0030bedabcd0976805bea302c2a37b356628471a4002f4504e12cecb47e9e82fd6e73bc3c1605fe5df340cd43d1f45a548a0692ecb4ec5ee6acfda3bf6f49ed1a1b289ea29b7ae7e285b234c81e7712c4f92e5c32e2d6dda91ba041826c7faab4f987ac45b468613f6c83f4b87f45582afd9d62109e6c5fe4f9209928f5899288fd36b4298841c0d868320f4c8859c3fd96f3ebba272f3d76a9ddfd06b3aa88763ff4b28e554d45bd901c462c448d69629dbe4d3e70084f96d1fecafcaf3c455b977468f9a34fa840f1971db57662a3eb77897c5a1424e29d5148cea94e57fa35b4a6cc928ec9c21d0a2223bfa74a04e10a7cfb66906044d3eef650618ce35111bd9ff1de971215bde2cf4c67575c090f140fbb4b7125f5c1552c44037236a04ecce542537f714d047d0dc05aa5bf613c37dc0c8e17e6189619c4caa034e5db6558dcb8d80a0ade766cf77dde8eb75e3d9c7fbd283aa023a0265bbac742910ddc8f1c9be84e65999476cbdbb981d1d8a08e4cedc49c68fbc58abd134cd96f125f7c76443613395aad447adc64a6e19635b027bdd0a8e96a94b5f935684f9736eb831c76a0c59600ee0b1af343c22e1e52f0abdbf9b1672c172023c664edb847929c845bd8a16a72e0a247116e93d562347049ecf4cf28c2b83d0ad7ecf18d568353b35dd452ff6cd3bee93d8e278030d795d5b9f4c", 0x1000, r5)
r7 = add_key$keyring(&(0x7f0000000440)='keyring\x00', &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r6)
r8 = add_key(&(0x7f0000001680)='rxrpc_s\x00', &(0x7f00000016c0)={'syz', 0x0}, &(0x7f0000001700)="19f55ee997396fb84d671eb18c", 0xd, r4)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r7, &(0x7f00000003c0)='asymmetric\x00', &(0x7f0000001740)=@chain={'key_or_keyring:', r8, ':chain\x00'})
add_key$user(&(0x7f0000000140)='user\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000580)="fc5aee6ea8e6a1f840edbd1ef9e10702d2034e36833211ecef79bd707bd3b36872332e0a82c6fcb4437edda2c5613065efce2d0028cc0a7b9f44f0f579f30f071b0436038ad601bfe6971d6c29ee7925b435ee416c091ff0304681718786775c1b36ffe24ed1876a39267aba92de9379e5421d5dcb52d4b5c795082a9f6ab38b15458721656e8f953ddfa75047f277aaf9275a9b6361397270b396a3bae71f00114a7ea87c9e75cac96dd11fffeea22b29cfd153377b6889883a03a3aee978c8fb9ea2b887d30c487dbf1514205c44ca2a35843e7679c538cb3c64f53cdcdbe8f6213db51bc278ca", 0xe8, r7)
r9 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r10 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r9)
r11 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, r10)
r12 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r11)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r12, &(0x7f0000000200)='.dead\x00', &(0x7f00000002c0)=@builtin='builtin_trusted\x00')
r13 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r13)
r14 = add_key$keyring(&(0x7f00000017c0)='keyring\x00', 0x0, 0x0, 0x0, r13)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r14, &(0x7f00000003c0)='asymmetric\x00', &(0x7f0000000000)=@secondary='builtin_and_secondary_trusted\x00')
add_key$user(0x0, &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, r14)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f00000003c0)='asymmetric\x00', &(0x7f0000000000)=@secondary='builtin_and_secondary_trusted\x00')
add_key$user(&(0x7f0000000140)='user\x00', 0x0, &(0x7f0000000280)="fc", 0x1, 0x0)
add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
r15 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz', 0x0}, &(0x7f00000002c0)="585cc9e4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff01007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53dc9f2653d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4", 0xc0, 0xfffffffffffffffe)
r16 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000100)='\x00', 0x1, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f00000001c0)={r16, r15, r16}, &(0x7f0000000240)=""/112, 0x208, &(0x7f0000000580)={&(0x7f0000000500)={'crc32\x00'}})
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r16, &(0x7f0000001980)='dns_resolver\x00', 0x0)
r17 = add_key$keyring(&(0x7f00000018c0)='keyring\x00', &(0x7f0000001900)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000140)='user\x00', &(0x7f0000000200)={'syz', 0x0}, &(0x7f0000000280)="fc", 0x1, r17)
add_key$user(&(0x7f0000000140)='user\x00', &(0x7f0000000200)={'syz', 0x0}, &(0x7f0000000280)="fc", 0x1, 0x0)
r18 = add_key$keyring(&(0x7f0000000080)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r18, &(0x7f00000003c0)='asymmetric\x00', &(0x7f0000000000)=@secondary='builtin_and_secondary_trusted\x00')
add_key$user(&(0x7f0000000140)='user\x00', &(0x7f0000000200)={'syz', 0x0}, &(0x7f0000000280)="fc", 0x1, r18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
fanotify_init(0x8, 0x800)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r19=>0xffffffffffffffff})
dup(r19)
dup(r19)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r20=>0xffffffffffffffff})
r21 = dup(r20)
ioctl$PERF_EVENT_IOC_ENABLE(r21, 0x8912, 0x400200)
dup(0xffffffffffffffff)

[  992.082385] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[  992.089653] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000010
05:39:32 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:32 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x515082, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r5=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000002680)={0x0, 0x0, 0x0, 0x0, r5}, &(0x7f00000026c0)=0x10)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={<r6=>r5, 0x8}, &(0x7f0000000100)=0x8)
r7 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r8 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r8, r7, 0x0, 0x209)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r8, 0x84, 0xa, &(0x7f00000001c0)={0x9, 0x5, 0x0, 0x200, 0x8, 0x5b, 0x7, 0xfff}, &(0x7f0000000200)=0x20)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000140)=@sack_info={r6, 0x3, 0x8ed4}, &(0x7f0000000180)=0xc)
getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000), 0x10)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r9 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r9, r0, 0x0)

05:39:32 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x80000, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:32 executing program 2:
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(0xffffffffffffffff, r0, 0x0)

05:39:32 executing program 3 (fault-call:0 fault-nth:17):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:32 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r10 = getpid()
tkill(r10, 0x9)
r11 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r12 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r12, r11, 0x0, 0x209)
perf_event_open(&(0x7f0000000540)={0x1, 0x70, 0x40, 0x3, 0x1, 0x8, 0x0, 0x3, 0x2020, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x10000, 0x5, @perf_config_ext={0x1000, 0x9}, 0x32114, 0x6, 0x5, 0x2, 0x5, 0x0, 0x3ff}, r10, 0x2, r12, 0x0)
sendfile(r9, r8, 0x0, 0x209)
ioctl$VHOST_SET_OWNER(r8, 0xaf01, 0x0)

05:39:32 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:33 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r2, 0x0)

[  994.491998] QAT: Invalid ioctl
[  994.546116] FAULT_INJECTION: forcing a failure.
[  994.546116] name failslab, interval 1, probability 0, space 0, times 0
[  994.567002] CPU: 1 PID: 21893 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[  994.574889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  994.584242] Call Trace:
[  994.586843]  dump_stack+0x142/0x197
[  994.590484]  should_fail.cold+0x10f/0x159
[  994.594670]  should_failslab+0xdb/0x130
[  994.598651]  kmem_cache_alloc+0x2d7/0x780
[  994.602811]  ? wait_for_completion+0x420/0x420
[  994.607410]  __kernfs_new_node+0x70/0x480
[  994.609301] audit: type=1800 audit(2844653973.078:116): pid=21889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.0" name="bus" dev="sda1" ino=17505 res=0
[  994.611559]  ? kernfs_activate+0x13a/0x190
[  994.611573]  kernfs_new_node+0x80/0xf0
[  994.611585]  __kernfs_create_file+0x46/0x323
[  994.611597]  sysfs_add_file_mode_ns+0x1e4/0x450
[  994.650657]  internal_create_group+0x232/0x7b0
[  994.655245]  sysfs_create_group+0x20/0x30
[  994.659390]  lo_ioctl+0x1162/0x1cd0
[  994.663022]  ? loop_probe+0x160/0x160
[  994.666818]  blkdev_ioctl+0x95f/0x1850
[  994.670690]  ? blkpg_ioctl+0x970/0x970
[  994.674560]  ? perf_trace_lock+0x109/0x500
[  994.678781]  ? __might_sleep+0x93/0xb0
[  994.682664]  ? __fget+0x210/0x370
[  994.686133]  block_ioctl+0xde/0x120
[  994.689746]  ? blkdev_fallocate+0x3b0/0x3b0
[  994.694052]  do_vfs_ioctl+0x7ae/0x1060
[  994.697925]  ? selinux_file_mprotect+0x5d0/0x5d0
[  994.702675]  ? lock_downgrade+0x740/0x740
[  994.706824]  ? ioctl_preallocate+0x1c0/0x1c0
[  994.711222]  ? __fget+0x237/0x370
[  994.714667]  ? security_file_ioctl+0x89/0xb0
[  994.719061]  SyS_ioctl+0x8f/0xc0
[  994.722416]  ? do_vfs_ioctl+0x1060/0x1060
[  994.726548]  do_syscall_64+0x1e8/0x640
[  994.730422]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  994.735259]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  994.740435] RIP: 0033:0x45b207
[  994.743606] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  994.751308] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[  994.758571] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  994.765822] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[  994.773076] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[  994.780332] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000011
05:39:33 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r2, 0x0)

05:39:33 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r2, 0x0)

05:39:33 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r10 = getpid()
tkill(r10, 0x9)
r11 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r12 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r12, r11, 0x0, 0x209)
perf_event_open(&(0x7f0000000540)={0x1, 0x70, 0x40, 0x3, 0x1, 0x8, 0x0, 0x3, 0x2020, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x10000, 0x5, @perf_config_ext={0x1000, 0x9}, 0x32114, 0x6, 0x5, 0x2, 0x5, 0x0, 0x3ff}, r10, 0x2, r12, 0x0)
sendfile(r9, r8, 0x0, 0x209)
ioctl$VHOST_SET_OWNER(r8, 0xaf01, 0x0)

05:39:33 executing program 3 (fault-call:0 fault-nth:18):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:33 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r2, 0x0)

[  994.948998] QAT: Invalid ioctl
[  994.961678] FAULT_INJECTION: forcing a failure.
[  994.961678] name failslab, interval 1, probability 0, space 0, times 0
[  994.998855] CPU: 0 PID: 21914 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[  995.006790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  995.016142] Call Trace:
[  995.018738]  dump_stack+0x142/0x197
[  995.022383]  should_fail.cold+0x10f/0x159
[  995.026543]  should_failslab+0xdb/0x130
[  995.030525]  kmem_cache_alloc+0x2d7/0x780
[  995.034699]  ? wait_for_completion+0x420/0x420
[  995.039292]  __kernfs_new_node+0x70/0x480
[  995.043442]  ? kernfs_activate+0x13a/0x190
[  995.047704]  kernfs_new_node+0x80/0xf0
[  995.051607]  __kernfs_create_file+0x46/0x323
[  995.056027]  sysfs_add_file_mode_ns+0x1e4/0x450
[  995.060709]  internal_create_group+0x232/0x7b0
[  995.065315]  sysfs_create_group+0x20/0x30
[  995.069469]  lo_ioctl+0x1162/0x1cd0
[  995.073105]  ? loop_probe+0x160/0x160
[  995.076911]  blkdev_ioctl+0x95f/0x1850
[  995.080805]  ? blkpg_ioctl+0x970/0x970
[  995.084702]  ? __might_sleep+0x93/0xb0
[  995.088590]  ? __fget+0x210/0x370
[  995.092051]  block_ioctl+0xde/0x120
[  995.095686]  ? blkdev_fallocate+0x3b0/0x3b0
[  995.100011]  do_vfs_ioctl+0x7ae/0x1060
[  995.103910]  ? selinux_file_mprotect+0x5d0/0x5d0
[  995.108670]  ? lock_downgrade+0x740/0x740
[  995.112830]  ? ioctl_preallocate+0x1c0/0x1c0
[  995.117242]  ? __fget+0x237/0x370
[  995.120711]  ? security_file_ioctl+0x89/0xb0
[  995.125130]  SyS_ioctl+0x8f/0xc0
[  995.128504]  ? do_vfs_ioctl+0x1060/0x1060
[  995.132660]  do_syscall_64+0x1e8/0x640
[  995.136553]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  995.141411]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  995.146603] RIP: 0033:0x45b207
[  995.149788] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  995.157506] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[  995.164777] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  995.172045] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[  995.179312] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[  995.186581] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000012
05:39:33 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r2, 0x0)

[  995.258732] audit: type=1800 audit(2844653973.768:117): pid=21915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.0" name="bus" dev="sda1" ino=16866 res=0
05:39:36 executing program 3 (fault-call:0 fault-nth:19):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:36 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r2, 0x0)

05:39:36 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r10 = getpid()
tkill(r10, 0x9)
r11 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r12 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r12, r11, 0x0, 0x209)
perf_event_open(&(0x7f0000000540)={0x1, 0x70, 0x40, 0x3, 0x1, 0x8, 0x0, 0x3, 0x2020, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x10000, 0x5, @perf_config_ext={0x1000, 0x9}, 0x32114, 0x6, 0x5, 0x2, 0x5, 0x0, 0x3ff}, r10, 0x2, r12, 0x0)
sendfile(r9, r8, 0x0, 0x209)
ioctl$VHOST_SET_OWNER(r8, 0xaf01, 0x0)

05:39:36 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f00000017c0)=[{&(0x7f0000000180)="61cb68ce43e49496ec24d59929b8afbf", 0x10}, {&(0x7f0000001880)="1c2fa851bac40cbcad28704943f90c981d93cb808dd3cf04fdc10780f0cb03a61caccc1f6e8a89e583b1c8d3a4901d31b5755a8d47f1e8274edd90317352048bbf4c47ddbdf869b00a896ae3fdf1b86b80fec5319dadd43498a2ab89957622a2d1e5ba8eedc295607655922ee455578701ff0000000000000000ab9d8dad62a068f27c4860f40795f8d69b0659ff48027cc920802c4a76ba14ef960627bb5092634a526518b4377d5b2c09bae59283d25df435415f7d9c7ca900192bc0dc15f2399fe269efbe00000000", 0xca}, {&(0x7f0000000340)="c60fa90cd9c8c3104dfd9ace8bcaf79f9443c5b59d81e9006f5c91fcc702ec0f2017d2326d8b1dde61099afea050d1ebdc9ff7845abd60ef9a39863f6a9c19c0e61c279f7dcec425952d", 0x4a}, {&(0x7f0000001980)="a7121e54ad8c15679040f7b96faa63999480e1c882718d85bcf5d357f2", 0x1d}, {&(0x7f00000003c0)="089a9a0d067c86028d09f7a19f3d2bce57836e67547b2e20e93de460eb3bc86e236bc6877d8235742b767827fc48159da1d210b2ffc0e35cc1595499750c343fc5043be9267947357e404e77cc236dd549fe865cae701b699bb51d1e1a591a021afce510eef973564769730f2e7aaa0e33138acc4570b7af70e11eebda33a136dc4fbb8aa44ca802c69a8ccf843f61f716d79748952c25b8e39de36002e50b85ad718182c57591efe64a211a158c6a7ba18864601fd5edbb558b88568a01e1c2455e8a5f77191a91c11a90e6d0e041776f1a7bb441492a256f3b42d81d3f3fad632ffd6b91a7a0f32141f57a05f27fc66389562299721191d4ca8a3f88841322a24143fcd7c0b22b1dd9f3381d13b4d47305cc4ffb4d8cc7cef6d73b8734d418f32c1d971f04a86ae6056d8cb2a500d52ad09436d0c11601f5b849472bfa0a1c1e929e14581b6db07b2fe4de7ef9bd3b688ed7e07a43aafdabd9cd9669b54bbbb2d92ffaaeb2fbdab6e393da168309258b84dfe301a664f3550d9b10bc03af43b0de9d2043681388942a700cae6f93188c6e431bb988a1ff8ac778fa2c5f021d7695d842e623da87594b9060a963d9121ba5481c881f75d9f16213419b42d6e036b678fb6746913d4db8d5dabba3b6183fa18b941a5dab9e641e0fc5272f5eddf4191b94e001253f18a9da25420cfe594fadf50d149d8169b7318ef314d47d4abd031d99e84e0f937ad539e7d0844c150eb2615bce092d3e48fc3afdd31bb305a65fe26c477fa74928bd9011c1c79f7032b41339bfbf82762f0c9b9a57c5c2a7e7492442c3e628a641ed71b9f28f939e9dff5a2185e5a029a64f86d6f2144fc6d6039bdd5d00463706a37b6dd39584a23f21408475ddd2e5189a447e16dff22d90510b5d65361b906ace349858d1a15016c1919ce127c4d4e1e9c4e518e2ae591cc758699500be2040d93f441e99354b1cfcf186b2018c753d7669aab9c465f40f01b63616fb75bd43657242bc45500af4c182bd6c1ef5011e6ca3af0d5dd99367fa2c30e0c3607139f0ee9305892774b58b61b1c005ba09ddfb0add0a4d92abcbd12fbb82a58d67b3d84ca4807f4f1fd322633d6fd60a641f022bc4e8b14691749811d974e99bee58d8e20bdd14932320211323b571a516856a96ae50007402a02f1fa5e060b3a3b82586a08cd78b26303e6bbeb4d577fd70cc2cfa3d05b136e0e0fc31e23810be039988a4e9a6e8c3cba252972ae9c8142edede03a1a8ad77cf5cb960891d47b9eb8527f62316b51dfd2588dc1e7c371149b315609263eebfe2b5d5e9b74fd74003c5c843ded61e17e7f3a7d3ad40fd69f90d6fa9f96955e8254cf69f38aedc4259d051802ec3e9f078efe4b8dd7befcbcade752f456b8901e891e1c6257fa78a2c8e78511fa1756502ab16e5b881c2ea39b1ea1bf307a69d098dcd47d49b8d14546d5bb340e460ad5113eeb8dbf87f7fcac71ae7e6565f86d54c1ecb840113581df4dde7679fca8633002c2b372087ff0d689e0a3a3bf1883d3bb6f425dbb1bdc05f8fd8ba4e5ac4af963c334261c96ad547199b740a2249294ed7540dc368f2d3aab3fd7e891bbfe8413cca3b0f7758ba3e965bbf9dac8e22ae0e9a16d233f0d2beef9fca4019df2be29579200b9477c586207ebbe5be9d6622684cc2472279feba6c08ef26018bbf3dd65bcf57787d908a9cba572e9cf41a82d105d4f377030c757a433e7d0b950966d16c7d0a93f4dc9d4f676021f07a42844c4aeef80c5999fe77ce01e6bc9fc37a2dc3edea538873f0749134cefa922d5a14abe576a102c479f608b52853c39afb1380496011ca8abe181577a6d86fae074a05b450b5c2e43c09d62d3760534758098aea7a0232c4c0a4eb44413232815f300dee9792c1f0fcfca39362b0a7139eed77f9e0e48fb9ca3d9a264cfa2595df52bed9d0c97d4322eb991ac42af66c8d8c472a172887f5ff6f9cafc51b8f58f91bb0b3d6fed0319d49747053c1ccb036d1c40bbce9b85b696c40a03e43b90e4b8776d9d3af4d9c4c27ac56470cefdbd2e01c213a4593452ab5a90ea05ce26cbb6eb894df167c17192e866140f168976d1afcee9d08a5e1ea781cebebf5daf1c3c65a8ac5c47f7a0393727d153eeda0cb606bc6260a550daf5e0931f0a69e549863e512c52a564e3c33536853e5e186d52ec2ebe3e09b103322f0710a11790f919b4c2e25a36a9bdb3f47d86096515e93bf2880a41c7fa15a6b4f42b63849e5291f2e0991042fc13d12c38cbaa734dd9745e98eb182cb72da17efab3a00ba35e1e6c11287f439fd157d7e7f86f94b3983972db6585093445e09d2ef7a4aff428a5810483e6f457cd2e6d73b794b4e90852552d03bd60c38cfa784b062dbfe08662af79fbd79a918eb41278ffa03f34f4a7ecad8a33e8594b6e89cb77891353db327ede08a2c183df928333329604523a985aac80b38d0baad75ee240ece1316a60731ce218dda64d18a425d04cb21bc873ce6661f3c89069a824f583bb3a410081723b2e8a008107ab74e2f337c65dc2bf4323d8b42bbe1ebf78b820448006457da02b663e7ec108b77606e7d9f1bdfe0fe1857c2198007eb429f68c8dbd9d6abddae208cfdb57d18286d36fe56fbc313ec0c185c1a781f35ce4792874dd48ff2432b6030b4464568e3cd18fffd9ab548612f2223527ff8152af52458f6a85384884b7e6c1a35d04e34360950ce92584b15438a4b71330621bd2b186dacccaec09214ea62fcc60934723ae66009ef9df5de24d8844c337355866873892098d2a109579ba12182a7804f0360e16efdc2cafa510509122217ad95d7f94eb9b93e3f593980c7db696e0422e541e6db7f4ae86a13edb7d9e943d1112a81a1beda6c44fe16ba166cd9d62d47d896642a8e76f125395df77ce533c524c5ef8c15e9204be38812530759d40f7258cb736ddf6e7f53c89fbe09c8d788a8634c635791dea63a89dd1b4293839b5dc0b5a6b67ba43716a3d52ae10b64dc215a5ddc9dab9427f8fed143b368b45388369a7769d3a9bdb52f0e40cbc579685855d729780c2c50959054c68eee5b375c0256bbaa543b13ac09ef9aebbc8f3c9d77ed4199b3bb777a1ed48e7a327018e44ae6bfa28a64f3a921c66c2e6fa121231e75e61a3ed083b7f0abcdbe4948f1d305ee6dd5591c69cec0afeb3565e0b1523e7dabe1b0881bda4290744e8ff4fe84d051459d493e64922a7557d413381688d2481de5e3e674e00ad16760f1d485f8a12584940e25ea0ed7baf99b018fbec9fe50279a68419dde05c38a10bade5bf957ef4fd13992a6f5ac944a24c2074afd96679a87838576b021ea2d986e9a61ca0568178414191a8ca0a819a5482d06eab6fc684ac683bb5ac98c7533f2851c2a518dd94179d78859358914ff9454abde0a3be278ce2a83c06b93f52cdb50f1c8c6d2774458ec2a68ec536e4696d99dd6c5cb3194800019c2cc96ed5068d4b7a9d376443d5dc6a784937bee0799673f6077d13394327ca81f09517ab274d884ee3c1d7281cf8732b3da14fd4cb65f73e7f75de51628dda5b54c2cca2105b315e85c8f4b3d39fb9d5e658d01a855b0b2299d3efd124c0ad1787c8d721ddd47ab516f33510d82d9c498b88f1e9ad4475aed6c2a451d66af2e42aa79db7b4382dec129e0bf255c323befe40fd6ac27677432f2a6a9091079ebe076736fb392c729303f7c4219d16cf0899dd8c316dc40ab8c4ca726f2f058183047b715f37b7575de811b26f7c1b7a9f4b8c1085b66b7a9e219dda3c262c5ba116c89916ed4a4c604a97ea8c1e74d7e4c60299dbe0363f854152a2a0923fe27b345089501c931365e8c6b81ad38b717bd97f778f9b445f51106b013f0d184bfa556d62f57bbedf076faef3a063eef32d72d491c3f2cdc31dac666967ead1f1dc307a0a3eca7edbc753db30839523c89aea5e71886b041518cd69d28fff8b176bc32f30734196e95fc0f5de1877640b3f23fe9bce1befe6bc9c6564d90de0691b544854d67e3c51b60dcda009f39d07eeff295ae415cf5d51d3fd5c16fad780d7e80585e65a125ec44833743f247740b1555cd4883eca950fc785d6126ff464cfb5b0439b5ea61394db1d03b3417db67efeb40521782393e732fa8b58f395f96aeb843d2c33ac2b001d169afdd5409ba67a5b6ad53761ea25d6b43062c475dfd9f368ec20b58652efebc2dae3f233d8bc85c5faddd2fd01bed5af4b64831f412e14a0d2b6a7ed16f479fe0f28dc75adef42f6ad6c3ab66cbfbb1dc670831c2b09d6b2376f8901ea5f7ad3daaef6ad888091675e639c545c481416f47883a6bfe56459337815a68eb25021adb86c6a035093721faa19b58ce0ccd43f113041f5fbd43b99b30b943eda8e738d81d1810b96bca42d104c756ac13bdc1f0287dde86cb1cbcb7b4f471dd31ac8b13fb6b4bd6720b8200b315534f8983814990fc18ed88a3c7eb25ca97fabf2fca6ae4ffc4de048a799f0dfd454fa578f7eda1e4451d1168c6bc969961fb6854eece11c2754f7abe8feff92aaef5a2a77b72bf5640e930db156a401ba04ee1d9ad5dd89838e79a78faa49e4b04f17aa5e31f9e983b6ed27f71522852a4ae9d0881ec7800dae9caa25268912128b3892442a25452826c4a7ec0d9aa67726b747a5a9e4e55af0e11c708e17a5b8972ba22d847ceed918ccd11ab77b06afca350edc31c80405128954ebd8cecc6507af2d5160bac0a85468be06678b68e8ccec8fb08492f0336f68d0760f9c80cea1eb30e7eb6863d35d4c10c6d2e79f283cceac6c6fb4264078d2bb3344367f646feb4cfd58a0bade107096613b61a21aa505fe66408c0d0b00b2c715fa9a9243661c0167d5a48ea907a238ad8e183d319a52c807897277163350fa71707188b6f7e3a3e165e7c8acff3cfd31cf4911f16f278daeb6dba3461563efe239856e96b9cc73f3bd35d1fe533429fb2b08f008451a34be118367aff2b5912d289d5619118de45bd1025d79688a20e7515a254d22a85f2d320f75d0de911012b144fc80acfd6b88187e6ab524e459f8a1339e08a882fe8d0176a0b785ae82dbe88a68086e9fe45a40b4e75523272a379270bbd369719d2c7a3d207e97a75f6b62a241d5a8880a562107af1b3d461b07e588ae6b2e2cbf1b96d215ec53fea37f3a6f3beb6050d5a0e4e35ae635dd3bfeab59ed0e16b00ceaa5b50ace3ea3e2a61b55172f0b61ea2d8770ddf306e4ee60d8f63ed11de49f8ee9a7259a4fc44655cdca8d9802c63ed70a11406f72f52cb5fcbfc8969a02bc55111cac76041ff51d4cf0ae56e9f76fa247b6ad221e9f906e94863eee42acb91a920d321feeabebb3fbfaed44f2ac99b3982fd7c97119420cf6823365dfa6ccd14cfd29b26104731fe6e40504975d10065937637473ec4276b6c30ef17eba984165a1f1f93edc73f44295f3ed2052e13076fafa67a4ad95a7fe7db4b2f23f180311d0b285e1dd5c50c0b493471bfbc5c751bf6557333f836cf60929788ce03db44b1662a00c59c6a92f8b313596d04a338875ab3ea925195aea311ef6206f3d0778e8e87d6f8ac904bd77cee4ad34017da5766d5f26ecaa5a31744de41b8b226ec077a44d6bd75aee0d69c4e0bc4edc8af75d7a82d6509b293d5ce2ca56af329e9b3061b9423e2860fc6c142871d6f01505dbfabce6aa81307eef1b535ce86db03e54c1bde4e5b58b0936d9950a44149ebf20b649c2174979cc292c77a7baa423260f460b1a6b9ab27e7f492b59738822b9059a2", 0x1000}, {&(0x7f00000013c0)="63268f8e5643c24fbd6e1fc7d78e863ce8bfc2569b8cde2be55873790453d58c79f0d429e48f75500f2b3ee9afd1d45dabe355496c630e69af9057f4a1b1012b4adbae5f1b5ef7b2907c6c79033f8534244b1f299c665e8784622b5db8794565267eccd93e9b8855d5baa393d30dd3c00f1e552498d8614c98dcc503e1ba499c26b85795b28663a507bbad5e4f50686581cfc8359e67c25e153767f92e18386df3066abc4f31d6b5a636d0d39ce7189cfc5987948532b3c401771f62697967e2cd3cad97a3ad88ec1a5da109a2960d9509c95960e16c54705e5210c47c892c3568e81380", 0xe4}, {&(0x7f00000014c0)="9d30e35e4caf61e086d173449b12f3dd691be34666ec900472197723715e32e15d8994f557bae48e47b8323075fdf6babc7439d9f2e8c1878d263122b13ac6586fd4052b9577ef1190cb399ea9790e5911899228ba81c165f42c14068ba666cfdb7d7f63f21bb2f83229b91cffa89030f81823f2a4c14104aca0907b0f40880fe39dde824af0a54085a94fdd0aab43ca9b5d456a490e1de62d3f", 0x9a}, {&(0x7f0000001580)="54bbcae17eb5e7ed62fe8f0fa8489f35e1615fbd6d6a9da3c69d91faf4b4a2ffecba7e16bc357aee2d9184be2f38ad4ba06a76f78c25843c8f069b396233f72ea4b99be176ee9fc771c377fb111d027efd6c85c9513a61b339210d38a29a1e7b5c66cd559b39ffdb153e85628c4365624ca5ba0679156a931aa64271417de60753cfea62fa10738a81e03965f97ca2e2ade653", 0x93}, {&(0x7f00000016c0)="108f319863a92c8ecc6523f5b99b43ea86896c277b111c140898403e9e51070dd9068111975b58b94873436ae0ee6737ebca32477eec6b63e6179b1fb3f53b1158879ec532ba757e79c29a2194d9c79b2e191be27b92119440660363257a72d6aa899e632adaeb57901deafe25d43d889cb54158b76ceb540bfec51cf5ee00ce24560a3f59db20cbc5f91a9e110b3591c0649192ef48cca0c5024f58d8be600193e76082fe4baf86396c22451cf55a74d013c76376e2830156ac9f65f833b2c45ffc6dd3a7f2e2", 0xc7}], 0x9, 0x0)
r0 = gettid()
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x701083, 0x0)
ioctl$TIOCGETD(r1, 0x5424, &(0x7f0000000040))
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:36 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x3000002, 0x13, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000000)={0x0, <r4=>0x0})
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r6, r5, 0x0, 0x209)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000080)={<r7=>0x0})
ioctl$DRM_IOCTL_GEM_OPEN(r3, 0xc010640b, &(0x7f00000000c0)={r4, r7, 0xf9})

05:39:36 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:36 executing program 2:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r2, 0x0)

[  997.561263] QAT: Invalid ioctl
[  997.567872] FAULT_INJECTION: forcing a failure.
[  997.567872] name failslab, interval 1, probability 0, space 0, times 0
[  997.618154] CPU: 0 PID: 21941 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[  997.626081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  997.635434] Call Trace:
[  997.638030]  dump_stack+0x142/0x197
[  997.641670]  should_fail.cold+0x10f/0x159
[  997.645834]  should_failslab+0xdb/0x130
[  997.649821]  kmem_cache_alloc+0x2d7/0x780
[  997.654067]  ? wait_for_completion+0x420/0x420
[  997.658660]  __kernfs_new_node+0x70/0x480
[  997.662810]  ? kernfs_activate+0x13a/0x190
[  997.667049]  kernfs_new_node+0x80/0xf0
[  997.670934]  __kernfs_create_file+0x46/0x323
[  997.675337]  sysfs_add_file_mode_ns+0x1e4/0x450
[  997.680003]  internal_create_group+0x232/0x7b0
[  997.684588]  sysfs_create_group+0x20/0x30
[  997.688742]  lo_ioctl+0x1162/0x1cd0
[  997.692357]  ? loop_probe+0x160/0x160
[  997.696143]  blkdev_ioctl+0x95f/0x1850
[  997.700012]  ? blkpg_ioctl+0x970/0x970
[  997.703891]  ? __might_sleep+0x93/0xb0
[  997.707759]  ? __fget+0x210/0x370
[  997.711197]  block_ioctl+0xde/0x120
[  997.714806]  ? blkdev_fallocate+0x3b0/0x3b0
[  997.719109]  do_vfs_ioctl+0x7ae/0x1060
[  997.722979]  ? selinux_file_mprotect+0x5d0/0x5d0
[  997.727716]  ? lock_downgrade+0x740/0x740
[  997.731846]  ? ioctl_preallocate+0x1c0/0x1c0
[  997.736248]  ? __fget+0x237/0x370
[  997.739697]  ? security_file_ioctl+0x89/0xb0
[  997.744092]  SyS_ioctl+0x8f/0xc0
[  997.747449]  ? do_vfs_ioctl+0x1060/0x1060
[  997.751590]  do_syscall_64+0x1e8/0x640
[  997.755461]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  997.760290]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  997.765461] RIP: 0033:0x45b207
05:39:36 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x4a0802, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000480)=ANY=[@ANYBLOB="f256398a7d5f1cbc358070bac9c1d562cc5fe60ef88f8cdbb3ab497e472041c75e83be56219b97b5780db500"/58, @ANYRES32=<r4=>0x0], &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000002680)={0x0, 0x0, 0x0, 0x0, r4}, &(0x7f00000026c0)=0x10)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000140)={r4, 0xfffffcf2}, &(0x7f0000000240)=0x8)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r6 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000003c0)='/selinux/status\x00', 0x0, 0x0)
getsockopt$netrom_NETROM_IDLE(r6, 0x103, 0x7, &(0x7f0000000400)=0x101, &(0x7f0000000440)=0x4)
r7 = getpid()
r8 = getpid()
tkill(r8, 0x9)
tkill(r8, 0x9)
fcntl$setownex(r0, 0xf, &(0x7f00000001c0)={0x1, r7})
sendfile(r5, r1, 0x0, 0x209)
r9 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000080)='NLBL_UNLBL\x00')
ioctl$KDGETKEYCODE(r5, 0x4b4c, &(0x7f00000004c0)={0xc68a, 0x6})
socket$inet6_udplite(0xa, 0x2, 0x88)
ioprio_set$pid(0x0, r7, 0x2)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r5, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x70, r9, 0x400, 0x70bd25, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_SECCTX={0x22, 0x7, 'system_u:object_r:shadow_t:s0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'tunl0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1_to_hsr\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @remote}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}]}, 0x70}, 0x1, 0x0, 0x0, 0x8004}, 0x8051)
r10 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r10, r0, 0x0)

05:39:36 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r10 = getpid()
tkill(r10, 0x9)
r11 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r12 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r12, r11, 0x0, 0x209)
perf_event_open(&(0x7f0000000540)={0x1, 0x70, 0x40, 0x3, 0x1, 0x8, 0x0, 0x3, 0x2020, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x10000, 0x5, @perf_config_ext={0x1000, 0x9}, 0x32114, 0x6, 0x5, 0x2, 0x5, 0x0, 0x3ff}, r10, 0x2, r12, 0x0)
sendfile(r9, r8, 0x0, 0x209)

05:39:36 executing program 2:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r2, 0x0)

[  997.768634] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  997.776411] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[  997.783671] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  997.790921] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[  997.798171] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[  997.805420] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000013
05:39:36 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0xbf1, &(0x7f0000000000)="b5eceee7ff36839d753286f1e64e95bfb0327820a59d992543", &(0x7f0000000080)="51faf5cc528ab2c859796aa7", 0x19, 0xc})
dup3(r1, r0, 0x0)

05:39:36 executing program 2:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r2, 0x0)

[  997.893386] QAT: Invalid ioctl
05:39:36 executing program 3 (fault-call:0 fault-nth:20):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[  997.968091] audit: type=1800 audit(2844653976.477:118): pid=21959 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.0" name="bus" dev="sda1" ino=16558 res=0
05:39:36 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r2, 0x0)

05:39:36 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
r2 = dup3(r1, r0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r4 = socket$bt_cmtp(0x1f, 0x3, 0x5)
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r6, r5, 0x0, 0x209)
accept4$bt_l2cap(r2, &(0x7f0000000400)={0x1f, 0x0, @none}, &(0x7f0000000440)=0x51, 0x80000)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f00000004c0)=@req3={0x7, 0x20, 0x0, 0x4, 0x30, 0x7fffffff, 0xf014}, 0x1c)
ioctl$TCSETSW2(r6, 0x402c542c, &(0x7f0000000500)={0x8001, 0x58, 0x1, 0x0, 0x6, "855e6ac70b47fcfcdb005e9876e84f0200", 0x4, 0xe4})
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$EXT4_IOC_MOVE_EXT(r4, 0xc028660f, &(0x7f0000000480)={0x0, r7, 0x100000000009, 0x100000000, 0xd61})
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r9, r8, 0x0, 0x209)
r10 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r10, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(xts-camellia-aesni,sm3-generic)\x00'}, 0x58)
r11 = socket$inet6_sctp(0xa, 0x1, 0x84)
r12 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r12, 0x84, 0x1d, &(0x7f0000000680)=ANY=[@ANYBLOB="77e1dd8764fb191a16232c7449de958efe2745b0fe8ae1e982f5ed5e2194ffc12d6a6ec3a022c52447cd655981705d35e574f09dda275277dc846ca4df25eb70913befbce67c1bf5d2e2a44f43222e2801f52633865d2e5cefb2897bb6620ab7e784f41f6d5cd19cc0b773ece00200db", @ANYRES32=<r13=>0x0], &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r11, 0x84, 0x22, &(0x7f0000002680)={0x0, 0x0, 0x0, 0x0, r13}, &(0x7f00000026c0)=0x10)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f0000000540)={0x5, 0x7ff, 0x8008, 0x5256, 0x7fffffff, 0x80, 0x9fe3, 0x409a, <r14=>r13}, &(0x7f0000000580)=0x20)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f00000005c0)={r14, 0x7, 0x30, 0x6, 0x9}, &(0x7f0000000600)=0x18)
setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r15 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r15, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r15, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$VIDIOC_TRY_EXT_CTRLS(r9, 0xc0205649, &(0x7f0000000140)={0x9c0000, 0x6, 0x401ff, <r16=>r15, 0x0, &(0x7f0000000100)={0x9a0906, 0x200, [], @p_u16=&(0x7f0000000640)=0x8001}})
r17 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r18 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r18, r17, 0x0, 0x209)
syz_kvm_setup_cpu$x86(r18, r16, &(0x7f00006f1000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000180)="c4a1d37c9f07000000420f23630f3805670066bad004ed36660f3880a54c3200000f01d1660f3882ab000000800f78ee260f225d640f2368", 0x38}], 0x0, 0x4c, &(0x7f0000000240), 0x0)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000080)={0x3f, 0x3, 0x4, 0x40, 0x1ff, {0x77359400}, {0x1, 0x0, 0xc0, 0x5, 0x7, 0x2, "c5d0c92d"}, 0x6, 0x4, @userptr=0x401, 0x3, 0x0, <r19=>r3})
r20 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nvram\x00', 0xdeed0a5260ae7ad, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r20, 0x2275, &(0x7f00000003c0)=0x80)
ioctl$UI_BEGIN_FF_ERASE(r19, 0xc00c55ca, &(0x7f0000000000)={0xd, 0x6, 0xfa})

[  998.036739] FAULT_INJECTION: forcing a failure.
[  998.036739] name failslab, interval 1, probability 0, space 0, times 0
[  998.053582] CPU: 0 PID: 21972 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[  998.061491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  998.070841] Call Trace:
[  998.073438]  dump_stack+0x142/0x197
[  998.077077]  should_fail.cold+0x10f/0x159
[  998.081266]  should_failslab+0xdb/0x130
[  998.085242]  kmem_cache_alloc+0x2d7/0x780
[  998.089376]  ? wait_for_completion+0x420/0x420
[  998.093944]  __kernfs_new_node+0x70/0x480
[  998.098080]  ? kernfs_activate+0x13a/0x190
[  998.102308]  kernfs_new_node+0x80/0xf0
[  998.106181]  __kernfs_create_file+0x46/0x323
[  998.110574]  sysfs_add_file_mode_ns+0x1e4/0x450
[  998.115228]  internal_create_group+0x232/0x7b0
[  998.119794]  sysfs_create_group+0x20/0x30
[  998.123923]  lo_ioctl+0x1162/0x1cd0
[  998.127533]  ? loop_probe+0x160/0x160
[  998.131314]  blkdev_ioctl+0x95f/0x1850
[  998.135180]  ? blkpg_ioctl+0x970/0x970
[  998.139051]  ? __might_sleep+0x93/0xb0
[  998.142920]  ? __fget+0x210/0x370
[  998.146358]  block_ioctl+0xde/0x120
[  998.149963]  ? blkdev_fallocate+0x3b0/0x3b0
[  998.154263]  do_vfs_ioctl+0x7ae/0x1060
[  998.158133]  ? selinux_file_mprotect+0x5d0/0x5d0
[  998.162867]  ? lock_downgrade+0x740/0x740
[  998.166994]  ? ioctl_preallocate+0x1c0/0x1c0
[  998.171384]  ? __fget+0x237/0x370
[  998.174822]  ? security_file_ioctl+0x89/0xb0
[  998.179213]  SyS_ioctl+0x8f/0xc0
[  998.182604]  ? do_vfs_ioctl+0x1060/0x1060
[  998.186734]  do_syscall_64+0x1e8/0x640
[  998.190604]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  998.195430]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  998.200597] RIP: 0033:0x45b207
[  998.203765] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  998.211454] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[  998.218701] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  998.226002] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[  998.233256] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[  998.240508] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000014
05:39:39 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r2, 0x0)

05:39:39 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
eventfd(0x5)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:39 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r8 = getpid()
tkill(r8, 0x9)
r9 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r10 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r10, r9, 0x0, 0x209)
perf_event_open(&(0x7f0000000540)={0x1, 0x70, 0x40, 0x3, 0x1, 0x8, 0x0, 0x3, 0x2020, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x10000, 0x5, @perf_config_ext={0x1000, 0x9}, 0x32114, 0x6, 0x5, 0x2, 0x5, 0x0, 0x3ff}, r8, 0x2, r10, 0x0)

05:39:39 executing program 3 (fault-call:0 fault-nth:21):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:39 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00')
sendmsg$DEVLINK_CMD_PORT_GET(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x84, r3, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}}]}, 0x84}, 0x1, 0x0, 0x0, 0xa96ed7ec6f26d745}, 0x10)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r4 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r4, r0, 0x0)

05:39:39 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 1000.603596] QAT: Invalid ioctl
[ 1000.604917] FAULT_INJECTION: forcing a failure.
[ 1000.604917] name failslab, interval 1, probability 0, space 0, times 0
[ 1000.622625] CPU: 1 PID: 22008 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1000.630534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1000.639891] Call Trace:
[ 1000.642490]  dump_stack+0x142/0x197
[ 1000.646133]  should_fail.cold+0x10f/0x159
[ 1000.650384]  should_failslab+0xdb/0x130
[ 1000.654361]  kmem_cache_alloc_trace+0x2e9/0x790
[ 1000.659050]  ? kernfs_put+0x35e/0x490
[ 1000.662853]  ? sysfs_add_file_mode_ns+0x1e4/0x450
[ 1000.667698]  ? devm_device_remove_groups+0x50/0x50
[ 1000.672630]  kobject_uevent_env+0x208/0xc80
[ 1000.676950]  ? internal_create_group+0x49a/0x7b0
[ 1000.681699]  kobject_uevent+0x20/0x30
[ 1000.685498]  lo_ioctl+0x11d3/0x1cd0
[ 1000.689115]  ? loop_probe+0x160/0x160
[ 1000.692898]  blkdev_ioctl+0x95f/0x1850
[ 1000.696770]  ? blkpg_ioctl+0x970/0x970
[ 1000.700650]  ? __might_sleep+0x93/0xb0
[ 1000.704519]  ? __fget+0x210/0x370
[ 1000.707962]  block_ioctl+0xde/0x120
[ 1000.711575]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1000.715878]  do_vfs_ioctl+0x7ae/0x1060
[ 1000.719748]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1000.724484]  ? lock_downgrade+0x740/0x740
[ 1000.728617]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1000.733012]  ? __fget+0x237/0x370
[ 1000.736459]  ? security_file_ioctl+0x89/0xb0
[ 1000.740862]  SyS_ioctl+0x8f/0xc0
[ 1000.744212]  ? do_vfs_ioctl+0x1060/0x1060
[ 1000.748350]  do_syscall_64+0x1e8/0x640
[ 1000.752220]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1000.757051]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1000.762240] RIP: 0033:0x45b207
[ 1000.765418] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1000.773112] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1000.780373] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1000.787628] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1000.794878] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
05:39:39 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r2, 0x0)

[ 1000.802137] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000015
05:39:39 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r8 = getpid()
tkill(r8, 0x9)
r9 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r10 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r10, r9, 0x0, 0x209)

05:39:39 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:39:39 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem\x00', 0xd0001, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x209)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvme-fabrics\x00', 0x412401, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r5, r4, 0x0, 0x209)
ioctl$MON_IOCQ_URB_LEN(r4, 0x9201)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
read$alg(r6, &(0x7f00000003c0)=""/4096, 0x1000)
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
ioctl$SG_GET_SCSI_ID(r2, 0x2276, &(0x7f0000000140))
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r9, r8, 0x0, 0x209)
r10 = socket$inet6(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r10, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r11=>0x0})
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580)='batadv\x00')
sendmsg$BATADV_CMD_GET_DAT_CACHE(r12, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, r13, 0x31905e13403123b7, 0x0, 0x0, {0x9, 0x0, 0xf000}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r11}]}, 0x1c}}, 0x0)
sendmsg$BATADV_CMD_SET_VLAN(r8, &(0x7f00000013c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, r13, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x6}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xfff}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x4040)
dup3(r7, r0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)

05:39:39 executing program 3 (fault-call:0 fault-nth:22):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[ 1000.921657] QAT: Invalid ioctl
05:39:39 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:39:39 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, r0, 0x0, 0x209)
write$P9_RREMOVE(r1, &(0x7f0000000000)={0x7, 0x7b, 0x1}, 0x7)
r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0)
ioctl$ASHMEM_SET_NAME(r2, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r3 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r3, r2, 0x0)

[ 1001.002666] FAULT_INJECTION: forcing a failure.
[ 1001.002666] name failslab, interval 1, probability 0, space 0, times 0
[ 1001.023173] audit: type=1800 audit(2844653979.525:119): pid=22027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.0" name="bus" dev="sda1" ino=17678 res=0
[ 1001.071500] CPU: 1 PID: 22032 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1001.079412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1001.088766] Call Trace:
[ 1001.091373]  dump_stack+0x142/0x197
[ 1001.095017]  should_fail.cold+0x10f/0x159
[ 1001.099183]  should_failslab+0xdb/0x130
[ 1001.103163]  __kmalloc+0x2f0/0x7a0
[ 1001.106710]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 1001.112169]  ? kobject_uevent_env+0x208/0xc80
[ 1001.116674]  ? rcu_read_lock_sched_held+0x110/0x130
05:39:39 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
clock_gettime(0x0, &(0x7f00000000c0)={<r2=>0x0, <r3=>0x0})
ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000100)={0x8, 0x8, 0x4, 0x70000, 0x3, {r2, r3/1000+10000}, {0x2, 0xc, 0x0, 0x20, 0x40, 0x7f, "6ecb41d0"}, 0x7fffffff, 0x1, @offset=0x5, 0x100, 0x0, <r4=>r1})
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r4, 0xc0a85320, &(0x7f00000003c0)={{0x3, 0x8}, 'port1\x00', 0x51, 0x1d0c00, 0x4, 0x0, 0xffffffff, 0x3, 0x1000, 0x0, 0x6, 0x20})
openat$audio1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio1\x00', 0x101000, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
dup3(r5, r0, 0x0)

[ 1001.121694]  ? kobject_get_path+0xba/0x190
[ 1001.125940]  kobject_get_path+0xba/0x190
[ 1001.130007]  kobject_uevent_env+0x22c/0xc80
[ 1001.134332]  ? internal_create_group+0x49a/0x7b0
[ 1001.139098]  kobject_uevent+0x20/0x30
[ 1001.142905]  lo_ioctl+0x11d3/0x1cd0
[ 1001.146544]  ? loop_probe+0x160/0x160
[ 1001.150352]  blkdev_ioctl+0x95f/0x1850
[ 1001.154245]  ? blkpg_ioctl+0x970/0x970
[ 1001.158137]  ? perf_trace_lock+0x109/0x500
[ 1001.162387]  ? __might_sleep+0x93/0xb0
[ 1001.166279]  ? __fget+0x210/0x370
[ 1001.169735]  block_ioctl+0xde/0x120
[ 1001.173350]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1001.177658]  do_vfs_ioctl+0x7ae/0x1060
[ 1001.181531]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1001.186279]  ? lock_downgrade+0x740/0x740
[ 1001.190412]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1001.194810]  ? __fget+0x237/0x370
[ 1001.198257]  ? security_file_ioctl+0x89/0xb0
[ 1001.202652]  SyS_ioctl+0x8f/0xc0
[ 1001.206002]  ? do_vfs_ioctl+0x1060/0x1060
[ 1001.210141]  do_syscall_64+0x1e8/0x640
[ 1001.214008]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1001.218840]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1001.224010] RIP: 0033:0x45b207
[ 1001.227180] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1001.234871] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1001.242125] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1001.249380] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1001.256630] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1001.263880] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000016
05:39:42 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:39:42 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x4, 0x2)
epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)

05:39:42 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0xffffffff)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:42 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r8 = getpid()
tkill(r8, 0x9)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)

05:39:42 executing program 3 (fault-call:0 fault-nth:23):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:42 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 1003.627395] FAULT_INJECTION: forcing a failure.
[ 1003.627395] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1003.639235] CPU: 0 PID: 22057 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1003.647117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1003.653455] QAT: Invalid ioctl
[ 1003.656584] Call Trace:
[ 1003.656606]  dump_stack+0x142/0x197
[ 1003.656627]  should_fail.cold+0x10f/0x159
[ 1003.656643]  __alloc_pages_nodemask+0x1d6/0x7a0
[ 1003.656657]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1003.656678]  cache_grow_begin+0x80/0x400
[ 1003.656695]  kmem_cache_alloc_trace+0x6b2/0x790
[ 1003.656710]  ? kernfs_put+0x35e/0x490
[ 1003.692356]  ? devm_device_remove_groups+0x50/0x50
[ 1003.697276]  kobject_uevent_env+0x208/0xc80
[ 1003.701585]  ? internal_create_group+0x49a/0x7b0
[ 1003.706336]  kobject_uevent+0x20/0x30
[ 1003.710123]  lo_ioctl+0x11d3/0x1cd0
[ 1003.713740]  ? loop_probe+0x160/0x160
[ 1003.717530]  blkdev_ioctl+0x95f/0x1850
[ 1003.721402]  ? blkpg_ioctl+0x970/0x970
[ 1003.725279]  ? __might_sleep+0x93/0xb0
[ 1003.729161]  ? __fget+0x210/0x370
[ 1003.732602]  block_ioctl+0xde/0x120
[ 1003.736210]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1003.740517]  do_vfs_ioctl+0x7ae/0x1060
[ 1003.744416]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1003.749177]  ? lock_downgrade+0x740/0x740
[ 1003.753315]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1003.757716]  ? __fget+0x237/0x370
[ 1003.761164]  ? security_file_ioctl+0x89/0xb0
[ 1003.765564]  SyS_ioctl+0x8f/0xc0
[ 1003.768930]  ? do_vfs_ioctl+0x1060/0x1060
[ 1003.773070]  do_syscall_64+0x1e8/0x640
[ 1003.776959]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1003.781792]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1003.786966] RIP: 0033:0x45b207
[ 1003.790141] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1003.797849] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1003.805103] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1003.812358] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1003.819611] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
05:39:42 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:39:42 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
set_tid_address(&(0x7f0000000280))
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$VIDIOC_STREAMON(r1, 0x40045612, &(0x7f00000000c0)=0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f00000003c0)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x14<>8b\xb9G\xbb\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5u\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x00\x00\x00\x80\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = memfd_create(&(0x7f0000006f00), 0x1)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
ioctl$SIOCX25CALLACCPTAPPRV(0xffffffffffffffff, 0x89e8)
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r3, 0x0, 0x209)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000140)={'#! ', './bus', [{0x20, '/dev/ashmem\x00'}, {}, {0x20, '(!'}, {0x20, 'wlan0'}, {0x20, '(md5sum'}, {0x20, 'vboxnet0#^GPLxwlan0user'}], 0xa, "4cf3fa4909e2c14b8b435841a28f60fca861da724b7d5d471c6d14bb275be29ed8d3f0ad45a87a8cd86bf8045faeae49be1695f16f4100e4b71b28f413d3e05838c10f55ef5e33b96545fe3db695b3b60c0b40b2ee035e567b8a7f6d63d752c525aefd97b217bd518629b575c26668c3ea459f7fe2d02d517a7d8305afb48bffa7dbaf87f208510478e3691840a69f197ba60f9ae3788fb7e29e384b8d4f3a1b0516ee74fd123c026f857a40c1fd97860b4795f4dae4a7a731e8832ab559426a7b94990a6306b0a39344b3ed12a6a23918b706a3f86cad6ba3d414b2b676f15999f7c79266171966938d"}, 0x12a)
ioctl$TUNSETVNETHDRSZ(r4, 0x400454d8, &(0x7f0000000000)=0x7684d7c3)
dup3(r2, r0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
dup2(r0, r5)
bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
recvmmsg(r5, &(0x7f00000078c0)=[{{&(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000340)=""/11, 0xb}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000001500)=""/188, 0xbc}, {&(0x7f00000015c0)=""/220, 0xdc}], 0x4, &(0x7f00000016c0)=""/65, 0x41}, 0x40}, {{&(0x7f0000001740)=@alg, 0x80, &(0x7f00000018c0)=[{&(0x7f0000002040)=""/4096, 0x1000}, {&(0x7f00000017c0)=""/234, 0xea}], 0x2, &(0x7f0000001900)=""/166, 0xa6}, 0x9}, {{&(0x7f00000019c0)=@in={0x2, 0x0, @loopback}, 0x80, &(0x7f0000001cc0)=[{&(0x7f0000001a40)=""/57, 0x39}, {&(0x7f0000001a80)=""/237, 0xed}, {&(0x7f0000001b80)=""/25, 0x19}, {&(0x7f0000003040)=""/4096, 0x1000}, {&(0x7f0000001bc0)=""/93, 0x5d}, {&(0x7f0000001c40)=""/36, 0x24}, {&(0x7f0000001c80)=""/43, 0x2b}], 0x7, &(0x7f0000001d40)=""/83, 0x53}, 0x8000}, {{0x0, 0x0, &(0x7f0000004040)=[{&(0x7f0000001dc0)=""/165, 0xa5}, {&(0x7f0000001e80)=""/72, 0x48}, {&(0x7f0000001f00)=""/233, 0xe9}], 0x3, &(0x7f0000004080)=""/12, 0xc}, 0x2}, {{&(0x7f00000040c0)=@rc, 0x80, &(0x7f0000004200)=[{&(0x7f0000004140)=""/129, 0x81}], 0x1, &(0x7f0000004240)=""/111, 0x6f}, 0x93}, {{&(0x7f00000042c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000004500)=[{&(0x7f0000004340)=""/113, 0x71}, {&(0x7f00000043c0)=""/147, 0x93}, {&(0x7f0000004480)=""/69, 0x45}], 0x3, &(0x7f0000004540)=""/4096, 0x1000}, 0xa92a}, {{&(0x7f0000005540)=@nl, 0x80, &(0x7f0000005700)=[{&(0x7f00000055c0)=""/73, 0x49}, {&(0x7f0000005640)=""/191, 0xbf}], 0x2, &(0x7f0000005740)=""/23, 0x17}, 0x80000001}, {{&(0x7f0000005780)=@tipc=@name, 0x80, &(0x7f0000006940)=[{&(0x7f0000005800)=""/60, 0x3c}, {&(0x7f0000005840)=""/160, 0xa0}, {&(0x7f0000005900)=""/9, 0x9}, {&(0x7f0000005940)=""/4096, 0x1000}], 0x4, &(0x7f0000006980)=""/145, 0x91}, 0x2}, {{0x0, 0x0, &(0x7f0000006f40)=[{&(0x7f0000006a40)=""/70, 0x46}, {&(0x7f0000006ac0)=""/227, 0xe3}, {&(0x7f0000006bc0)=""/246, 0xf6}, {&(0x7f0000006cc0)=""/91, 0x5b}, {&(0x7f0000006d40)=""/44, 0x2c}, {&(0x7f0000006d80)=""/143, 0x8f}, {&(0x7f0000006e40)=""/164, 0xa4}, {&(0x7f0000006f00)}], 0x8, &(0x7f0000006fc0)=""/182, 0xb6}, 0x6}, {{&(0x7f0000007080)=@isdn, 0x80, &(0x7f0000007700)=[{&(0x7f0000007100)=""/92, 0x5c}, {&(0x7f0000007180)=""/35, 0x23}, {&(0x7f00000071c0)=""/243, 0xf3}, {&(0x7f00000072c0)=""/70, 0x46}, {&(0x7f0000007340)=""/23, 0x17}, {&(0x7f0000007380)=""/176, 0xb0}, {&(0x7f0000007440)=""/157, 0x9d}, {&(0x7f0000007500)=""/137, 0x89}, {&(0x7f00000075c0)=""/207, 0xcf}, {&(0x7f00000076c0)=""/16, 0x10}], 0xa, &(0x7f00000077c0)=""/249, 0xf9}, 0x1}], 0xa, 0x10003, &(0x7f0000007b40)={0x0, 0x1c9c380})

[ 1003.826866] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000017
05:39:42 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

[ 1003.921706] audit: type=1800 audit(2844653982.424:120): pid=22065 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.0" name="bus" dev="sda1" ino=16889 res=0
05:39:42 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r8 = getpid()
tkill(r8, 0x9)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)

05:39:42 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$VIDIOC_TRY_EXT_CTRLS(r2, 0xc0205649, &(0x7f00000001c0)={0x3b0004, 0x7, 0x4, <r3=>r0, 0x0, &(0x7f0000000180)={0x98090f, 0x9, [], @p_u32=&(0x7f0000000000)=0x8}})
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r3, 0xc0406618, &(0x7f0000000200)={{0x0, 0x0, @descriptor="8f0e00771e656e86"}})
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r4 = memfd_create(&(0x7f0000000080)='\x00`\xe8I\xcd\xa6\xed\xd6\xc6g\xe74+\xb9\xf2\xf5\xd8M\xb0\x992\xfd\x01\x8f\x14\x1c\xf3\xe9]}\xbe\xd2B:\xf0\x0eP\x86\xadH;\x03->\xf7\x1e\a\x13\xc35\x92@\xe96\xf6\xc0\x94\x04\xafg\xd0k+\xd3t\n\xf9?\r\'/a#\xd9oA\x88e\x8e\xb6m\xfdT?\x80\xedr\x83J#\xc3\x0f\xa1\xca\xc7]\xc3A\'I\xaf.\xe2Y \xa8\x82u\xe2\xa1\x90?\xcd\xdf\xdc^\x03s\x80+\xc7bk%_\xad6t\x7fz\x8a\xc7\xe6c\x0f\xdc\xd9\xe0\xe3K\xe8\xe3\xd9\xf5\x93\x88\x04\x92\xb5\xc3$M\x1f\xdb\xed)>\x9aB.\x8a\xd3\xbeLA\xe9\xe5\xf5\xf0/\xfd\xee\x10\x86\xe0D\x1b\xe5U\x12\x94Q\xd2\xdd\xb85\x16U\x16t\xb7\xdf\x03o\xa2,\xaf\xf8\xf7\xf2\x93\x11\xf8\xd9\x00\x00\x00\x00', 0x0)
dup3(r4, r0, 0x80000)

05:39:42 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:39:42 executing program 3 (fault-call:0 fault-nth:24):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:42 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

[ 1004.076797] QAT: Invalid ioctl
[ 1004.095590] FAULT_INJECTION: forcing a failure.
[ 1004.095590] name failslab, interval 1, probability 0, space 0, times 0
[ 1004.111148] CPU: 1 PID: 22095 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1004.119054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1004.128406] Call Trace:
[ 1004.131005]  dump_stack+0x142/0x197
[ 1004.134647]  should_fail.cold+0x10f/0x159
[ 1004.138806]  should_failslab+0xdb/0x130
[ 1004.142784]  __kmalloc+0x2f0/0x7a0
[ 1004.146325]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 1004.151774]  ? kobject_uevent_env+0x208/0xc80
[ 1004.156265]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1004.161266]  ? kobject_get_path+0xba/0x190
[ 1004.165488]  kobject_get_path+0xba/0x190
[ 1004.169535]  kobject_uevent_env+0x22c/0xc80
[ 1004.173840]  ? internal_create_group+0x49a/0x7b0
[ 1004.178587]  kobject_uevent+0x20/0x30
[ 1004.182370]  lo_ioctl+0x11d3/0x1cd0
[ 1004.185986]  ? loop_probe+0x160/0x160
[ 1004.189772]  blkdev_ioctl+0x95f/0x1850
[ 1004.193645]  ? blkpg_ioctl+0x970/0x970
[ 1004.197519]  ? perf_trace_lock+0x109/0x500
[ 1004.201745]  ? __might_sleep+0x93/0xb0
[ 1004.205615]  ? __fget+0x210/0x370
[ 1004.209059]  block_ioctl+0xde/0x120
[ 1004.212674]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1004.216982]  do_vfs_ioctl+0x7ae/0x1060
[ 1004.220856]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1004.225595]  ? lock_downgrade+0x740/0x740
[ 1004.229726]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1004.234121]  ? __fget+0x237/0x370
[ 1004.237566]  ? security_file_ioctl+0x89/0xb0
[ 1004.241962]  SyS_ioctl+0x8f/0xc0
[ 1004.245310]  ? do_vfs_ioctl+0x1060/0x1060
[ 1004.249444]  do_syscall_64+0x1e8/0x640
[ 1004.253320]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1004.258156]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1004.263325] RIP: 0033:0x45b207
[ 1004.266502] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
05:39:42 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$ASHMEM_SET_NAME(r1, 0x40087708, &(0x7f0000000080)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q\b\x00-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea\x00\x00\x00\x00')
pwritev(r1, &(0x7f0000000640)=[{&(0x7f0000000300)="4112b99698a834004734fbb28d8b969333d11c58e9d76e38482a5966156f48e006eb3c02853ac22ca6904feec5d595722ad78b51579743f84b2c0b9b85cfa33048003cdf91570ed7fef89726e46c07155d709ea479527e52fb40e133d71b0ac3c49c005ad5ec59a4435dfc1e1b717e2033e174f2870df48c75b7920df5c6efee13ac4a6f9d7806c6c37322c5361a3f60321b98042a38bd749e088a884942f8cc9721e1ca7e632a6361aeff2cfccd", 0xae}, {&(0x7f00000003c0)="d9240e7827a195694464e34076d81291af1ff6093423b89454dc26a3d80894c2b6ad5bec0e7b69e23620f22559ea0efbb04f9b63ef68a6bd23a1cf05952278ed6879dcf5981ed4d0b7f53d82f6323ed68da7b9a702101d9ae9549182090ebe3e0aaa701d6447406c69aeac5a0a97e928c3584711f127331b34ac9cec4fb33584b22ff5016aced842f7b171ba2163b6a14ec1f471d768e29760bf9cadd09221f266dd69e8c28066862b030b3a902e122aeb9c270e6e340a5462e7c21b2a2052b1e5e0bc9aff217e7aa936d44bad7f8eac8f03a33bdb8bc798cca0bf1dd9bc4a6768b1866917294711f663ca4525fa", 0xee}, {&(0x7f00000004c0)="e48f3e288578aa8e8a202ec2cb81c9b3b51d841313cf44733f2ea67830f5a9baf0039ca3bce30dcd69dc88fdb39d02f6439014031a3cd94d17c53f5f964f4d06d09930a2c4e078aef3822a5ae62bab4a0d85549246a0834fe3ebd611f4199ec84a56a70126ef199005278841c1697dc5c20100768d1bcfaa6ce2bad4992942fa41014e285e52c9e319c3dc8dab8de9c773618db4c5871631397eeb0fc5e2d32ad01d2626c7af6a9f32636903eec336ebc5aac9af0ad543a41eb268dd7ed334abfc75121dc3c89b82de9197d02462e3464385ff7ca77c35aec9fd32640b273dede865f75c2cc70eca97fbaae0", 0xec}, {&(0x7f00000005c0)="37e15b3a7fd3d7f4a368258ec009054ba34843de78ee283fa91d48374c3b586920905ee2bd7b80b98cc2613b3986901dc90e8b0addb8562c40915aa0249963d61eac77119030329b9fda5ea378ecc6494d66e0091acaddb0fb124edf7ec0c96be50afad2ed", 0x65}], 0x4, 0xfffffffffffffffd)
r3 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0)='nl80211\x00')
sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xc7b21ffd5bd36d25}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x6c, r4, 0x8, 0x70bd25, 0x25dfdbff, {}, [@NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @local}, @NL80211_ATTR_MAC={0xa, 0x6, @local}, @NL80211_ATTR_KEY_TYPE={0x8}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x8, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x18, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000800)
dup3(r3, r0, 0x0)

[ 1004.274196] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1004.281449] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1004.288702] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1004.295956] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1004.303209] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000018
05:39:45 executing program 3 (fault-call:0 fault-nth:25):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:45 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:39:45 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r8 = getpid()
tkill(r8, 0x9)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')

05:39:45 executing program 1:
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ocfs2_control\x00', 0x8000, 0x0)
r1 = dup(r0)
r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffe)
ioctl$KVM_DIRTY_TLB(0xffffffffffffffff, 0x4010aeaa, &(0x7f0000000000)={0xccb, 0x18400000})
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000100)={0xf4c3, 0x1, {0x1, 0x0, 0x404, 0x2, 0x401}, 0x9})
ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000701000/0x4000)=nil, 0x4000, 0x0, 0x10010, r0, 0x248ed000)
r5 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f00000001c0)={0x1, 0x0, 0x102, 0x4, {0xffff, 0xa13, 0x2, 0x40}})
r6 = syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x9, 0x201)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r6, 0xc0984124, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
dup3(r5, r2, 0x0)

05:39:45 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:45 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

[ 1006.696279] QAT: Invalid ioctl
05:39:45 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
r3 = openat(r1, &(0x7f0000000000)='./file0\x00', 0x680000, 0xe0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000002700)={{{@in6=@dev, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@loopback}, 0x0, @in=@loopback}}, &(0x7f0000002800)=0xe8)
recvfrom$packet(r3, &(0x7f0000000080)=""/190, 0xbe, 0x41, &(0x7f0000002840)={0x11, 0x9, r4, 0x1, 0xff, 0x6, @local}, 0x14)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r5 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r5, r0, 0x0)

[ 1006.721811] FAULT_INJECTION: forcing a failure.
[ 1006.721811] name failslab, interval 1, probability 0, space 0, times 0
[ 1006.762906] CPU: 0 PID: 22122 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1006.770825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1006.780184] Call Trace:
[ 1006.782782]  dump_stack+0x142/0x197
[ 1006.786430]  should_fail.cold+0x10f/0x159
[ 1006.790586]  should_failslab+0xdb/0x130
[ 1006.794572]  kmem_cache_alloc_node_trace+0x280/0x770
[ 1006.799683]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 1006.805143]  __kmalloc_node_track_caller+0x3d/0x80
[ 1006.810086]  __kmalloc_reserve.isra.0+0x40/0xe0
[ 1006.814766]  __alloc_skb+0xcf/0x500
[ 1006.818393]  ? skb_trim+0x180/0x180
[ 1006.822021]  ? netlink_has_listeners+0x20a/0x330
[ 1006.826788]  kobject_uevent_env+0x6ea/0xc80
[ 1006.831106]  ? internal_create_group+0x49a/0x7b0
[ 1006.835854]  kobject_uevent+0x20/0x30
[ 1006.839639]  lo_ioctl+0x11d3/0x1cd0
[ 1006.843252]  ? loop_probe+0x160/0x160
[ 1006.847055]  blkdev_ioctl+0x95f/0x1850
[ 1006.850943]  ? blkpg_ioctl+0x970/0x970
[ 1006.854834]  ? perf_trace_lock+0x109/0x500
[ 1006.859057]  ? __might_sleep+0x93/0xb0
[ 1006.862937]  ? __fget+0x210/0x370
[ 1006.866377]  block_ioctl+0xde/0x120
[ 1006.869986]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1006.874298]  do_vfs_ioctl+0x7ae/0x1060
[ 1006.878187]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1006.882929]  ? lock_downgrade+0x740/0x740
[ 1006.887069]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1006.891497]  ? __fget+0x237/0x370
[ 1006.894941]  ? security_file_ioctl+0x89/0xb0
[ 1006.899346]  SyS_ioctl+0x8f/0xc0
[ 1006.902712]  ? do_vfs_ioctl+0x1060/0x1060
[ 1006.906851]  do_syscall_64+0x1e8/0x640
[ 1006.910744]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1006.915594]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1006.920782] RIP: 0033:0x45b207
[ 1006.923960] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1006.931656] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1006.938909] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1006.946163] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1006.953419] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1006.960672] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000019
05:39:45 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, 0x0, 0x0)
dup3(r2, r3, 0x0)

05:39:45 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
getuid()
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:39:45 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff, &(0x7f0000000340)="0e7cce99e4e9baf4e60c7a3eee58f725fa73b75a8ca5933738421d35cd20e3156aacb0fa5caf65150df97616c3616fd9649473dde2573645d4e9b06aa89f7d5973fb9f0b60c4a8501e919df09f7c4ed27dec0237b6c16942db32f8372a3e641ca0c9349733a5105ba5d0fbcf528d998d976721b2db20", 0x76}])
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, r0, 0x0, 0x209)
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$setpipe(r2, 0x407, 0x0)
write(r2, &(0x7f0000000340), 0x41395527)
r3 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000003c0)='/selinux/mls\x00', 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
preadv(r4, &(0x7f0000000280)=[{&(0x7f0000000180)=""/37, 0x25}, {&(0x7f0000000240)}], 0x2, 0x4)
ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0106426, &(0x7f0000000440)={0x2, &(0x7f0000000400)=[{}, {<r5=>0x0}]})
ioctl$DRM_IOCTL_DMA(r3, 0xc0406429, &(0x7f0000000580)={r5, 0x3, &(0x7f0000000480)=[0x4, 0x1fb, 0x7], &(0x7f00000004c0)=[0xf4a, 0x2, 0x0, 0x3ff, 0x2, 0x7, 0x5], 0x60, 0x1, 0x400, &(0x7f0000000500)=[0x9], &(0x7f0000000540)=[0x200]})
ioctl$DRM_IOCTL_LOCK(r0, 0x4008642a, &(0x7f0000000000)={r5, 0x2})
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f00000005c0)="0a0775e5361b8c700941be67601bdbbc898a87aae408000000000000000000a785b9db82ca88b6e1665389e4b5c18933b37ae411e0c6f4b96d074b1857523d9e5261a15da9de34990ce68e2348cacc546f61db90cb9a61dde207d3f691cd9d86a03b500cdf5566fad491f2db50cd43111c877ab2ff762ca16a0acfa1b7ecffe60ad49473fe91bce2d0a903d6bbcaf4f48a1967ea993034b66df07e0f1a8edaa914dd848c6e93ded506662b25b4ef59cfd6ff310057133812bbf6fb52ef09a0379a555db378ad54b62384d3a925eef6a0c5c35583d2d682849018f46a6ff1d774a9a29deca394f7560c78598b9f1f12a5ff7855799e5629efb03582dc49663172952a0a21f90a0da731e7ade3bc0b4e8da75098d80261c7300273e5d4385836fc90ef2a33c2560ba5fda57b9f17146bcc7e1c52f1dc7f5da95c19b2317875607af701267f04fc3943ac329f353e46b731ae78dd103999b2aa5e924c41b958837d725a25aa24b3183f08f71995fc77adc863dedd8e410dba4a8ed29b6c7ca4009ca6f5000f74a2472eabcbd74b8999a0b32a50549fae0b4db1bb1ca9b09d947a9e65f9210136202d741e90a350025adfa340c0ea07be6bf35dea291a7cb941a470433a90bbf5b52c7d8478782052dcc26c3ca2baf483b313a745fd95b28f2f8546b5ff82", 0x1e3)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r6, 0x40106614, &(0x7f0000000040))
clone(0x148100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r7 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0x11, 0x2, 0x0)
bind(r9, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r9, &(0x7f0000000040)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r10}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@remote, 0x154, r10})
ptrace$setopts(0x4206, r7, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000001a00)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/57, 0x39}, {&(0x7f00000007c0)=""/51, 0x33}, {&(0x7f0000000800)=""/47, 0x2f}, {&(0x7f0000000840)=""/252, 0xfc}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f0000001940)=""/186, 0xba}], 0x8, 0x0, 0x0, 0x0)
tkill(r7, 0x3c)
ptrace$setregs(0xd, r7, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r7, 0x0, 0x0)

05:39:45 executing program 3 (fault-call:0 fault-nth:26):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:45 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, 0x0, 0x0)
dup3(r2, r3, 0x0)

05:39:45 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r8 = getpid()
tkill(r8, 0x9)

05:39:45 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
socket$inet6_dccp(0xa, 0x6, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:39:45 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, 0x0, 0x0)
dup3(r2, r3, 0x0)

05:39:45 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
r1 = getpid()
tkill(r1, 0x9)
r2 = openat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x206081, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000340)={0xdf2, 0x6, 0x4, 0x4, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000380)={0x6, 0x4, 0x2, 0x1000, r3})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280)={0x0, <r4=>0x0})
capget(&(0x7f0000000180)={0x19980330, r4}, &(0x7f0000000240)={0xffffff53, 0x2, 0x2, 0x9f, 0xde, 0x5})
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/dlm-control\x00', 0x82, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r7, r6, 0x0, 0x209)
ioctl$SIOCRSSCAUSE(r7, 0x89e1, &(0x7f0000000400)=0x7)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$FS_IOC_GETVERSION(r5, 0x80087601, &(0x7f0000000000))

[ 1007.250504] QAT: Invalid ioctl
[ 1007.250746] FAULT_INJECTION: forcing a failure.
[ 1007.250746] name failslab, interval 1, probability 0, space 0, times 0
[ 1007.285310] CPU: 0 PID: 22155 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1007.293211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1007.302556] Call Trace:
[ 1007.305149]  dump_stack+0x142/0x197
[ 1007.308777]  should_fail.cold+0x10f/0x159
[ 1007.312916]  should_failslab+0xdb/0x130
[ 1007.316878]  kmem_cache_alloc_node_trace+0x280/0x770
[ 1007.321982]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 1007.327435]  __kmalloc_node_track_caller+0x3d/0x80
[ 1007.332366]  __kmalloc_reserve.isra.0+0x40/0xe0
[ 1007.337026]  __alloc_skb+0xcf/0x500
[ 1007.340639]  ? skb_trim+0x180/0x180
[ 1007.344265]  ? netlink_has_listeners+0x20a/0x330
[ 1007.349013]  kobject_uevent_env+0x6ea/0xc80
[ 1007.353327]  kobject_uevent+0x20/0x30
[ 1007.357114]  lo_ioctl+0x11d3/0x1cd0
[ 1007.360730]  ? loop_probe+0x160/0x160
[ 1007.364519]  blkdev_ioctl+0x95f/0x1850
[ 1007.368393]  ? blkpg_ioctl+0x970/0x970
[ 1007.372275]  ? __might_sleep+0x93/0xb0
[ 1007.376149]  ? __fget+0x210/0x370
[ 1007.379593]  block_ioctl+0xde/0x120
[ 1007.383208]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1007.387515]  do_vfs_ioctl+0x7ae/0x1060
[ 1007.391386]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1007.396128]  ? lock_downgrade+0x740/0x740
[ 1007.400271]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1007.404670]  ? __fget+0x237/0x370
[ 1007.408117]  ? security_file_ioctl+0x89/0xb0
[ 1007.412513]  SyS_ioctl+0x8f/0xc0
[ 1007.415866]  ? do_vfs_ioctl+0x1060/0x1060
[ 1007.420002]  do_syscall_64+0x1e8/0x640
[ 1007.423874]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1007.428714]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1007.433886] RIP: 0033:0x45b207
[ 1007.437060] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1007.444755] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1007.452014] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1007.459279] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1007.466533] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1007.473786] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000001a
[ 1007.562226] audit: type=1800 audit(2844653986.052:121): pid=22158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.0" name="bus" dev="sda1" ino=17704 res=0
05:39:48 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:48 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
fcntl$addseals(r0, 0x409, 0xc)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000400)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbeqV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\xc7y\x9e\x19\xeecb\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q-v-<\r\xd1?$\x8b\x17yn\x17l\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcf\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98\t\x00\x00\x00\x00\x00\x00\x00\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xf8\xe1\xcaz\x96Io|\x93\xde\xd6B\xa6\x80\x87\xd5OE?5\xf4\xb4\xac\xb6XIA\xd8!\xf6\x9e\xfdi\xf1@\xa0\xc2\x02J\x85\xfbk\xf2$\x81\x7f7\f\xf5W6\xa8\xf1\xae\xe4\xc8e\xba\xa2\x87\x93\xe9q\xab\x1ez\xca\xb8\xc2\xd3\x91\x12\xd6dS4\xe0guF\x96\x01\xd2\xaa\xd6\x1b<\x86\x1a5\x99\xa4\x19=\x84\x83\xa9\xe9,\x81kF\x04a\x86$S\x02Y\xc8\xf8\xe6J\xd3\x8d_\xc9\xe4`9(\x8c\xees8\x1e\xf1\xe7\xbcR\x12,\xf7:\x90\x06B\xb6\x80\x91\xdf\xd9\xc9\xd3x\xb2\xa7lD)\x8e\x80\x11\xef\xd51C)X0t!hL0\r0\xe2\x15\xfc\xb8\xbb?\xb5\xa6\x1eg\xe0z\xa4N\xa1\r\x8fSHC\xbc\n\xc2\xda\xa0\xf3Cr\x1fD\xfa\x9e\x1a\xbf7\xbbjA\x05\x0e\x0fV\xd7j\x13\xfc\xf4\x04\xd7\xd7\x00\x00\x00\x00\x00\x00')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:39:48 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(0xffffffffffffffff, r3, 0x0)

05:39:48 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0xfffffffffffffffe, &(0x7f0000000240)="018068469041c517c2ff01000000000000be7757003717d0a4013630467be4cd43dc3fd740a88cf34e691c316578df426eb9b423dfd5f0c278537a6a2c71dcfbd6ddc3bde71a00597f1fe837b4ce3a87d0ac3a7354032d7a985564ec3876")
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:48 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
getpid()

05:39:48 executing program 3 (fault-call:0 fault-nth:27):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[ 1009.715270] FAULT_INJECTION: forcing a failure.
[ 1009.715270] name failslab, interval 1, probability 0, space 0, times 0
[ 1009.722423] QAT: Invalid ioctl
[ 1009.743479] CPU: 0 PID: 22179 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1009.751375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1009.760827] Call Trace:
[ 1009.763411]  dump_stack+0x142/0x197
[ 1009.767124]  should_fail.cold+0x10f/0x159
[ 1009.771270]  should_failslab+0xdb/0x130
[ 1009.775226]  kmem_cache_alloc_node+0x287/0x780
[ 1009.779824]  __alloc_skb+0x9c/0x500
[ 1009.783432]  ? skb_trim+0x180/0x180
[ 1009.787061]  ? netlink_has_listeners+0x20a/0x330
[ 1009.791818]  kobject_uevent_env+0x6ea/0xc80
[ 1009.796136]  kobject_uevent+0x20/0x30
[ 1009.799922]  lo_ioctl+0x11d3/0x1cd0
[ 1009.803539]  ? loop_probe+0x160/0x160
[ 1009.807326]  blkdev_ioctl+0x95f/0x1850
[ 1009.811196]  ? blkpg_ioctl+0x970/0x970
[ 1009.815074]  ? __might_sleep+0x93/0xb0
[ 1009.818944]  ? __fget+0x210/0x370
[ 1009.822384]  block_ioctl+0xde/0x120
[ 1009.825998]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1009.830307]  do_vfs_ioctl+0x7ae/0x1060
[ 1009.834179]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1009.838922]  ? lock_downgrade+0x740/0x740
[ 1009.843059]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1009.847462]  ? __fget+0x237/0x370
[ 1009.850907]  ? security_file_ioctl+0x89/0xb0
[ 1009.855303]  SyS_ioctl+0x8f/0xc0
[ 1009.858671]  ? do_vfs_ioctl+0x1060/0x1060
[ 1009.862807]  do_syscall_64+0x1e8/0x640
[ 1009.866676]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1009.871522]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1009.876694] RIP: 0033:0x45b207
[ 1009.879868] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1009.887564] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1009.894826] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1009.902093] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
05:39:48 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(0xffffffffffffffff, r3, 0x0)

05:39:48 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x1000002, 0x12, r1, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
ioctl$BINDER_SET_MAX_THREADS(r3, 0x40046205, &(0x7f0000000000)=0x1000)
r4 = memfd_create(&(0x7f00000003c0)='@\xff\a\x00\x00\x00\x00\x00\x00c\x170\x83\x90H\x7f\x00\x00\x00\x00\x81\xd2s\xf8\xa7J\x82\xdf\xfa\x9d\xa4\xae\x1f\xa6\xe6\xe1\xa6s3\xb4\x1c\xb6\x18T\xb9\xbd9\xca\x1c\xae \xe8\x03sNg\rm\xdaK.\x04\x85\xd7\xce\xf4E\":#\xca\xe3\xd5Z\xa0\x8a\xe7\a\x02\x04\x9d`\x88\x95\xed\xe6\xec\x95\xc8\x1f\xbf\x95Kd\xe4L\x8c\xc9q\x8eE\xed\xee?\x96|V\x9cK\xe0aE5\xa7\x97.\x05#\xee\xb0\x00\'\x90d\x7f\x97\x8c\x14\xf3*\x11=\x80`\x99\x94&\xef\a\xbef\xc4\x8ek\x8a$\xed\xbfVw\xd2\x184|)\x94\xe5\x16\t\x1e\xe9\xc7\x91. \xdb\xa8]\xcf\xdf\xb5!e).K>\xdaJ\xe3\xa71]\x898', 0x6)
dup3(r4, r0, 0x0)

[ 1009.909349] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1009.916607] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000001b
05:39:48 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(0xffffffffffffffff, r3, 0x0)

05:39:48 executing program 3 (fault-call:0 fault-nth:28):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:48 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)

05:39:48 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, 0xffffffffffffffff, 0x0)

[ 1010.133507] FAULT_INJECTION: forcing a failure.
[ 1010.133507] name failslab, interval 1, probability 0, space 0, times 0
[ 1010.153341] CPU: 0 PID: 22209 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1010.161242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1010.170593] Call Trace:
[ 1010.173191]  dump_stack+0x142/0x197
[ 1010.176833]  should_fail.cold+0x10f/0x159
[ 1010.181057]  should_failslab+0xdb/0x130
[ 1010.185100]  kmem_cache_alloc_node+0x287/0x780
[ 1010.189698]  __alloc_skb+0x9c/0x500
[ 1010.193330]  ? skb_trim+0x180/0x180
[ 1010.196960]  ? netlink_has_listeners+0x20a/0x330
[ 1010.201717]  kobject_uevent_env+0x6ea/0xc80
[ 1010.206048]  kobject_uevent+0x20/0x30
[ 1010.209847]  lo_ioctl+0x11d3/0x1cd0
[ 1010.213477]  ? loop_probe+0x160/0x160
[ 1010.217283]  blkdev_ioctl+0x95f/0x1850
[ 1010.221173]  ? blkpg_ioctl+0x970/0x970
[ 1010.225062]  ? __might_sleep+0x93/0xb0
[ 1010.228934]  ? __fget+0x210/0x370
[ 1010.232368]  block_ioctl+0xde/0x120
[ 1010.235983]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1010.240294]  do_vfs_ioctl+0x7ae/0x1060
[ 1010.244159]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1010.248893]  ? lock_downgrade+0x740/0x740
[ 1010.253019]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1010.257411]  ? __fget+0x237/0x370
[ 1010.260845]  ? security_file_ioctl+0x89/0xb0
[ 1010.265233]  SyS_ioctl+0x8f/0xc0
[ 1010.268579]  ? do_vfs_ioctl+0x1060/0x1060
[ 1010.272707]  do_syscall_64+0x1e8/0x640
[ 1010.276573]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1010.281403]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1010.286573] RIP: 0033:0x45b207
[ 1010.289741] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1010.297534] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1010.304787] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1010.312035] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1010.319292] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1010.326549] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000001c
[ 1010.355365] QAT: Invalid ioctl
05:39:51 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000000c0)={@local, 0x15})
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:51 executing program 3 (fault-call:0 fault-nth:29):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:51 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')

05:39:51 executing program 5:
r0 = getpid()
prctl$PR_SET_PTRACER(0x59616d61, r0)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r1 = gettid()
io_setup(0xfffffffe, &(0x7f0000000000)=<r2=>0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r5, r4, 0x0, 0x209)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r7 = open(&(0x7f0000000180)='./file0\x00', 0x18081, 0x48)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r9 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r10 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r10, r9, 0x0, 0x209)
r11 = openat$null(0xffffffffffffff9c, &(0x7f00000023c0)='/dev/null\x00', 0x28400, 0x0)
r12 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r13 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r13, r12, 0x0, 0x209)
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f00000025c0)={0x0, 0x7, 0x4, 0x100, 0x81, {0x77359400}, {0x4, 0xc, 0xd9, 0x20, 0x5, 0x1, "b18d5dc7"}, 0x6, 0x2, @fd=r13, 0x8000, 0x0, <r14=>0xffffffffffffffff})
r15 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r15, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r15, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r16 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
io_submit(r2, 0x6, &(0x7f0000002780)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x6, 0x6, r3, &(0x7f0000000240)="1f545844b3437276b33d965a63ffecd5869186623d91cbb4a2e40c4b81ed7a0f621f4fc8ce1d0f2a671a62b2f3ec4d8152288219a6fcac3a04dabe6a7d39ab9786882813a670298d6754d8f8626992e0dd289ffc8d6033204d34f1350d65bb14ee50b2b90a4934989e56fe4551b336c31d7277a9f277f5dd55fd15b9e7b78bff47dc6fa83dcbcb2b4997eedc15f071b2ea0b8992b878bc15e252c900d4f1f91ccb505379c3843950289e3b37df58084d6c7990f83896925fb603659996b51fe30998eb806411986f066772db1e6c67100221b2008a79ab3a1cd86aaee5f7ef34ff063145548ea80bb29d3a1b", 0xec, 0xca, 0x0, 0x2, r5}, &(0x7f0000001340)={0x0, 0x0, 0x0, 0x8, 0x9, r6, &(0x7f0000000340)="69c07e60abedec4c12648c70f621d8533f770e12b07a89c57be7d58594b96eafb252e3180fbd83c5d8a93bb82a8540e0b3d254cce851d9cdb85b0602f8a37edf01747116c4aacd30349dea9db0ef2bf4c5586144ad85ca46e73d2364003817441cf9fc9915f28630407ab7b2f42678b62e10171516fd3e9850b88be8f7b5d4cdca4d15295ea4cef116b08b3825f9d33d37c91fef9e7bda4e4feb6edf9386852e3a1207d92dfe0814020b1f2e68e532d30b171c33dbd9495198b33fba73c65a96c9f2de953f71ff83719929b9e7213702b1eeb009f28a79ea206e1527803f64316769f62f758aa7a53f2c3c9644b614a3d3700e50a978a90ece62af87d087d628a2f0e16abed0ab4a225db1702d0b35895351ef10fd7d7684e049e422fbf1203d05ad933b621fffb85116d7790377719989eff6fde25c33f9b82632044ab5ad40eb4ada8a68cf4e7ef74aff5a4305909c5f4db4757bbc56c69f97fb2842d5c9404dfa3bcb5125f1ead23add0a0c19f15e0881eab57a450b41fd473d272c9ea7d0fa873c5f1fea6e168f323c1b83c19010e45cdeb8f76a41b313eaf8ce57d182af67aaedf2d956558d7e6506042c92ca234321888286bd2d32a56ac10d69e832ed87d804e45eea27cba04ab05244034069188996d5f4d716eb6eee7d1686abdca33d5c2011270effcc723ee7040ae1037ebc6fc3b6c673032518a66d6a6a42304b569e47622e09c2c2f5973aa521abfa9c24db606c30c9c50cbdf1d444f925ee96aa663aea16294e0a10435479ce9075efbe260f8242b6534b80dcdc701f50f776205dd6944137e52d55fbdcc338b6e55b5cbf7ded6fa2967e6b3ac2ee9f76affa5ddead5f636808692a2c08f14a1b2809b75b0cec45daeb6dd2a7bf72c37bc8a4b1eb99fa72fd0be3ea39ff67ad6c7e5ba34f5424b0f9b72771963434bf01a092845672a262c49b7651fd87a8be82c54807c9ef9a78a49c3dcba2ca073d43d7e71c40ba9d750dee6dad5c1db533e19e61fe9eed1ae29c8278832b33a80719d10bb62eb2f47ac2c92c9cfa26a21059e9146c5c4cbe8c015d4eb8e01e7a8b8f0f3e90c349f0b4ce88063137d4d64f9c163b6373d2233b785a5b753451ae6c7b42c48e03719fde304d36a6e6aabc663127a0845a6f2c748f146e78256ad4b932c1dc58b455840ce95c9278bd73212734f3cbe62fae7f0ceb45b48f0482ac4a0fdf884c3e2a3cbd1bedb8dc1cabf0f9d400024c4ceeabdddaede9b20f4e03e36a582db64b976e0b45923c83a921c2ea34145294a7e97b56a6f7c30a1c3e4a1c5aad69a57dd9bdf4fe77af7270f1783a509e00df38ccee5eb98a3a0e4c26ca7e87c21242439440c0698f6e77a9acd6212ea2df6907f535e3804fecb5eb844953dbb299e83afe0d0450b312aac046b6699829b66794e6aa5ebb76dc1795c97d73930851be5a4f2615e28fdcb4bee54a0d56b3525f1946d0aee2012e71f2443dbe828a9d146757300d6343fba6258696b2ace45b4d24d86577f51cbb2523fd316743d565fca46b973b735c86ad602a74b5bdb07d4c1c6a1cf8100e7438e527dd64587f4a6a2e91dc89cfad3b4bcaaaa45845ab0463adab5a068328aaaab061a515e86aaa69863705d52be4fd2c06881c93595a1653c6cdd9255e911319601a4013e1ab35af6a3b2ab33cd34dbfe6e0770002b60a29236b495f8a7de2e9345e90eeea4afcde8d982f566722b566163e71e6a7917a6e4e2fda1aabd76116361c7051ead253cb03016733ee633a25b45331b6d23655e83c5eae07bc7724a8dff506b80a2aae0dd937496ff932c7da9f3e870039db101aadf4c7cab11f5b7e7ec6228ee43dcf9219b6bbdd9c4fae8b8ea7781f5ce3883c02823acd90dbc626d9cd8eb083b79b8a001852274122b8b64cc60d8b515742c24963f89999c21466cbdbb504c5fb4140950c1eea81173fab0dbb767a7a93e2be3c51cc54e32b23709d78161f9b093a07d54d898b53bace91546dc8d63d88ef05d9b3ab94e99a5d2396db424f5435b3cba94bdac381f109d08c82427407ad92645de94816f9f0635242922a86df8a0248535f29654c4359ff95245865efed9648cd3875094350d5c4b51922dc3ed547c505bd3a1fade75b0a37f906a5663c66fbb47f580e2bb26e5763fe708c633bdcd3c2f953ad7e6bea949a573056560a0ae7d9c79502fa3440130069bc0fc34c1d54afedb531591f96052a55e75131c3a7d6874f993c2d88059a0fd8fb53d2f6ccc23a0f868a80a286876d8f3726da3a1f3071ab770e9d1d394e7fca3aa094a2169c116f78da297577d34c16e80bb7185a5a8766ba01ebaf8832ef4b7af80418a84a166c5f3097dfd149f7342bc304f6575fdf3bc47ea70fdff28e86d50baca285937070ef1ff06f47bd4d0b91ffffd282cf35c544ebd1f62aeff869e69af35217c0f53a7218c4343c2dfce6eb7031e3eeb0f3ae65ac8df7ed0a603a3a40cf99561d80d20da1ee407cdb4cd2ac7b3655290e93dfe299b1c100bb25770de8509becd036df3294e178715437dbff72426e64ff3e0c59de2a61551ef32b461aa153e9977f081efd24af9a5652714f64a03dba6c8389086008ba35cd219ba7d124858faad8ef8288a067aebaed418fcd8a27de0921e9174302a44b667c734741518947f967ba1a704065f8d88c07ca737ba4bdc391d83a2af985f3f6996fa4cd4987aa7311434357509a3a17da676ad6dc8d55aacc503aef0b5e05aa1685e4ae7b9f815777316205a060c52bb89b112663ee65cef7680a88e205d61399030f56fa411318db54b0c50311a137aa6ee3612ed6105412c28e5643e7a4d9a5130686796ceac3fd7d39b8675b894277281177c9be9e2fd12b67f73b4b6313b78f2101b0e921d2596ea2648aba928d3e67eb1595e2004aba7ff52b8544cab3e76261defc45b6b75e6871a6218360eb434c903508379cb7d0f512614df9734f70744e8e39e802c029bea9b64863c56dc727400d0e8b80432931fdad3a0ebe12b95dcdf30966faa103749696aeec39e5bdacca9e4c5b7020c1fdbc14a58178f94249168ebf99f86cb1460a934a8f8a1e4b81c0d690f05e32c3ab7f70e056354aefd6bb3ccda94f90ba53dbba9292e5733a4eacbfe99acff202ef400023daae45f6f23ca5c8798b763e704334fd59d82229810ec76e549b9a7e96559b758b4491822467e87ad62127c171f2263514309b0ed0d60a7dd1cbcafec1fce0c7464d17c94c34be1a4e520fa0c04b58678309b11e488e20d333b856989e59745ab5a98af62501df68ada2f6842d97b95fc171c79ad2d293c2ebf5aa65c315fe9e0f8dc1257e8d60cf5e551c8ade9600a2c9d5c0211cef84e462f6969f0c575b78481febe4d40f91a9fa5cb7235bc6df26ab62f6edb8d010616d6539ad5d52c1f7040b2d1004c76bf235f3f029dffae1c43fd7cb6b92adb7cb79067cf6baa6134e805cabb9f353e55b209b372245331fd88f10228c7ea34564acb27079d196de5fddf862e6828ffd48319337ad1d6080651bb33b4cc065b84a863d1d4f789b3cb9f14f7291ce4e584e19c8acddc2eea636b0a21ef9edfb4475cf81ee77fb61fe843bbf4721f27f51aafe2943fc61c79d408d7205b3da7297ac801c4a78ab482d5d3d97a2b42e9e8961e74c94ab49645c86fbed54f9da8630b67801b4b81384dba0049b17daa0594cffadaff3289e7c7c5a275204ea37f5561f6e8e2648f2d5d14b06dc8c4f431ea06d053550044170e2150ad55e52cfeaa473a944163618874b24f05f4a584e97cd561825c4a11f03744458ef4f79a13acfa28eedc3e53b4147da378f473fb921e79fce392f3aa070ef7614ed24d3fa006170db63c46820f36d2e97a1c9805a71adac5f4db5e5106745ca98c3b60eb020dc58b851543469320501de14f684634e255143f2ef635a0ce5cc430f9bf452a4df48ad4c8b585d33cefc6bfb92f4b52ac9edc55f3b4152b6f4916aaef995cdb269ec7af12c323c62ea77eed268f8f0803b1138f75bbbbbdf46863660c024c3f50dddfd82ca2b01e5d9e8ca8d707961c30007d7a0c226ab39baf0d1a0a9e8b1aad61dca77adb4247f44c3a73f1b511ef510a4717d2fe6934a3c5554b8fbd5de63f2d3265cceee5eb5ca98bf95cc8354ae5252169fc944ced2e60d95b8f91d2ae15ab84bc28a88b61da284d21915cd0601092ef8aa77a17b3be411b0f8b1642f3d05499564d93b91fbe93796ffd1f8e28baa5ccc9386202eff1919918d8f81506ad31a1198fb1238d15f49d6c6d4bbd61b12124ca97b342e4af644d9a98089321a1a9f57bfe9a90a6d5a6529efc98e4737ffffe4e46ed18b7c0b5d0d8e871198fa8e759f36d90dd73015d28acc957b25cbfa9a80b19e4992bdc7062b291f295ea8cac14f5546d456f89937d5a8f28f721b4426a6aa608d19a81b8a8be8865d75a539d088c517be88aabef5af18c19c680355d5470e740f7cc1bfd135adf3f6c4b5a290c1bcf6db2fc0a77aecf76c297467c5d920bb081752bb3cc585148ea7098564cb53cb58dcc8a973eba8ad93997677e107673eeb29043277c9d6d6034cc35d2077bd1ef269774d87eaee3c47f482cfab0b7fe5691bab7411f30df452a1e287fe54a1e3c99fa77a230a78dbe5dd191dc0eb40d53a1a16ac16b739253f75f5a5bea1ff0f8eb67576252dd421e939aa19b9e8d987fa891af9e46f524dc2c38fa8a8db63a84d8fc5f9aaa3ffd60ee18345a6eec2551be9741dfbae9540db469c0124b3ecd4e6087b97bfa61b21ae827883f90eb43eb9a0e03bc4dd46709c45335264f1723102bdc0e8a587851ddd3b883e93fe2fc3066a747c3b28a4a9ad8f4ed1f0cfc77340b0716638aea49ea5e37600c7da871c77b1ba7646dddbac1b301e8145c25beae709fc2ca40653f58ef06a0a8c3c6b16f204168299448b529644444d94ac7f15f30fa849f61f09f2282242d30192f5ec0585b4b4a2dca3e912265874a3d2674dd3c8d1760cd188da78a74f35d915f46a2898728e87b9c272f810bf73d60caeca5ef138b930e8d14ef34677fed3b64b77b10af25988d52586851976b0634e4db2c28b8403317a6e2446a54e3905746eeac97b8fde123c308e585f4c5660b886be6853bad366d2746afcb162af13705c6709155372dc99509baae19c922250cd9de8c40e3ba1edcc10ffe47d335248d6e1038e3acc45b2150c2f753617b3323408d1de9b894ec6f53a25d25a496c708166bcd36e396d64d8c3c8048b41c11630cef1cea954ad1c86cd3c8e4c63a7eb6dbb7700b118b62fefd9530495a3da140183d47aafd478495c4defff489923dbbaf3246fd0681b2ccdfce8ecd8e464c34eebc735455c2e8fd31012868d1d4ec38e6f6526830d3b91e51781822cb4002de04c47f041e5793067550b6f87a17a3d4b99f46224b08207bed59bb6a3977690d53ee129577a4476126d7b08e822bbe234b7cd6e0096f73f6fc0c5282c4d8da658388a70f6b3e98b17166b717d0d42a08ec1d97f00d08b9ff8b4e0f1572050137fea1e7e8b789fb1ba39d454fb557bfcd8c72603bef2aaf43a8fd38e8d250fb5f12370c887e46f448924eeb2bbdd05768850f245fc9738e406d180c2d47efc5845676e386b2ddf888586454187844f7655e96fd10a6e31f48d23136fe0b0551a1d6f7938e856a03b4dcc15db4328a20ad808ed48f7eafc1df20add3ed03968ea4ffaa496d60916bfca72df5fec9fbfece0c69d82ab8c39093bef403107d2e0aaae7579615227138e877407ec8cb8f16b43d3", 0x1000, 0x8001, 0x0, 0x3, r7}, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x7, 0x5, r8, &(0x7f0000001380)="de0f27486b5636b49ba2c3ed3389f2949662e625b682f4802a1f304d7789ee0e6687d6153d7c85b8807951c6158ed9e8017152695af9b709a144d217bd4756e41fadd00672052de3090fa5245e408dd0623e9d48b7ce86b75878567f6937d5284b4dc66b2891a28b70c10d74626e708b1ed45e431cf78fc5cef4a1691e3fb0e786c69baf4a58abfd73611f1f3b3bb634c077ee75f1af1957ec2120740b0879573b639f508509a6b77ade47205d300af4b980a8b526380da7bf5046a82ae764b22d7b8633ede65c61d6ac5593fe0537b1f2b260685c200bec57369a6fe21572f070944cc92635d7fbe4b714922677369beb5268a2d916d21277f7c282f055af3f5dccf81ec0dec509efd2e49aaa7966b798e52b2a8fb261a5a7c633ccf2bb2eb32c097aede6af1b1355504818b493cff59fbbe6b85296515b0ffeb47764bf2773a3a9f5f29ce09f691d7d63ded7354c94b062a93a4cf9dd99196e1dbdc8e2c21f77418a0d26ec0b62444453f3548c6d57dedb2bb570b4870306ef996c0e7bcc7ffcef542f82e1911223d1ee62711bdfb369a4ddf0cf246a5ecd19bd99b31844b0ec75ffbb16e63eadecfeb870fdc1ec7542882a58372a337c3251de8cb09e23e84a7b87a0de57acf43c028bf2499bcfa0817ed9c983526a748b0c6f9bd912fd4e3187c82252df980b95bb85248128412c5b50495eb18029f313f84843fe7a95caaac39b2fb5555ad8a62208be5b2addb4d880188505cfe8d8b19c330a602630d5b316a70046e1ec4d73e6af011b89144bbb9c3919aadde4bc21c89f57c5211dcb984cede61841bd8afc605fc06d02caa17bf14ccd88a5ea962dbb1eab863e992aa3d7aa159183ad783cdd5b5047ba7758815e6640901a6c35817491cb7c439bd3deb5f06932f56c077c57b5affae763cef14f59ae2839eb3357f5e9acaac700ff603aaa50f5fc07746d733e1cda41e8a6ee8abdb6899c9e9625427d22a8d3ea38c208f453e9dab5a43e3fc541fa202942bda9bea3986d1c7ae8de6caa32fa8256661d2e24212f4fddd6ab2caad78f47bec620fdbad16b36852cb630902cfa7f7d90fba0ce675738a3d25b19a573096f4e4b5278c167c2fc1a29edcb32a5bfdc0a2f5eb4056b6231bf85062f321097d82287147e032152cd43840e5591168e7984df0866604e81d8c974365bc6cffcbc081e00efc7fceb543582bee34f151d42276e730f0cac4dafd9681155c824ecf63110cf023ac7f328553f6fa94e0b756ea461fc4b4cefac2dc186c98c465e4c393a8fc46e42ff83507c0630cf1a6e225b0778e641f68fc7a208b0bad3c0e1f65cb0610a74f64ad29621e28a3006ff9c605fe77897e3a395fee2db7935d2ae152ac913eebe640871ddbc93d8abd3bcc7a0263211d940852a803f4cd741ddc511adecfa440dfd488c8d1cf79345dfc21b3f3434c5db13a010192284e5262d521970c205ba54d7f89bd46af4b0e7c94497f2bac9d2f3571914b6391cb5df14ce74605e8908283757d5d7bdcbf4a109440ee50aaa4f36d1e3ba5e62fe0932d7b958bbd5d4286718e07774ecc2bc795a4064c766ccb92fa41c57c4fa588a7c3e7af2d11aa886f814dc942660759b1cb6ef55c2aa48b7cf491bb3409c3bee70c5d720c12a409b15f529d4684f8a252152677c18d1877daa8684bd0e4ddc66f03c1d38c4d6f8c4b4c99b795ecfc4cf6559ff7b2100870c1f057af84bd3fe3ddb77c176f4e2bd4eb828fe0fcb7f576c45b21549e9087e0357f05a757959144887a6bb209591758cc00179705dd8353583eba4c6110e26a59502fa5000fa8f35b01f20aac12dbef17c65af3ea73f650107ce003c5132cbf90e3eb1ae3f12aabaf1e2ea6edaaf6388758bc4358e9f17895f110f51cbc77cb72d4a67a7b3ad69f79e79988ccdac2aa80a083c19408a192e9a5ed139d54bd174f7ce6f181b4747db62ed63afb212b9447b97671971ede724bd22fd57fc01795c8c64770e53ab67a5ce2d4dc87849bec6bbf19be8f6c4aa917f875351a4a033a7fb6377029ddd86e6ebf04f238436d27644a772d8f3910cbfb6055a5f5f324a07d160174a52c7e119988a46f5ad31cf8a47e6f8a24d8a42a88ce7ed301b56df099ba8d42cd15149e4b3a4ff4f8478ccec455774abf18089e363f6c916270d78b7824fc91c790e9308f664e1017672189b9bdfd59171e285c03bafbb810aa9a656d51ffbae2182b89ad3b6e42b0564218a5e16af8e6bd3eb558daeaa8b940cc13dc8fbb54575db7658662523bd3dc50b89b575d6f4c4aa41aed66194d8c0017106bcaa18553cc4703f5cec7742fbdb06254cef6a448310f72fa5a685556a7ce5ac9c94ab1e538ea3c6388c975eb6860aa294e4394fcb1fa009ae133b33d22399f5989eabf94bf5cedc6838df0e2778c99abfdcdbebee5f9aff402c55168a50ef011a61fe36d24c1b88fd30f82b7a08b9431caef53dabc863fecf87e0089ff5e89fd3639a393f8878b36d6307ae5a5bf2f4ffc57c3d7b5b776b361a2017210bf67773ca1482f8cde67a20802f8ded1fd12c801dc928ec3dddf962f6e00201fe7f38a015d8206470206137fc26b064c8f75e7fd32ec62e78effe4de900ce338367787ab88b29e77f1c72fc48ce3f1c0a99813f426b121dab11fa440aeb34cb646aa18cb0c5d7ef54e0f2cef70c55067ff3ed6c6ce9c095a1c5770e5d29c974c7d41463fd9ea9572dcae91290145f05ce045b3761ca3abd6b1702d848dd6225323d37ecfb8cedfd35163f82479f08dffdcba3fdd4b8eb846424683b3a71b45af8edc0692ff5f732363bfceda4dc082843956b98827b7024ba70d9abfb88f42df36446a794bc49e9126e312b1d5058525ebca4906e4c91fee91af73ac1b5ac4f8e03ee5876c71a1b0142635c863ea54df3813a1ee5a20813048d9d807adf8fc03727a38c98681befcd577583a9eb8d34d089c61e99b825aaa718ac48242c410743d2920653ffff17775ca2a24c3884470070adcfef637da971627f69c65ff54c95c11bd0085fe420b1b3085f250b62a7e4ff0681624137b975141ba1897817feacd6c80c671a0a424e3c992ef3882e2d9551332b138c097d42835897bc1ba96cc60bcd56eda6401534c47d27fc051b2731bcf3acc3f050973fe3eda1161f600a5004874d162af4b0f4a48155b37c6d8f601e39b0d37379072a66e1a372f946840eef31ff43a0cfffc781a965425a3e7a3796f82ae1e388688a1b1d446751227beb5354433c689786cdc682301ad0dc241829c2ca3362b67ab501828fb19cc8f53df49c9b1d1c75542f8d8bcd78a65997797b435181d613e453cc27fd63b28b821d705c2ab8d3f7ae225b861050d3879df937d25782917b5b8ee293bdc3635a903d77e377e4715c4b90eb82ff98544c151ec1423999314b21feaa16fe3f280d61271ca01c5982a6a8dad64c18c83adcdff60a559c3b2e4883314c89822ec1bbb2940ecbebb73c748899b480a165fc38b305474a10c1ffc4eb262f08881331d17f91d249a3729adfa47731b1e5ad6c26e0fd3e70f437d6c095756cb3de7e7cf134647481374f7dcaa6d2137971b8d1fe1489692792ca7e5e3a16ca59f142a47f70b86e83f3b7cee0bd7ec99d65e46f301f468e5029fb28edfcab3601bda2ce2ad512d992f1bf2b95edb5b2ef266cb9c50b8ba88d1e178d412fc4083887556cd34dfbbf23d80dcbc0255384f7444dbc04ea3fc100cb7649d1e1c81a9548c6fc2216a0e890481f9dac7d9df13e19fb68b14d127796c919ec8561d82d6cfcdf2714843dc14edaa1b5201878732dc0eacc5cdeeaed3b3ad57e2d4dc1871f704509421fb28811a89c3b46c0dfd4efd5bbb208bc2242debb4f34e6e6eb181d46005b48cd752118536fa520759f2e8e2e9475d8b57f9853abe4aa5455b993d33b5dc46ad2b6c54bd80e41190ed10e9aa667ada9878697a095c358fa0c2a2aab368d613ec52056bf14390a9392ff94f256f65dcbb02dac1a46e407661fa16c6ab38545798123cedc6754efd8e1a12c8bb4390f5e8af34b8a65643932c05497556120b23ed3fbbca8d1bfe68c08b06d6e7ae194e70ae3f4ea04bb96334a4070c95e957037f03d94043d340ed09ea74b4ab019a3213b3f63b2c4abd517617f2081f0b5c35eee42ae13b3e58f40b5ee64fbe4a338be8eff8113cfb0b59a73e4a0719173754f794e4618f40dcc2d50a848976f44cda73c5784e0943a1796d5a37391b2381542453306b9c22dac7f76d26d17b69b4c71678fb75bb284bac71e1fb52ccd56a1d6ffd220b4ad2e8a522e2c05ac9b763aa461dd0c62860756c44a5a5b91c86823603e95528357d138e193c1abcb1132c615440c6a668013fdf5bac1081d0587c8dd5d82764f8de1c4acde515351181fab2577bf94c2133d14854e4e550b0a312b44c3ff7582dae22fdf04d4ce090d331fc7c73c224f724f1d21a3d30a5eb01e6005a07866e7a1d29c53b214ded6adcec68f7e7f8ebdff65210b7cd4a908ec7f43783315d15472ef41c3cd146e46eda97bcfe997cfcd2a4027be05bd27eb51517686b94e2259219b70daedf8dce4be4d785f8e3b4f118e3ddeaef56a3e905e6b66e34724e7cdff31e69534c7e18d8c1be96255bdc9d0d3afb20d58a33e6af6ddb0d1ae29dd92fd67a4d340924d761799b37fc1ed0d5a892c5bd813b54b76f1a5b85a57eaeeb5fec14d17a41f49304c7b70df8380740dd38bb81eccabdff2cc6c7b938b6524bdd626347394e85036b27b607e5df5d622343735196571248fafdd8a7edc3c0b6dd1555722575de8fb72b8dab2ca5b9f0a4632dc3b0a2f7f04966f71e4e71efb36887ce2b02038c561550eea11324c93adcba938bcf51e7f915bf24847b34c5bf512ef3e02aca9605d42fcddce6c7fa037b9ab2101176469cf67a0e84ecaa63fa08d11cd2f6e722ca2cde5388169ad382614b7cebb1b5ec13b7a2e85689d23408c459c0e7d5541b4eea9018da222abd6ac78d44848145448d2435079d8a503d17db662f067fcbc9f220d2f9b3ed02f3cad42b20218b7e003dfe98de92dcd070601675659ab815c4dbbbabe4df4b2dbca82ef165822ba18b0fc6962beb613893a373a7f0b2ef03ac3958d19dee32242c1d64190ed52924a151d8d535260507daa8450bf8a64456b1dc005e982eb5be89f91742819a27db2efb164951819481cdef6dc7f1470fdb5fb90375c85b5f052857c4a86729c722956cae81eec4794a99c208e8f56160d486f97b10617bf07480f6f3326748c5101b46b8f6e40a1cee1017a19e98b26d5e56d77038668af8bedf6b2f0aa32700279d1dcc12eead9f9d095daf9b00b80cff9346e0940be03e72be040f267a78a52fe4aa06ded79c0b8f300499bb997155c829b367cbe1f636f75d1fbbddd21f52523a8f07384b5558cf3885e48b38df01194c4c22c61ed78691c19943f46044f15bfecac2621a195189aa9c9b4d5ab8ce99ca53d1753c51374dd5a0ee6ec8c63d22fa5b9723dea8d0cffd4be3ee6632de5e0c02db741d3134e5ed733b0ac989e1a91e10f66bd44d9d54a9d9d53c13fbec1c7e23b2cd4749b9abc29b182949ee01bdca7c7fdb3f0101b150f5ba27ff90685c2600846499c493d6acbd058c4a9bb8832d71e743b84f4fc12b5e1c48a49cbea39fd272369210bfc6dec48adf625955554ea04e6756a50ce86247e2fd25b53a9c8da27ebab3f1d268d7d6184326d009e4e8b9060528872504321f32f306a5434b25c8d9d4bbce63f582bbaf4bcbaaf7ac55202d7640dea0aaf", 0x1000, 0x7fffffff, 0x0, 0x2, r10}, &(0x7f0000002480)={0x0, 0x0, 0x0, 0x7, 0x6d29, r11, &(0x7f0000002400)="7e8dabb47d87d635ca5a2d848a2eedf9e27da9ddfed62f9275420425529e93ace35b6c45891ba39f3ad7d76030bb8be23f30790bd7da3b20c42aeaa98f138ed8055d7c2abf013d21812daa55ffbcd02dd6aa6235bfb07866925fdc3f", 0x5c, 0x13, 0x0, 0x1}, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x2, 0xb304, 0xffffffffffffffff, &(0x7f00000024c0)="53796596d78183fa4f71563e141a915027a52b16d86fa360d4d2ef87fe0138e5168ee8f736a088bf794e2a03fea15f2c3e4f41fa8707e08b7445970d1b4ca05a41fd4a694438889cb83bc858d02d438f30d4f97dbc3c3671e45e65e8a8a8839a3c717ff0d6356abd46b1e66d518a567c6d437f1d415dc09c1be573f75ed3b3ea5ba29a1e8c86ad5189f57a4a47043fb6a6c5600a1380da111c439615c03282156f2cdef2f0b35c3ddc3375573e5f1c2e8961ecf578099e8580013d3de6d11bd44a8fcdfabc", 0xc5, 0x3f, 0x0, 0x2, r14}, &(0x7f0000002740)={0x0, 0x0, 0x0, 0x1, 0x5, r15, &(0x7f0000002680)="241ce271bd0fe3adcfbf9f1f28ab911837a50182da3c0b9ffcda3c4b3f4da07b50a28527345d5cba31f00ee5c8f08b6d508464c62d517dcaa67ac976c8659370b09ae93961fda7a29ca08e28ce0051c98476f62d4bbda11a39b56d4f4765479921f46a8ad3bb44922c7d94b8506eb1538108ebf92cb2ccb8080d631ea31ad057146cca408ac2dcef2d9594f62457ea054b81fac931b6c7ac6c40a6cc11f8ee576888e5120d633b6a5ed25fce5baf000a898a0783a6d0", 0xb6, 0x80, 0x0, 0x2, r16}])
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r1, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r1, 0x3c)
ptrace$setregs(0xd, r1, 0x8af, &(0x7f00000027c0)="ac8dfb8a82ec90b9c6011c393992adae3b6f9c407f4fc3c98631c904fa437a2205608e74e15dc423612c407b149e1ba0498b82d3ed7f28db9df87e730f43f351f7118797cf0c0706450dc11f0f0b6fd3ad5031781c983a5bd3a66037e3c265b32b97651a4d56ce0c6f9c5ed69555e584b8924da6dc27b510bca7865b9c1727e6df37b9a691ffaece1bf1d3967018e54d8f67bc01514c1533b1f2819453aacf413ae5efb7aaaf4def2f2db31af74dfca36246846e537fef9ac825960410692db5946bd90eb2260049825fd4c721442cde5602f129a2da211e789d73abeb26ce2f308da63af44d9a5b8024")
ptrace$cont(0x9, r1, 0x0, 0x0)

05:39:51 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
r4 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000003c0)='/selinux/mls\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r3, 0xc0106426, &(0x7f0000000440)={0x2, &(0x7f0000000400)=[{}, {<r5=>0x0}]})
ioctl$DRM_IOCTL_DMA(r4, 0xc0406429, &(0x7f0000000580)={r5, 0x3, &(0x7f0000000480)=[0x4, 0x1ff, 0x7], &(0x7f00000004c0)=[0xf4a, 0x2, 0x0, 0x3ff, 0x2, 0x7, 0x5], 0x60, 0x1, 0x400, &(0x7f0000000500)=[0x9], &(0x7f0000000540)=[0x200]})
ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000000)={r5, &(0x7f0000000080)=""/145})
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r6 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r6, r0, 0x0)

05:39:51 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, 0xffffffffffffffff, 0x0)

05:39:51 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000000)={0x1d91, <r0=>0x0, 0x2, 0x81})
ioctl$DRM_IOCTL_AGP_UNBIND(0xffffffffffffffff, 0x40106437, &(0x7f0000000040)={r0, 0xe06})
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r1 = gettid()
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rtc0\x00', 0x101000, 0x0)
readahead(r2, 0x7, 0x2)
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r1, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r1, 0x3c)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000002b40)='/dev/hwrng\x00', 0x151103, 0x0)
ioctl$SIOCX25SCUDMATCHLEN(r3, 0x89e7, &(0x7f0000002b80)={0x67})
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 1012.761517] QAT: Invalid ioctl
[ 1012.785362] FAULT_INJECTION: forcing a failure.
[ 1012.785362] name failslab, interval 1, probability 0, space 0, times 0
[ 1012.799120] CPU: 1 PID: 22234 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1012.807015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1012.816370] Call Trace:
[ 1012.818968]  dump_stack+0x142/0x197
[ 1012.822613]  should_fail.cold+0x10f/0x159
[ 1012.826770]  should_failslab+0xdb/0x130
[ 1012.830738]  kmem_cache_alloc_node_trace+0x280/0x770
[ 1012.835847]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 1012.841293]  __kmalloc_node_track_caller+0x3d/0x80
[ 1012.846213]  __kmalloc_reserve.isra.0+0x40/0xe0
[ 1012.850870]  __alloc_skb+0xcf/0x500
[ 1012.854499]  ? skb_trim+0x180/0x180
[ 1012.858114]  ? netlink_has_listeners+0x20a/0x330
[ 1012.862862]  kobject_uevent_env+0x6ea/0xc80
[ 1012.867177]  kobject_uevent+0x20/0x30
[ 1012.870964]  lo_ioctl+0x11d3/0x1cd0
[ 1012.874589]  ? loop_probe+0x160/0x160
[ 1012.878376]  blkdev_ioctl+0x95f/0x1850
[ 1012.882247]  ? blkpg_ioctl+0x970/0x970
[ 1012.886121]  ? __might_sleep+0x93/0xb0
[ 1012.889990]  ? __fget+0x210/0x370
[ 1012.893451]  block_ioctl+0xde/0x120
[ 1012.897061]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1012.901366]  do_vfs_ioctl+0x7ae/0x1060
[ 1012.905232]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1012.909967]  ? lock_downgrade+0x740/0x740
[ 1012.914099]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1012.918490]  ? __fget+0x237/0x370
[ 1012.921933]  ? security_file_ioctl+0x89/0xb0
[ 1012.926332]  SyS_ioctl+0x8f/0xc0
[ 1012.929681]  ? do_vfs_ioctl+0x1060/0x1060
[ 1012.933811]  do_syscall_64+0x1e8/0x640
[ 1012.937676]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1012.942508]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1012.947683] RIP: 0033:0x45b207
[ 1012.950854] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1012.958547] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1012.965799] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1012.973052] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
05:39:51 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, 0xffffffffffffffff, 0x0)

05:39:51 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000000c0)={@local, 0x15})
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 1012.980324] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1012.987574] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000001d
05:39:51 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0xbf1, &(0x7f0000000000)="b5eceee7ff36839d753286f1e64e95bfb0327820a59d992543", &(0x7f0000000080)="51faf5cc528ab2c859796aa7", 0x19, 0xc})
dup3(r1, r0, 0x0)

05:39:51 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000000c0)={@local, 0x15})
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:51 executing program 3 (fault-call:0 fault-nth:30):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:51 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:51 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)

[ 1013.179211] FAULT_INJECTION: forcing a failure.
[ 1013.179211] name failslab, interval 1, probability 0, space 0, times 0
[ 1013.194875] CPU: 1 PID: 22262 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1013.202770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1013.212124] Call Trace:
[ 1013.214718]  dump_stack+0x142/0x197
[ 1013.217424] QAT: Invalid ioctl
[ 1013.218361]  should_fail.cold+0x10f/0x159
[ 1013.218378]  should_failslab+0xdb/0x130
[ 1013.218391]  kmem_cache_alloc_node_trace+0x280/0x770
[ 1013.218405]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 1013.218418]  __kmalloc_node_track_caller+0x3d/0x80
[ 1013.245111]  __kmalloc_reserve.isra.0+0x40/0xe0
[ 1013.249766]  __alloc_skb+0xcf/0x500
[ 1013.253378]  ? skb_trim+0x180/0x180
[ 1013.256989]  ? netlink_has_listeners+0x20a/0x330
[ 1013.261731]  kobject_uevent_env+0x6ea/0xc80
[ 1013.266045]  kobject_uevent+0x20/0x30
[ 1013.269829]  lo_ioctl+0x11d3/0x1cd0
[ 1013.273443]  ? loop_probe+0x160/0x160
[ 1013.277251]  blkdev_ioctl+0x95f/0x1850
[ 1013.281128]  ? blkpg_ioctl+0x970/0x970
[ 1013.285020]  ? __might_sleep+0x93/0xb0
[ 1013.288896]  ? __fget+0x210/0x370
[ 1013.292341]  block_ioctl+0xde/0x120
[ 1013.295954]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1013.300269]  do_vfs_ioctl+0x7ae/0x1060
[ 1013.304144]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1013.308883]  ? lock_downgrade+0x740/0x740
[ 1013.313018]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1013.317438]  ? __fget+0x237/0x370
[ 1013.320889]  ? security_file_ioctl+0x89/0xb0
[ 1013.325297]  SyS_ioctl+0x8f/0xc0
[ 1013.328661]  ? do_vfs_ioctl+0x1060/0x1060
[ 1013.332809]  do_syscall_64+0x1e8/0x640
[ 1013.336691]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1013.341534]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1013.346716] RIP: 0033:0x45b207
[ 1013.349901] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1013.357611] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1013.364873] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1013.372135] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
05:39:51 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0xbf1, &(0x7f0000000000)="b5eceee7ff36839d753286f1e64e95bfb0327820a59d992543", &(0x7f0000000080)="51faf5cc528ab2c859796aa7", 0x19, 0xc})
dup3(r1, r0, 0x0)

[ 1013.379398] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1013.386660] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000001e
05:39:51 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
dup3(0xffffffffffffffff, r0, 0x0)

05:39:51 executing program 3 (fault-call:0 fault-nth:31):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:52 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f00006fe000/0x4000)=nil, 0x4000, 0x1000000, 0x50, r2, 0x5000)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r4 = memfd_create(&(0x7f0000000040)='\x00', 0x1)
dup3(r4, r0, 0x0)

[ 1013.528997] QAT: Invalid ioctl
[ 1013.534140] FAULT_INJECTION: forcing a failure.
[ 1013.534140] name failslab, interval 1, probability 0, space 0, times 0
[ 1013.548121] CPU: 0 PID: 22281 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1013.556011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1013.565354] Call Trace:
[ 1013.567953]  dump_stack+0x142/0x197
[ 1013.571594]  should_fail.cold+0x10f/0x159
[ 1013.575755]  should_failslab+0xdb/0x130
[ 1013.579736]  kmem_cache_alloc_node_trace+0x280/0x770
[ 1013.584850]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 1013.590335]  __kmalloc_node_track_caller+0x3d/0x80
[ 1013.595270]  __kmalloc_reserve.isra.0+0x40/0xe0
[ 1013.599933]  __alloc_skb+0xcf/0x500
[ 1013.603560]  ? skb_trim+0x180/0x180
[ 1013.607185]  ? netlink_has_listeners+0x20a/0x330
[ 1013.611932]  kobject_uevent_env+0x6ea/0xc80
[ 1013.616263]  kobject_uevent+0x20/0x30
[ 1013.620061]  lo_ioctl+0x11d3/0x1cd0
[ 1013.623694]  ? loop_probe+0x160/0x160
[ 1013.627505]  blkdev_ioctl+0x95f/0x1850
[ 1013.631419]  ? blkpg_ioctl+0x970/0x970
[ 1013.635317]  ? __might_sleep+0x93/0xb0
[ 1013.639196]  ? __fget+0x210/0x370
[ 1013.642654]  block_ioctl+0xde/0x120
[ 1013.646317]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1013.650689]  do_vfs_ioctl+0x7ae/0x1060
[ 1013.654564]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1013.659319]  ? lock_downgrade+0x740/0x740
[ 1013.663476]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1013.667880]  ? __fget+0x237/0x370
[ 1013.671383]  ? security_file_ioctl+0x89/0xb0
[ 1013.675795]  SyS_ioctl+0x8f/0xc0
[ 1013.679150]  ? do_vfs_ioctl+0x1060/0x1060
[ 1013.683298]  do_syscall_64+0x1e8/0x640
[ 1013.687183]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1013.692054]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1013.697239] RIP: 0033:0x45b207
[ 1013.700450] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1013.708154] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1013.715406] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1013.722668] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1013.729929] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1013.737190] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000001f
05:39:54 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
dup3(0xffffffffffffffff, r0, 0x0)

05:39:54 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0xbf1, &(0x7f0000000000)="b5eceee7ff36839d753286f1e64e95bfb0327820a59d992543", &(0x7f0000000080)="51faf5cc528ab2c859796aa7", 0x19, 0xc})
dup3(r1, r0, 0x0)

05:39:54 executing program 3 (fault-call:0 fault-nth:32):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:54 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, r0, 0x0, 0x209)
setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000000)=0x1ff, 0x4)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r2 = gettid()
wait4(0x0, 0x0, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r2, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r2, 0x3c)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r2, 0x0, 0x0)

05:39:54 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000000000)=0x3)

[ 1015.857699] QAT: Invalid ioctl
[ 1015.862188] FAULT_INJECTION: forcing a failure.
[ 1015.862188] name failslab, interval 1, probability 0, space 0, times 0
[ 1015.886752] CPU: 1 PID: 22301 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1015.894655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1015.904004] Call Trace:
[ 1015.906585]  dump_stack+0x142/0x197
[ 1015.910206]  should_fail.cold+0x10f/0x159
[ 1015.914353]  should_failslab+0xdb/0x130
[ 1015.918315]  kmem_cache_alloc_node_trace+0x280/0x770
[ 1015.923404]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 1015.928841]  __kmalloc_node_track_caller+0x3d/0x80
[ 1015.933767]  __kmalloc_reserve.isra.0+0x40/0xe0
[ 1015.938422]  __alloc_skb+0xcf/0x500
[ 1015.942032]  ? skb_trim+0x180/0x180
[ 1015.945645]  ? netlink_has_listeners+0x20a/0x330
[ 1015.950386]  kobject_uevent_env+0x6ea/0xc80
[ 1015.954714]  kobject_uevent+0x20/0x30
[ 1015.958501]  lo_ioctl+0x11d3/0x1cd0
[ 1015.962137]  ? loop_probe+0x160/0x160
[ 1015.965940]  blkdev_ioctl+0x95f/0x1850
[ 1015.969817]  ? blkpg_ioctl+0x970/0x970
[ 1015.973700]  ? __might_sleep+0x93/0xb0
[ 1015.977573]  ? __fget+0x210/0x370
[ 1015.981018]  block_ioctl+0xde/0x120
[ 1015.984632]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1015.988941]  do_vfs_ioctl+0x7ae/0x1060
[ 1015.992818]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1015.998109]  ? lock_downgrade+0x740/0x740
[ 1016.002248]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1016.006652]  ? __fget+0x237/0x370
[ 1016.010101]  ? security_file_ioctl+0x89/0xb0
[ 1016.014493]  SyS_ioctl+0x8f/0xc0
[ 1016.017841]  ? do_vfs_ioctl+0x1060/0x1060
[ 1016.021978]  do_syscall_64+0x1e8/0x640
[ 1016.025850]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1016.030682]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1016.035853] RIP: 0033:0x45b207
[ 1016.039028] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1016.046720] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1016.054014] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1016.061275] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1016.068529] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1016.075784] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000020
05:39:54 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0xbf1, &(0x7f0000000000)="b5eceee7ff36839d753286f1e64e95bfb0327820a59d992543", &(0x7f0000000080)="51faf5cc528ab2c859796aa7", 0x19, 0xc})
dup3(r1, r0, 0x0)

05:39:54 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:54 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
dup3(0xffffffffffffffff, r0, 0x0)

05:39:54 executing program 1:
openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/member\x00', 0x2, 0x0)
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
ioctl(r0, 0x4, &(0x7f0000000080)="49c29b94af11df0430b1d55c087b061f3d0807691076397b1166ca8596342938a27ab877faf584b1a082f4f3b0994d04fe676be4b7642ab4586a256476eeb822e1181163530bfd12961d4dce428443e76f8f2c7610d1abae19f25361c906c365790e292fbdb69b1fcdc77074dd73c483b412a95dcf46c3c142c72372cf6e14a9aff815ef3a08450861b8e56246a26eec8d2adf208faa8738432d8fd9108a5ea9bf497d9d176280175d1ad0c782628e150288e3cd02192f281d40f07e106143f65953b5dd00913c9505c41cca50417013")
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400)='nl80211\x00')
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141a42, 0x2)
sendfile(r5, r4, 0x0, 0x209)
getsockopt$PNPIPE_IFINDEX(r5, 0x113, 0x2, &(0x7f0000000440)=<r6=>0x0, &(0x7f0000000480)=0x4)
sendmsg$NL80211_CMD_GET_INTERFACE(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x10002}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x40, r3, 0xd10, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0xe0f9, 0x2}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x20, 0x3}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r6}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x8, 0x4}}]}, 0x40}}, 0x4004090)
r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r7, r2, 0x0, 0x209)
read$usbmon(r7, &(0x7f0000000180)=""/254, 0xfe)
dup3(r1, r0, 0x0)

05:39:54 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
memfd_create(&(0x7f0000000040)='\x00', 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$KVM_XEN_HVM_CONFIG(r2, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0xbf1, &(0x7f0000000000)="b5eceee7ff36839d753286f1e64e95bfb0327820a59d992543", &(0x7f0000000080)="51faf5cc528ab2c859796aa7", 0x19, 0xc})

05:39:54 executing program 3 (fault-call:0 fault-nth:33):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[ 1016.265926] QAT: Invalid ioctl
[ 1016.324105] FAULT_INJECTION: forcing a failure.
[ 1016.324105] name failslab, interval 1, probability 0, space 0, times 0
[ 1016.335981] CPU: 1 PID: 22332 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1016.343871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1016.353220] Call Trace:
[ 1016.355811]  dump_stack+0x142/0x197
[ 1016.359451]  should_fail.cold+0x10f/0x159
[ 1016.363611]  should_failslab+0xdb/0x130
[ 1016.367589]  kmem_cache_alloc_node+0x287/0x780
05:39:54 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000080)='\x00\xcf\x1e\xa3\xc9\xd9\xb5\x7f\xf6\xc3\x80uNQ\xfb\xa1E\x17\xf2\xde\xd0>\xceKB\x06\xfa^\xf8\xc1-\x92\xb7>w\xfb\xc8\xb3\xa0]O\x8cch\xc7\xeb\xeb\xf6?\xa0\xf7\xa5\xd7\xbd\x0e\aG\xd5\x00s\xd5\xbc\xe6\x94\x96\xec\xc4\xae\xc3p\xf4p<\x83\xd5\xa8F\xf2J\xf4\xb6\xc8\xa9fV\xd1\xa0\xf91\x0f\xe2z\xba\x80\x14\xc5\x84\xbd\xc6\xb3K<`j\xb4X\x05\xa4n1\x9d\xf1\x93\xcc\x06\xb8\x1d\xd4~\xd1\xff\x818\x82j\xcd\x03gA\xa1\xed\xbc\xc2\n4\xe2\x92\xfc#\xd5j\xe3\xdfq\xb2\xe5]\x1b\b\xd8\xe8\xf4o\x99\xb7\x00\xac\xe6zD[\x9c\xe3\x92C\x9e\x9f\xf3\xf9\x92y\xf7\xa2\xc7\x80\xfc\xbb\x14\xc2\xce\xcd\xa6\rN\xe2\xdd\v\n\xff>-p>a=71\"q\xce\xa0\x91\xac\x11\v\t\x9d\x9a\xb1tR\x82\x9e\x90Z\x03n\r\x04k\x85Y\x81\x8e\xcai\xb0]\x89\x06', 0x0)
dup3(r1, r0, 0x0)

05:39:54 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x30946180, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = getpid()
tkill(r2, 0x9)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
fstat(r3, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
stat(0x0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
setresgid(0x0, r5, 0x0)
r6 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r7=>0x0}, &(0x7f0000cab000)=0xa)
setreuid(0x0, r7)
stat(0x0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
setresgid(0x0, r8, 0x0)
stat(0x0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
setresgid(0x0, r9, 0x0)
getgroups(0x3, &(0x7f0000000180)=[<r10=>0xffffffffffffffff, r8, r9])
r11 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r11, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r12 = inotify_init1(0x1800)
r13 = syz_open_dev$radio(&(0x7f0000000680)='/dev/radio#\x00', 0x0, 0x2)
r14 = socket$bt_hidp(0x1f, 0x3, 0x6)
r15 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/bluetooth/6lowpan_control\x00', 0x2, 0x0)
r16 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r16, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r16, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r17 = gettid()
lstat(&(0x7f0000000ac0)='./file0\x00', &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, <r18=>0x0})
stat(0x0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, <r19=>0x0})
setresgid(0x0, r19, 0x0)
accept(0xffffffffffffffff, &(0x7f0000000b80)=@pppol2tpv3={0x18, 0x1, {0x0, <r20=>0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, &(0x7f0000000c00)=0x80)
r21 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r21, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r21, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r22 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000c40)='cgroup.type\x00', 0x2, 0x0)
r23 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r23, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r23, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r24 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r24, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r24, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r25 = socket$nl_netfilter(0x10, 0x3, 0xc)
r26 = memfd_create(&(0x7f0000000c80)='#trusted\x00', 0x4)
r27 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000cc0)='/dev/video35\x00', 0x2, 0x0)
r28 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r28, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r28, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r29 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r29, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r29, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r30 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r30, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r30, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r31 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r31, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r31, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r32 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r33 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r33, r32, 0x0, 0x209)
statx(r32, &(0x7f0000000d00)='./file0\x00', 0x0, 0x7ff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, <r34=>0x0})
stat(0x0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, <r35=>0x0})
setresgid(0x0, r35, 0x0)
r36 = fcntl$getown(0xffffffffffffffff, 0x9)
r37 = getuid()
stat(&(0x7f0000000e40)='./file0\x00', &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x0, 0x0, <r38=>0x0})
r39 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r39, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r39, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000f80)={0xf000000, 0x0, 0x480, <r40=>r39, 0x0, &(0x7f0000000f40)={0x0, 0x9, [], @p_u32=&(0x7f0000000f00)=0x81}})
r41 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r41, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r41, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r42 = open(&(0x7f0000000fc0)='./file0\x00', 0x101000, 0x8)
r43 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r44 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r44, r43, 0x0, 0x209)
ioctl$VIDIOC_PREPARE_BUF(r44, 0xc058565d, &(0x7f0000001000)={0x10001, 0x8, 0x4, 0x2000000, 0x4, {0x0, 0x7530}, {0x3, 0xc, 0x3, 0x5, 0x2, 0x20, "e9a6f7ac"}, 0x3, 0x2, @userptr=0x4, 0xffffffff, 0x0, <r45=>0xffffffffffffffff})
r46 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r46, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r46, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r47 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r47, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r47, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r48 = accept$alg(r47, 0x0, 0x0)
r49 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000001080)='/selinux/relabel\x00', 0x2, 0x0)
r50 = mq_open(&(0x7f00000010c0)='+\x00', 0x40, 0x20, &(0x7f0000001100)={0x5, 0x7, 0x9, 0x5})
r51 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r51, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r52=>0x0}, &(0x7f0000cab000)=0xa)
setreuid(0x0, r52)
stat(0x0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, <r53=>0x0})
setresgid(0x0, r53, 0x0)
r54 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r55 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r55, r54, 0x0, 0x209)
ioctl$TIOCGPGRP(r55, 0x540f, &(0x7f0000001140)=<r56=>0x0)
r57 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r57, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r58=>0x0}, &(0x7f0000cab000)=0xa)
setreuid(0x0, r58)
stat(0x0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, <r59=>0x0})
setresgid(0x0, r59, 0x0)
r60 = getuid()
lstat(&(0x7f0000001440)='./file0\x00', &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, <r61=>0x0})
sendmmsg$unix(r1, &(0x7f0000001540)=[{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000580)=[{&(0x7f0000000240)="eb31f477159f0e9fb1bb60161ec72d685a4530207afede04690fe5dec3f624945b2074856f8f4e4569bbe75ba69d2718188fc675acb6000c4e2e7f10c2c6be74f38ae34cffa12d69c443def286a641d7e0743565f7ffa1afa626d2aafd24830c6a775f64cbdfd3257817f1", 0x6b}, {&(0x7f00000002c0)="0751c9feab74db478627b0e55f754e53804428f42d2bfdca4cb92eaa995101cc05d61d02cb605a0dfc271d9f667cc44661a659bf524a0ee3b58ba8eca8387f99d53645e654e2259311d82e500c25ed920059c1b0839c85ff6d2b9493f908548033dcdd747beb2b1a", 0x68}, {&(0x7f0000000340)="b875d03ffb93a9612340484d03abc9f2fc4c7b701da42fd0bcc67fa90facec8a359cbeef29da55f8d09fbb690ab99d68e918527cf468fc52c616b1cef6b429e5e3f45982", 0x44}, {&(0x7f00000003c0)="bc5eff11499256c65ca88427bde8bd965599037da2349101002da81e9b294250c1a209de80bd79d6de5bf9e19deaa95c9d2a07cec4c8bc41bdec16ea9f829636246a5a5252fa1aaeecc3031a379c095dd3c12728c9dd78710cf9167ef1d86ac41a45e8d1a6c0e27103be53cf65b72759e1b67ec9a45ce463d8e5d43a6c8395e1c6f956d380a4a1a94a4e732f8ed87108c139662569c32cb20f31231918b7381421", 0xa1}, {&(0x7f0000000480)="8c9ab6cb87cdfc44d496caab8f66039ed9d07d32c1f4915580b11e02c84d54f3356751494407774ec2888203070760d476f731cd2c73d2598b8e81901705134e073a28ec507424d254bd49128e758c77a10ec4044f78214b7b5056479eab35bd5604ac229604c75a3e575a6dbb9ccb16eaee247bb1e2491f14c3e9301448d95c9a9f12040cfbdaf2e70dcdffdcaf6c7a63d91362cdfcd7ab361055948e91a21d6ed2686dfd1e0335b2cdeaf17c548ad55031ff84bed2a1c7105c31657e484797b81722e22cf354bd1b18f08353e1bb9487a7cd319f83ce1595232b", 0xdb}], 0x5, &(0x7f0000000700)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r2, r4, r5}}}, @cred={{0x1c, 0x1, 0x2, {r0, r7, r10}}}, @rights={{0x2c, 0x1, 0x1, [r11, 0xffffffffffffffff, r12, r13, r14, r15, r16]}}], 0x88, 0x40}, {&(0x7f00000007c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000a80)=[{&(0x7f0000000840)="ba8da917716c3be814572e405221fe65715bf828f60a055e087ced088dbfcb049983cb60b731dfa827e4613cd2397e87f19609c22718e2918a2e630c6f9f064231296f78894e25fd4865836eb1570d521bfaa3e3a77d2a198f889acc46b45692e694c95427789a8ba3ccad6815a01b88161618843b688caca8be4df13266add01f26009d3251a5ff549b3a5f1f4dcbe8d4b411f9edac787f1d3b250163b30a5cf3a6921714463b04e361021071742fb72ec3408f8c3b893c92f132cf8a7402cb64e1c1fdbaa5dd717e47ec", 0xcb}, {&(0x7f0000000940)="431b95216c348ce79410f896c5fc542e015a60bc394c5f483657cc2ab32758260c8ae351ccb5c86f9c235d034662dc1ef0085c3a1f8f6f175a9a", 0x3a}, {&(0x7f0000000980)="492081d921bd044ba2812d4dd15b02a8ee05970feb4183db418f1a99b988ce558112e75fee8eee9f2a440f911a5e3ceb4899abb4700e3a58e718758eef9852062a7cd63d36004e245b6e89f4c1feac4b490d78f90e55f7faa2df00d185c1131c6b3f6fe7e131e0aec2854952ecec0701cbe1afd9e467374fa7a4aa2c018d9a3d47c19dc28b2bde17b2ecd96c98ca72c3c078215f82a3f1626c56788bb84dda315ab54555a32ed4ab626d9a5f475d41e0fd30f7c679837538b1fb47f9612d01e38cd6894e524b8aa3751a1b4c1829806753e69fef3cb08fe2a46c7f2b2ee71ce8b55d8bcf770b2ccc8ebfc9e90e9bee4960f7c892a39dd758582a7215926f49", 0xff}], 0x3, &(0x7f0000001180)=[@cred={{0x1c, 0x1, 0x2, {r17, r18, r19}}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r20, r21, r22, r23]}}, @rights={{0x20, 0x1, 0x1, [r24, r25, r26, r27]}}, @rights={{0x20, 0x1, 0x1, [r28, r29, r30, r31]}}, @cred={{0x1c, 0x1, 0x2, {r0, r34, r35}}}, @cred={{0x1c, 0x1, 0x2, {r36, r37, r38}}}, @rights={{0x30, 0x1, 0x1, [r40, r41, r42, r45, r46, r48, r49, r50]}}, @cred={{0x1c, 0x1, 0x2, {r0, r52, r53}}}, @cred={{0x1c, 0x1, 0x2, {r56, r58, r59}}}], 0x138, 0x10}, {&(0x7f00000012c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001400)=[{&(0x7f0000001340)}, {&(0x7f0000001380)="01a4ba7c805dd3da671799e714f8238b03a6c4031df0c8e1e8b5e427ec34e1788f4e5a2ed565cb924729ebb94eb5eb9b136d7d4ebed10f3a6d3581165623bf056e578ef1a0f9f7a6da06ca965e3225ec35c8d34ad0674feba8e5c6d1f61f158849ff3d45a1765dcfda", 0x69}], 0x2, &(0x7f0000001500)=[@cred={{0x1c, 0x1, 0x2, {r0, r60, r61}}}], 0x20, 0x4}], 0x3, 0x4008000)
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:54 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000080)='\x00', 0x1)
dup3(r1, r0, 0x0)

[ 1016.372176]  __alloc_skb+0x9c/0x500
[ 1016.375801]  ? skb_trim+0x180/0x180
[ 1016.379432]  ? netlink_has_listeners+0x20a/0x330
[ 1016.384194]  kobject_uevent_env+0x6ea/0xc80
[ 1016.388514]  kobject_uevent+0x20/0x30
[ 1016.392305]  lo_ioctl+0x11d3/0x1cd0
[ 1016.395932]  ? loop_probe+0x160/0x160
[ 1016.399718]  blkdev_ioctl+0x95f/0x1850
[ 1016.403598]  ? blkpg_ioctl+0x970/0x970
[ 1016.407501]  ? __might_sleep+0x93/0xb0
[ 1016.411388]  ? __fget+0x210/0x370
[ 1016.414846]  block_ioctl+0xde/0x120
[ 1016.418474]  ? blkdev_fallocate+0x3b0/0x3b0
05:39:54 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video35\x00', 0x2, 0x0)

[ 1016.422800]  do_vfs_ioctl+0x7ae/0x1060
[ 1016.426687]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1016.431442]  ? lock_downgrade+0x740/0x740
[ 1016.435594]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1016.440014]  ? __fget+0x237/0x370
[ 1016.443471]  ? security_file_ioctl+0x89/0xb0
[ 1016.447885]  SyS_ioctl+0x8f/0xc0
[ 1016.451249]  ? do_vfs_ioctl+0x1060/0x1060
[ 1016.455406]  do_syscall_64+0x1e8/0x640
[ 1016.459296]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1016.464156]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1016.469345] RIP: 0033:0x45b207
05:39:54 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x30, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:39:55 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
memfd_create(&(0x7f0000000040)='\x00', 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
dup3(r1, r0, 0x0)

05:39:55 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)

[ 1016.472535] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1016.480245] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1016.487517] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1016.494784] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1016.502052] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1016.509323] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000021
[ 1016.585137] audit: type=1400 audit(2844653995.087:122): avc:  denied  { sys_admin } for  pid=22337 comm="syz-executor.5" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[ 1016.623408] audit: type=1400 audit(2844653995.127:123): avc:  denied  { dac_override } for  pid=22358 comm="syz-executor.5" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[ 1016.624795] QAT: Invalid ioctl
[ 1016.716843] audit: type=1400 audit(2844653995.217:124): avc:  denied  { dac_read_search } for  pid=22358 comm="syz-executor.5" capability=2  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
05:39:57 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xc4c, 0xc00)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:57 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
memfd_create(&(0x7f0000000040)='\x00', 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)

05:39:57 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r2, 0xc2604111, &(0x7f00000003c0)={0x80, [[0x5792f6b0, 0x4, 0x6, 0x0, 0x8001, 0x7fffffff, 0x8c9, 0x4800000], [0x0, 0xb3, 0x1, 0x101, 0x9, 0x1, 0x0, 0x3], [0x450294e5, 0x914, 0x2, 0x80000000, 0x1, 0x200, 0x0, 0x400]], [], [{0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x7, 0x50a5d24f, 0x1, 0x1, 0x0, 0x1}, {0x6, 0x800, 0x1}, {0x4, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x7f, 0x1000}, {0x81, 0x4, 0x0, 0x1, 0x1}, {0x400, 0x8, 0x1, 0x0, 0x0, 0x1}, {0x4, 0x3, 0x0, 0x0, 0x1, 0x1}, {0x3, 0x9, 0x0, 0x0, 0x1, 0x1}, {0x7f, 0x9, 0x0, 0x1, 0x0, 0x1}, {0x0, 0x10001, 0x0, 0x1, 0x0, 0x1}, {0xfffffff7, 0x6, 0x1}], [], 0xf27e})

05:39:57 executing program 3 (fault-call:0 fault-nth:34):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:57 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000040)={0x558000, 0x2, 0x200, <r1=>0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x980925, 0x2, [], @value=0x81}})
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000180)=0xffffffffffffffe0, 0x8)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
ioctl$EVIOCGREP(r2, 0x80084503, &(0x7f0000000240)=""/4096)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:39:57 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)

[ 1019.306423] QAT: Invalid ioctl
[ 1019.311676] FAULT_INJECTION: forcing a failure.
[ 1019.311676] name failslab, interval 1, probability 0, space 0, times 0
[ 1019.323457] CPU: 0 PID: 22373 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1019.331350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1019.340702] Call Trace:
[ 1019.343294]  dump_stack+0x142/0x197
[ 1019.346945]  should_fail.cold+0x10f/0x159
[ 1019.351089]  should_failslab+0xdb/0x130
[ 1019.355053]  kmem_cache_alloc_node_trace+0x280/0x770
[ 1019.360148]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 1019.365591]  __kmalloc_node_track_caller+0x3d/0x80
[ 1019.370511]  __kmalloc_reserve.isra.0+0x40/0xe0
[ 1019.375171]  __alloc_skb+0xcf/0x500
[ 1019.378785]  ? skb_trim+0x180/0x180
[ 1019.382400]  ? netlink_has_listeners+0x20a/0x330
[ 1019.387148]  kobject_uevent_env+0x6ea/0xc80
[ 1019.391467]  kobject_uevent+0x20/0x30
[ 1019.395260]  lo_ioctl+0x11d3/0x1cd0
[ 1019.398880]  ? loop_probe+0x160/0x160
[ 1019.402672]  blkdev_ioctl+0x95f/0x1850
[ 1019.406549]  ? blkpg_ioctl+0x970/0x970
[ 1019.410446]  ? __might_sleep+0x93/0xb0
[ 1019.414326]  ? __fget+0x210/0x370
[ 1019.417771]  block_ioctl+0xde/0x120
[ 1019.421385]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1019.425695]  do_vfs_ioctl+0x7ae/0x1060
[ 1019.429566]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1019.434308]  ? lock_downgrade+0x740/0x740
[ 1019.438460]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1019.442863]  ? __fget+0x237/0x370
[ 1019.446313]  ? security_file_ioctl+0x89/0xb0
[ 1019.450713]  SyS_ioctl+0x8f/0xc0
[ 1019.454069]  ? do_vfs_ioctl+0x1060/0x1060
[ 1019.458207]  do_syscall_64+0x1e8/0x640
[ 1019.462084]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1019.466919]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1019.472095] RIP: 0033:0x45b207
[ 1019.475271] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1019.482970] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1019.490237] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1019.497502] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1019.504759] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1019.512023] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000022
05:39:58 executing program 1:
r0 = syz_open_dev$vivid(&(0x7f0000000000)='/dev/video#\x00', 0x1, 0x2)
ioctl$VIDIOC_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000080)={0x486d, 0x0, [], {0x0, @reserved}})
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000440)='TIPC\x00')
sendmsg$TIPC_CMD_GET_REMOTE_MNG(r2, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r4, 0x300, 0x70bd2d, 0x25dfdbfb, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x28000}, 0x80)
r5 = syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x4040)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB="a7832776", @ANYRES32=<r8=>0x0], &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000002680)={0x0, 0x0, 0x0, 0x0, r8}, &(0x7f00000026c0)=0x10)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r10 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r11 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r11, r10, 0x0, 0x209)
bind$inet(r10, &(0x7f0000000540)={0x2, 0x4e22, @multicast2}, 0x10)
fsetxattr$trusted_overlay_nlink(r9, &(0x7f0000000240)='trusted.overlay.nlink\x00', &(0x7f00000003c0)={'L-', 0xa91b}, 0x16, 0x3)
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x6, &(0x7f0000000180)={r8, @in6={{0xa, 0x4e22, 0x26d, @dev={0xfe, 0x80, [], 0x19}, 0x3}}}, 0x84)
ioctl$ASHMEM_SET_NAME(r1, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r12 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r12, r1, 0x0)

05:39:58 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
memfd_create(&(0x7f0000000040)='\x00', 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)

05:39:58 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)

05:39:58 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
memfd_create(&(0x7f0000000040)='\x00', 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')

[ 1019.633181] QAT: Invalid ioctl
05:39:58 executing program 3 (fault-call:0 fault-nth:35):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:39:58 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r5], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
r6 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r6, r0, 0x0)

[ 1019.755289] FAULT_INJECTION: forcing a failure.
[ 1019.755289] name failslab, interval 1, probability 0, space 0, times 0
[ 1019.771007] CPU: 0 PID: 22404 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1019.778904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1019.788296] Call Trace:
[ 1019.790899]  dump_stack+0x142/0x197
[ 1019.794541]  should_fail.cold+0x10f/0x159
[ 1019.798691]  should_failslab+0xdb/0x130
[ 1019.802659]  kmem_cache_alloc_node+0x287/0x780
[ 1019.807238]  __alloc_skb+0x9c/0x500
[ 1019.810855]  ? skb_trim+0x180/0x180
[ 1019.814482]  ? netlink_has_listeners+0x20a/0x330
[ 1019.819233]  kobject_uevent_env+0x6ea/0xc80
[ 1019.823561]  kobject_uevent+0x20/0x30
[ 1019.827363]  lo_ioctl+0x11d3/0x1cd0
[ 1019.830973]  ? loop_probe+0x160/0x160
[ 1019.834761]  blkdev_ioctl+0x95f/0x1850
[ 1019.838638]  ? blkpg_ioctl+0x970/0x970
[ 1019.842514]  ? __might_sleep+0x93/0xb0
[ 1019.846386]  ? __fget+0x210/0x370
[ 1019.849838]  block_ioctl+0xde/0x120
[ 1019.853459]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1019.857774]  do_vfs_ioctl+0x7ae/0x1060
[ 1019.861644]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1019.866383]  ? lock_downgrade+0x740/0x740
[ 1019.870513]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1019.874902]  ? __fget+0x237/0x370
[ 1019.878336]  ? security_file_ioctl+0x89/0xb0
[ 1019.882725]  SyS_ioctl+0x8f/0xc0
[ 1019.886334]  ? do_vfs_ioctl+0x1060/0x1060
[ 1019.890464]  do_syscall_64+0x1e8/0x640
[ 1019.894339]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1019.899174]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1019.904350] RIP: 0033:0x45b207
[ 1019.907589] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1019.915287] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1019.922544] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1019.929796] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1019.937162] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1019.944413] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000023
[ 1019.960152] QAT: Invalid ioctl
05:40:00 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:00 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
memfd_create(&(0x7f0000000040)='\x00', 0x0)

05:40:00 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x80040, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00')
sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x101800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000028bd7000fbdbdf250400000004008b642a2c98038008000600000200003400038005000800060000000500080009000000060007004e220000050008007f0000000800010001000000050008e66d2f3837bcf749c8b8baf842b5d95e198735f055360ccf2b90fda2c94d475ca80d10dfdcfacd80f9e070f496d9555c4fb587795c6152f3c431c12f295cf786239eef701b48888de955f0e7ed544570a5577912b8a00bd1624dae2f5d9e1d31de795a167704e9f597dbec4468639bf7378813ce0b2419f1ca556b618efe50f27ce29e79b3fb4b15d1d64a85fea64a224dd4d8f02c137563feba78e299cba70442126afcfaeaab41ee5183b8dcb7d0"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
open$dir(&(0x7f00000003c0)='./bus\x00', 0x2, 0x4a)
write$selinux_validatetrans(r4, &(0x7f0000000400)={'system_u:object_r:anacron_exec_t:s0', 0x20, 'system_u:object_r:userio_device_t:s0', 0x20, 0x5, 0x20, 'unconfined\x00'}, 0x69)
sendfile(r4, r3, 0x0, 0x209)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r7 = dup2(r3, r0)
ioctl$KVM_HYPERV_EVENTFD(r3, 0x4018aebd, &(0x7f0000000000)={0x2, r7, 0x1})
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r10 = fcntl$dupfd(r8, 0x406, r9)
ioctl$VHOST_SET_VRING_NUM(r10, 0x4008af10, &(0x7f0000000480))
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2 \x00\x1f\x00\x00\x00\x00\x00\x00\x00\xd0\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r11 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r11, r0, 0x0)

05:40:00 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
r5 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r5, r0, 0x0)

05:40:00 executing program 3 (fault-call:0 fault-nth:36):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:00 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0xffffffffffffffff, 0x0, 0x4, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000003c0)={{{@in6=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@dev}, 0x0, @in=@local}}, &(0x7f00000004c0)=0xe8)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000500)={@rand_addr="f29ce4166bcb14d08f17de16a536faed", 0x6b, r1})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:00 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1022.350013] QAT: Invalid ioctl
05:40:00 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f0000000280)=0xdb)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000240)={0x1, 0xfffffffa}, 0x8)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r4 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/keycreate\x00', 0x2, 0x0)
splice(r2, &(0x7f0000000000)=0x3ff, r4, &(0x7f0000000180)=0xb16, 0x3e, 0x3)
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 1022.389451] FAULT_INJECTION: forcing a failure.
[ 1022.389451] name failslab, interval 1, probability 0, space 0, times 0
05:40:00 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$BLKREPORTZONE(r2, 0xc0101282, &(0x7f0000000080)={0x7fff, 0x5, 0x0, [{0x0, 0x6, 0x8001, 0x3, 0x0, 0x7, 0x4}, {0x3, 0x0, 0xa8, 0x5, 0x3, 0x9, 0x1}, {0x200, 0x1, 0x9, 0x81, 0xf9, 0x80, 0x6}, {0x2, 0x3ff, 0x3, 0x7, 0x40, 0xfc, 0x3f}, {0x1, 0x1fffc0000000, 0x9, 0x4, 0x4, 0x9, 0x6}]})
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
preadv(r3, &(0x7f0000001780)=[{&(0x7f00000003c0)=""/226, 0xe2}, {&(0x7f00000004c0)=""/233, 0xe1}, {&(0x7f0000000000)=""/28, 0x1c}, {&(0x7f00000005c0)=""/236, 0xec}, {&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/180, 0xb4}, {&(0x7f0000000200)=""/88, 0x58}], 0x7, 0xffff)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r4 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r4, r0, 0x0)

05:40:00 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1022.433703] CPU: 1 PID: 22425 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1022.441615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1022.450975] Call Trace:
[ 1022.453572]  dump_stack+0x142/0x197
[ 1022.457214]  should_fail.cold+0x10f/0x159
[ 1022.461373]  should_failslab+0xdb/0x130
[ 1022.465359]  kmem_cache_alloc_node_trace+0x280/0x770
[ 1022.470472]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 1022.475935]  __kmalloc_node_track_caller+0x3d/0x80
05:40:01 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:01 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x1000015, 0x12, r0, 0x428ce000)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

[ 1022.480885]  __kmalloc_reserve.isra.0+0x40/0xe0
[ 1022.485587]  __alloc_skb+0xcf/0x500
[ 1022.489226]  ? skb_trim+0x180/0x180
[ 1022.492860]  ? netlink_has_listeners+0x20a/0x330
[ 1022.497624]  kobject_uevent_env+0x6ea/0xc80
[ 1022.501956]  kobject_uevent+0x20/0x30
[ 1022.505770]  lo_ioctl+0x11d3/0x1cd0
[ 1022.509411]  ? loop_probe+0x160/0x160
[ 1022.513216]  blkdev_ioctl+0x95f/0x1850
[ 1022.517112]  ? blkpg_ioctl+0x970/0x970
[ 1022.521010]  ? __might_sleep+0x93/0xb0
[ 1022.524898]  ? __fget+0x210/0x370
[ 1022.528360]  block_ioctl+0xde/0x120
[ 1022.531993]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1022.536317]  do_vfs_ioctl+0x7ae/0x1060
[ 1022.540234]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1022.545003]  ? lock_downgrade+0x740/0x740
[ 1022.549151]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1022.553563]  ? __fget+0x237/0x370
[ 1022.557021]  ? security_file_ioctl+0x89/0xb0
[ 1022.561442]  SyS_ioctl+0x8f/0xc0
[ 1022.564795]  ? do_vfs_ioctl+0x1060/0x1060
[ 1022.568945]  do_syscall_64+0x1e8/0x640
[ 1022.572830]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1022.577662]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1022.582833] RIP: 0033:0x45b207
[ 1022.586003] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1022.593695] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1022.600945] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1022.608195] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1022.615448] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1022.622703] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000024
05:40:03 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:03 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:03 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r5, r0, 0x0)

05:40:03 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
recvmmsg(r1, &(0x7f0000001580)=[{{&(0x7f0000000080)=@l2, 0x80, &(0x7f0000000200)=[{&(0x7f0000000100)=""/113, 0x71}, {&(0x7f0000000180)=""/103, 0x67}, {&(0x7f0000000000)=""/61, 0x3d}, {&(0x7f00000003c0)=""/179, 0xb3}], 0x4}}, {{&(0x7f0000000480)=@nfc, 0x80, &(0x7f0000000240)=[{&(0x7f0000000500)=""/121, 0x79}], 0x1, &(0x7f0000000580)=""/4096, 0x1000}, 0x6}], 0x2, 0x60000003, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)

05:40:03 executing program 3 (fault-call:0 fault-nth:37):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:03 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:03 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 1025.383607] QAT: Invalid ioctl
[ 1025.388593] FAULT_INJECTION: forcing a failure.
[ 1025.388593] name failslab, interval 1, probability 0, space 0, times 0
[ 1025.428851] CPU: 0 PID: 22468 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1025.436788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1025.446249] Call Trace:
[ 1025.448848]  dump_stack+0x142/0x197
[ 1025.452485]  should_fail.cold+0x10f/0x159
[ 1025.456640]  should_failslab+0xdb/0x130
[ 1025.460620]  kmem_cache_alloc_node_trace+0x280/0x770
[ 1025.465730]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 1025.471219]  __kmalloc_node_track_caller+0x3d/0x80
05:40:03 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/raw\x00')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x143b42, 0x1d)
r2 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/mls\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x209)
r3 = perf_event_open$cgroup(&(0x7f00000012c0)={0x5, 0x70, 0x7f, 0x9, 0x2, 0x3, 0x0, 0x9, 0x40040, 0xd, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7fffffff, 0x4, @perf_config_ext={0x4, 0xfffffffeffffffff}, 0x4260, 0x2, 0x9, 0x9, 0x5, 0x1ff, 0x2}, r0, 0xa, 0xffffffffffffffff, 0x5)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r5, r4, 0x0, 0x209)
r6 = open(&(0x7f00000014c0)='./bus\x00', 0x404000, 0x1)
io_submit(0x0, 0x3, &(0x7f0000001440)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000001480), 0x0, 0x40}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3, 0x6, r3, &(0x7f0000001340)="c9f1bfc5a4c57cfda14bb9f61cf27bec3e2b393ea741bde5a397be25c8d4489c8c5b365c8f625747a4d5a3f9ef9e328803c12336b7258947a1f763017a6f0ca2e6c3f009764e43c0fb5945b7e63eddae4557d0402f3af8619f83376013649aa38a6c34df3dff65bb589d1a5d8dd3560a2a73e1f596337ec22b2b3e11ca", 0x7d, 0x2d, 0x0, 0x3, r6}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3, 0x9, 0xffffffffffffffff, &(0x7f00000013c0)="47dc4c469da3029c0734e0cd0cc7ceb02436690de88044e2f6b96c334f867110be392ab65ee6641a18ed23572606609e92f766a6c63729e899da35678f593981c2a35f963084d6d13a0a69401cee5cb4d76c2023d24c", 0x56, 0x0, 0x0, 0x1, r1}])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000001480)="0f34", 0x2}], 0x1, 0x0)
ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f0000001240)=""/86)
r7 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r7, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r9, r8, 0x0, 0x209)
ioctl$USBDEVFS_BULK(r8, 0xc0185502, &(0x7f0000000000)={{{0xc, 0x1}}, 0x1000, 0x2, &(0x7f0000000240)="c19c3a9a3230a75e7fbc072756172a94f6fba136eb4da957cc318dc4a9f481992b2e8216d9e523a25962c0a8404ce527c04999c76b9611e35c016001ddc052259576023b0656931b14c610153704ed5b8f197190ade446861e5528b432001e71d1f8a6c750da79c97a6a2a7787826407b5d3cf380dc0d3b534e6db9bdb0890e37fbab4388a49ab526320093135344c9e778865fe98cebf0d427a8c11233afdff57c991a2bdd4a47925b090de04abe10a7f2634b9dd52a6549a1c5b82389940fa4c9bc04d37f56f7de3c2f8a9916aa9b6e9f8d14aaf53d45090862764abe372cf59b170da9d877b15c30332b48543c083df4633d4b473239dddb4778dd338224bd20f855ec52b4e426d9a905a5a42967cfb8996e86e0b534e34dc98742011edf9d17fb7325766fbe44bb668d570486d680858dca495f7bc2e45dbd2a2b14f9227627d4cde749653832b325e450ba00d6ee5a96ca349dcbeba3c2949a7694ac3f9f68ba543b338b8fd78f806e476ecda7fddbb1e146689e1bfa23a41787a9e7123e4f5a4c8138c51862d6d94d7dfabb16de537624a03ad345339292e46eeabe71ea12a290699f0bb463476299766fd81169810c2b3041a74e3a7800d677b5b2217a0ae0186cd33abd45c2ab394be5a0527055871e94facbfeb229c13454379f56734790daab6d68f2db811905348f8659d027c7798dc1db1491004e51f508e78c1cb7a8be86d60e67970ae355de4b332b3afe790f6e7b411669c6c3e518ae64d356baa1d6d7057b56d08bf635af728d9c572addce91023b953ec5de0b916f9e7f1a8b7b9dd843a099fd5ebfb20573a1a026c18f23c9b3bed2cde5cc2378680ccce0a20439fd3f03b3d7643519fbf93dfb9f497c291915d90852f05bcb0d9f88605ae5fd1f7fa892b3a2163e281c460c6326c7ebd0f5f2570ad878d6f719731d147e3e87369a196c94919493f664bdc06773713bbd6eadf77da9c5d2b5c97856e520f3ed8138e7de4ef4dd2f794e9e062d8ea70e70f47a1e8dfba38c68e9d4e3d84e2b991fc32fbfe230c2bcd497a8f186def9977a57975e3d2a84422b48d46f7bc66941e356c8097d6faa1e3eacb3298f7e80033683a13b48195cc306ef624ad7e4f6f35c7ec5731f5289416d0bb339d362d3cf5cdc045a746f32f230f3e69f83377e2887a708b397d571f1165fcd67dc737dc8c6d51a7d8e6544c79cf587a85ec11f177b768ea7e5bc66eb61d791cfdc758a108b1aa273f701a0eb871b1ad8cb039abc91af78c41dc3b98db2df946608e5e8a0467eeb6b87015f40594d1568728afb95d31a5b3a89be0e5d37a11a4a0b6f0508bbc465f50057263f1a8b10ed5fd03dd566f0fa3ddf0d2a241a14871044b0e2d533e9c6f3c862a8f4a72335a0347cd8f38fa9b9827164d4e0fa5394fbb23bc440494aa674f384d3b72bcf561aeb99818a0119635bc1848d1dc89b10e5d90cd2948224fe1643f5608085f45ed4939a6e986019ce6e711ab4961eec9fc4cb2d7c1598574ac4354913cda5a4ab19bd2b03ae7aba350735f5783826c07a307fbafef7b659721d549813d3e62f474984841c3c4f9cd372149958aaa5d828b2d35d4a2e85e6b79501ac805bf4104c7516872760e79096094472f7e69b09a8b72fe5e1595da3db0e02e391c51f126e0380845176888a1f8558d5b11145dceeb58f340a1f6f96d93df87f7a21d59fade73aad734f05ead819dc748c402b13b90c7c994c56fe7cca0280cf68e531b99ce77b2abdf254dc8c7aa5ee90c110ed2f98c70c68a9e971f0c46afa4bcc0a7d70a979f0c2fada52b73b169828ca1bd99fbd9e6cc53ef8af00e0f5875732e740e20616ccea63cd69f34d1b1114d9cf13fa7c634a98df8cda285c6a24a72d7fe3d06802e6c68bd8b8072d04f7f5f8654ea621f8a6b28df612186221ba47a3810b2ff606e8fcd24e7e52ff8cfea652709958d6c8048742bff0c82b9b715c6f8a18230097ca5096ad5b69d6e79afded57b75a1fe7ea46843cfbeb0a78777538da71993bee9e1e7900565762d374d4b824dc8a4a86fe5d185b93079dfa9dad5e16dd754d86ae5b8595ee3ecefa5f5aebf9676f7a6cb4cdfe69b86ecf1b7d60136b45ec84100755edf66730e7c63a5d1bc4c61fa5dd63daf4614048038bf53efa0e26559223b2a23bc444ac8a726947737d14c78c187f097ebf4047c7824cc733452cb6ef9dcc423c2ff2ecdfee1fbb71576e6136c6f9921e5d946dcbafb405bc0d04c42ef93c3e1889466c99b13f05918114ef92a3d7270fd68f3cfab1d8af21c7bb6981cb7a30c397696dd9e6aed8003e91f0f8f2d97d8f074c9496e4ed7f3c46df7dec6136acf76c7e5f494650076b4c19dcee3e13efe8ede81f9f100b58938202d1073aeb98c14e61f3110ff0bfabf954a218e6ed85c4c28273bbfaf758cad76c260ece932a9cb52f151c27433843363f90489ad0cce17c5d73307b7aab4efc35ec76018415a59effb1a3421353fb1d040d0c79f160a381c17533cb680f6c3e22d9903a2eda638e80d590d94d1684c6fcebe4c62dd201d2ad8294f9fc9b2d131b0bf2298bbe0f69875a143c1e8ce2570e393388da2330a8f9f56daf5704ed2af455dc6174fbf6fada1f03ba408516a92cad8b2b51e6279a8a0ac783fd0b001f01be599366c201629dca4382daa2cafb5778f7fe90a92972a84a53614de1bf51209807c5dd4d4af90a89afb7f9c74e40315bd1370a1639d184dac96ded7d775f2c81efd4f49fc890f51524971603bdd22824c9adfd799ed356c414db57a430a7294aa8f1e3cfd4432571f0aaa159d9543042fe0355e5ea9d7d5aa09d83b2c26b59303812eb777a3cd6246adb695802f64655c460580842918a0a3a1ab74c3e6cb63feb9a886a7109e93458b8a0102448b86d509e874735f6962ec03e769b2d623c3a628321b367e0116c7cf454d88494729568b6f78a27b7c85675919c31e8383382494aeec819a7e9d1cb97fc62c9b34a9a23403c796d3732dd9b08e93a934cfebec14dcd9dba7c47148d20db708824d68dd6d89ce58151aa555c805a1df7f7b24706c430ccd91c5f7838731cbf392db2575ef167fb9adf56d63963cdb5c4430460451d65229f703e2e8c08638efe9c3ecf25b70c047647ddffc6fd4637cb793bb9f033dec110f83130bac3a367d2d298223d826f62c710d7bc56ee29dd90a8d21cb424b05d4268fcc6a0f094eefeec38477e4c02c455525c753476240cea15c74d90aff91946b494ab1a2ada6335830ecf16d9205d2cf38d952f50116af7907eb73bf3c913fc651ba2561376c9c16cf284c54350032fb55351d7e7af93c4ca70e896ecdc9d2917797b9888f5874eec35300c3abb8259eb2d2dad23976890fc8cdac4521a9007ee0cd3b6e81f7e018028d384ef1fcf7057feec1e89bc0883a320d8b762869c5f18abce917b0d4c64f620e5dfe0e77175c311bd278f77f9da3d839eb8d3fd5ef664ee6a8089e8d45ef0e09f8ba7039cbd298af5b2790373adf04a98529c890d6704021182a1a0012322e233a880ecf833b9328491f8a562b9036aafe81acfba5bc1aa877450a5682dd204b353be3aea2ed733b6248e7e1c4e2b6e281c62dbcb655a77711c4a89e1ef123a90eb9e2987ecad78a97661cf1b1a6ecdb7b0fa98f49042757e4fd0a9facf27d36cca91d9b3a179bfcc4fd9c649252aad2aa7b0baca4ff5e9ce2d414fb29a0b203558fef52f3ea311a3964fc523f4052c20da84a52c9c331f75e64d33cbb15969ed794ba950969e0cdd122d834cd04dca9b66b69287bf81c47be06362409cf638899faeecbe54276f21603dacf57498886a30bea901196f94dd5523f241ad14c7a6dee55d5a863942896379b47c114dbfa1dd5934be09043e18269de99b98747e2160ef720a6f11695ea1dcbf97f8d579e907e95db61493217af7aeb7ee807b5ac9a140066a89b297e3eb320679bb223249c0b8e0da6a6cf5cfbe981d6ca88cea93df18775203335a3e7e5282556b2acc3ac4ca5f3a702dde337d29c9a1edb2810b4a206d5005780edc6c69be4aa3914497918aef2c1c9e3050cce4c8c5256d721b66aa75102c9c7b2e44514e39c86158b0d542084bd3c34e2bde60b30ab702c442f9fae1d22019d84ed607a83b5c200095d1326f95b5b24062f098f754a9c2d29fdec6c9c24d12d3ac638ff7270b0deedf766c3c05c5cd92f7aa55c4fbe1a9d894a4ec40f2fc368d41f0fc8c833e39ff9c08f9855548930cf97182e7c60c4a213490fd28a51607f05c91e2967d3ec95d2583f78bc1130ae00ac9bf19249e29cb49c9ff5ad379264058fa7fa8821c040a039d9e9f0ccf781d286dd416556aabc1cde0c4459df3e562b838c20bbb6cf3153d205825de661554dce01e63b5784d5e74bbb1c292e3b2b2603c229c72a54852791619eab921bfff832d11d1dc1ca8549855cc651df3505454ef3af106f083858e8e4275ea6a941d8778ce432d4c02f2344f0ed9f4e94c6cc49dad7bcd6984ba854d92ef72249598182f8ff277532f8cdb37aae6111f757e803cb6d21c8f56ed7a40899109b826d0f0edb34291322b3347ce7b8b6ab8e77129476f89b8f10ddaa3195a18dd360bbc738f34b83dec981768d7a24a2be355602f26f4dfc803c6d597fb3374d826ea73d0bff42323637752ecd470a5dfe8722c404876a49dcd2693fc0872f074331df3a57cecb145a6e3bae8f8eae9253612018092224037a31a5d9f1725825ea231fd8946225da43fdb24762c926284ffdf7406b99fb66c9af236566e1977d726153dba0ee4012cee0011f3b92c74646bb993eab5238b9d0e5ef2154136a6cf7ae91002fd0c97a993db2754a6f594792db4d28be9fb13ae48183dc6fe9e395a22b78fe9fe575f597fea8ff4b5aae2f4ea3361f481ddca961897c71e5616c702bf5fd63b64f58c0779f1624424c599bda6334515423bed1af28aec1899d6b75f2df7135f89fa7a30bbc550c49e0b3c38f70e5a827b3760046ded3de8ab47480fde23b850b81e49898ad656a45eb505c1eafa86e760b72b3e215256c94900766bad7b79d6960d62964795bb48e85965fcbac05ff4a2097fff8fa67fb3d28e4031c8430b731389e85c71d45efe8c4fcaa856928e9f6bec9f8c7d9d00a87da863759fdfda4db5c2c44486563c0055b8ece10d666e2829a7662d30f813bf82582943ec88e1f1becb88f648c01cd2e996d4aab4eda158c4f8c7f4aca91847bcdcd3fa9e8291b2aa4da08beba69cf978c1211d1cd527bc0c8ada04a1c253961e906414a4d9b68f0663b9e74e6d201ceacb24ca6303a4b576660c7c9b0f8fe0969aaff451b3babdd38569391df4cf2b1763cba0ab9acba0fd05c7d3c5765a9e677d7d50de8f267a026daeb333eac86593915857755ca3e5179a3ac8d07850972dffbebde8cbfb749ab3486d6964aa2534d47b3f531ea4b1462fc663a41238d49301369bf86733ef395a475c97971f57662caa238728623277e341ec13476c4a320127f182da734e939f100303c079d51913785bf7cc1022b46a60816b1a524473463d100f011beb14eafd1d00ebd10caa7b8d5f55fe0974140ef32c00966f34087bf576dcb266f77b12ad07dfc12f44ea1f51c3da02894b5260aa3b7e220cfb12e09857324a8f26901da7c804c3c61cb29304cfce48c46bb29200b83630727153918aafb3730691c21e0fa057b25426e62b13ddb9344fa4b8f723b1415bbbcdc940cdfe582b74ba085c6f37be457b00494a7267844073b857dd03c75b0b092e8c6aa"})
tkill(r7, 0x3)
r10 = getpid()
tkill(r10, 0x9)
r11 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dlm-monitor\x00', 0x531000, 0x0)
perf_event_open(&(0x7f0000001500)={0x4, 0x70, 0x1, 0x20, 0x40, 0x7, 0x0, 0xffff, 0x1000, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x10000, 0x2, @perf_config_ext={0x400, 0x5}, 0x1040, 0x96e6, 0xb5, 0x3, 0x8001, 0x1f, 0x5}, r10, 0x10, r11, 0xb)
r12 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r13 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r13, r12, 0x0, 0x209)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r13, 0xc0502100, &(0x7f0000001580))
r14 = getpid()
tkill(r14, 0x9)
r15 = getpid()
tkill(r15, 0x9)
r16 = getpid()
tkill(r16, 0x9)
ptrace$setregs(0xd, r16, 0x5, &(0x7f0000001900)="dd88e4b01db50863044045790548343ea6b6424788bf089967312698a8ea5fb7de5108d16c2c8e098681e26da5590bcd6e1a91ae77b44d85f1933876913cba5c1a57db13f82d23764d5c48c38ecd784791efed1441f6b39f4985a45e72e65c89cf9fcbf6f1c06ff5c22b9699862185b32b89b0e67c69756f19049f413ee044d75b023097c99f95d111b340b5d0fe2d400c332cea50afc19bc1ab458744dcddcd89b4c6cd1e1ce7e78e84eca3f8658a6cd3a1c24f451a6e2e54c065e42e1bf3aac22c62e5c3d4f40c15c5aefda762d5585ee9bf219fc83130a541aad7e00ce13571890d18da4cd59c55b845ccfee4b5367ece6411ba7db68672e2d0f0ca2c7124389867c15cedbf70c99c4e2c892eb69181909b0dbb2e4818cde81a18f2b15b717c6be608d2932aaf123aca6b77cd37e510da1f4cad88d30c8ac5f8244c710788645394d81d6113b400dbd52e940fb2c077ada960dd67b6ce243cf572fc3568bd84d9fba7be8788600bd8bb04c84112db3226fe3c43369209a17f0bfe7416fb8dad435361ad20e7109b51db30d9e476409589dc9ec8d137b590f047fcfc4aad28be9a3b8994ed16a172fc8cd2a495a75246a1b8c5c1fec82ebac02e03eb89124b589892b49692b7f998e07b0116c10bdb116c573ebdbdbf8d81942eb9ff8d52f52ac6f6e13d5e646c2b12a2887f079983b79c473136ab31804b7caa81f43a5f661f7757e8caa89a4eaf06a920302cd8c5118c145103cb40598b18bd")
r17 = getpid()
tkill(r17, 0x9)
ptrace$cont(0x9, r17, 0x0, 0xfffefffffffffffc)

[ 1025.476155]  __kmalloc_reserve.isra.0+0x40/0xe0
[ 1025.480827]  __alloc_skb+0xcf/0x500
[ 1025.484476]  ? skb_trim+0x180/0x180
[ 1025.488106]  ? netlink_has_listeners+0x20a/0x330
[ 1025.492863]  kobject_uevent_env+0x6ea/0xc80
[ 1025.497193]  kobject_uevent+0x20/0x30
[ 1025.500990]  lo_ioctl+0x11d3/0x1cd0
[ 1025.504612]  ? loop_probe+0x160/0x160
[ 1025.508415]  blkdev_ioctl+0x95f/0x1850
[ 1025.512309]  ? blkpg_ioctl+0x970/0x970
[ 1025.516190]  ? __might_sleep+0x93/0xb0
[ 1025.520063]  ? __fget+0x210/0x370
[ 1025.523504]  block_ioctl+0xde/0x120
[ 1025.527125]  ? blkdev_fallocate+0x3b0/0x3b0
[ 1025.531452]  do_vfs_ioctl+0x7ae/0x1060
[ 1025.535332]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1025.540070]  ? lock_downgrade+0x740/0x740
[ 1025.544199]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1025.548604]  ? __fget+0x237/0x370
[ 1025.552052]  ? security_file_ioctl+0x89/0xb0
[ 1025.556451]  SyS_ioctl+0x8f/0xc0
[ 1025.559805]  ? do_vfs_ioctl+0x1060/0x1060
[ 1025.563934]  do_syscall_64+0x1e8/0x640
[ 1025.567809]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1025.572642]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1025.577812] RIP: 0033:0x45b207
[ 1025.581022] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1025.588715] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045b207
[ 1025.596007] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[ 1025.603255] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1025.610501] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1025.617756] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000025
05:40:04 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:04 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
ioctl$VIDIOC_G_SLICED_VBI_CAP(r1, 0xc0745645, &(0x7f00000001c0)={0x2, [0x0, 0x401, 0x0, 0x5, 0x3, 0x81, 0x66, 0x6bfa, 0x7eb, 0x0, 0x8001, 0x20, 0x1, 0x6, 0x6, 0x2, 0x1e, 0x1, 0x4, 0xfff9, 0xfffa, 0x8001, 0x2, 0x1, 0x6, 0xaf22, 0x200, 0x7f, 0x9, 0x2, 0x401, 0x0, 0x8, 0x2, 0xbaf, 0x9, 0x2, 0x1f, 0x200, 0x0, 0x9, 0x81, 0x4, 0x4, 0xa142, 0xff, 0x7ff, 0x100], 0x3})
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
sendfile(r4, r5, 0x0, 0x209)
ioctl$ASHMEM_SET_NAME(r3, 0x40087708, &(0x7f0000000080)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r6 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r6, r0, 0x0)

05:40:04 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:04 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(0x0, 0x3c)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

05:40:04 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r5, r0, 0x0)

05:40:04 executing program 3 (fault-call:0 fault-nth:38):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:04 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x88002, 0x0)
getpeername$ax25(r1, &(0x7f0000000080)={{0x3, @bcast}, [@remote, @rose, @bcast, @null, @remote, @null, @netrom, @rose]}, &(0x7f0000000100)=0x48)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)

05:40:04 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1025.835473] QAT: Invalid ioctl
05:40:04 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(0x0, 0x3c)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

[ 1025.885773] FAULT_INJECTION: forcing a failure.
[ 1025.885773] name failslab, interval 1, probability 0, space 0, times 0
[ 1025.937865] CPU: 1 PID: 22508 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1025.945770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1025.955115] Call Trace:
[ 1025.957695]  dump_stack+0x142/0x197
[ 1025.961323]  should_fail.cold+0x10f/0x159
[ 1025.965461]  should_failslab+0xdb/0x130
[ 1025.969421]  kmem_cache_alloc+0x2d7/0x780
[ 1025.973557]  ? selinux_file_mprotect+0x5d0/0x5d0
[ 1025.978297]  ? lock_downgrade+0x740/0x740
[ 1025.982443]  ? ioctl_preallocate+0x1c0/0x1c0
[ 1025.986859]  getname_flags+0xcb/0x580
[ 1025.990649]  SyS_mkdir+0x7e/0x200
[ 1025.994091]  ? SyS_mkdirat+0x210/0x210
[ 1025.997967]  ? do_syscall_64+0x53/0x640
[ 1026.001944]  ? SyS_mkdirat+0x210/0x210
[ 1026.005836]  do_syscall_64+0x1e8/0x640
[ 1026.009711]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1026.014546]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1026.019721] RIP: 0033:0x45a7b7
[ 1026.022895] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1026.030596] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045a7b7
05:40:04 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000000)={@remote, @loopback, 0x1, 0x6, [@initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @remote, @loopback, @dev={0xac, 0x14, 0x14, 0x33}, @local]}, 0x28)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r3 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r3, r0, 0x0)

[ 1026.037851] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0
[ 1026.045105] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1026.052355] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1026.059606] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000026
05:40:04 executing program 2:
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:04 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(0x0, 0x3c)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)

05:40:04 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:04 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000180)='./bus\x00', 0x0)
r4 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r4, r0, 0x0)

05:40:04 executing program 3 (fault-call:0 fault-nth:39):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:04 executing program 2:
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:04 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

[ 1026.342357] FAULT_INJECTION: forcing a failure.
[ 1026.342357] name failslab, interval 1, probability 0, space 0, times 0
[ 1026.367390] QAT: Invalid ioctl
[ 1026.386226] CPU: 0 PID: 22541 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1026.394120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1026.403577] Call Trace:
[ 1026.406156]  dump_stack+0x142/0x197
[ 1026.409777]  should_fail.cold+0x10f/0x159
[ 1026.413929]  should_failslab+0xdb/0x130
[ 1026.417895]  kmem_cache_alloc+0x2d7/0x780
[ 1026.422027]  ? __d_lookup+0x3a2/0x670
[ 1026.425816]  ? mark_held_locks+0xb1/0x100
[ 1026.429950]  ? d_lookup+0xe5/0x240
[ 1026.433477]  __d_alloc+0x2d/0x9f0
[ 1026.436918]  d_alloc+0x4d/0x270
[ 1026.440186]  __lookup_hash+0x58/0x180
[ 1026.443972]  filename_create+0x16c/0x430
[ 1026.448023]  ? kern_path_mountpoint+0x40/0x40
[ 1026.452515]  SyS_mkdir+0x92/0x200
[ 1026.455969]  ? SyS_mkdirat+0x210/0x210
[ 1026.459838]  ? do_syscall_64+0x53/0x640
[ 1026.463797]  ? SyS_mkdirat+0x210/0x210
[ 1026.467679]  do_syscall_64+0x1e8/0x640
[ 1026.471552]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1026.476385]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1026.481569] RIP: 0033:0x45a7b7
[ 1026.484754] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1026.492452] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045a7b7
[ 1026.499706] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0
[ 1026.506969] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1026.514224] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1026.521477] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000027
05:40:05 executing program 2:
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:05 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:05 executing program 3 (fault-call:0 fault-nth:40):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:05 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000180)='./bus\x00', 0x0)
r4 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r4, r0, 0x0)

05:40:05 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1026.780351] FAULT_INJECTION: forcing a failure.
[ 1026.780351] name failslab, interval 1, probability 0, space 0, times 0
[ 1026.780544] QAT: Invalid ioctl
[ 1026.800824] CPU: 1 PID: 22567 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1026.808721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1026.818069] Call Trace:
[ 1026.820659]  dump_stack+0x142/0x197
[ 1026.824297]  should_fail.cold+0x10f/0x159
[ 1026.828456]  should_failslab+0xdb/0x130
[ 1026.832429]  kmem_cache_alloc+0x2d7/0x780
[ 1026.836574]  ? __d_lookup+0x3a2/0x670
[ 1026.840364]  ? mark_held_locks+0xb1/0x100
[ 1026.844501]  ? d_lookup+0xe5/0x240
[ 1026.848042]  __d_alloc+0x2d/0x9f0
[ 1026.851487]  d_alloc+0x4d/0x270
[ 1026.854755]  __lookup_hash+0x58/0x180
[ 1026.858547]  filename_create+0x16c/0x430
[ 1026.862600]  ? kern_path_mountpoint+0x40/0x40
[ 1026.867091]  SyS_mkdir+0x92/0x200
[ 1026.870534]  ? SyS_mkdirat+0x210/0x210
[ 1026.874406]  ? do_syscall_64+0x53/0x640
[ 1026.878368]  ? SyS_mkdirat+0x210/0x210
[ 1026.882245]  do_syscall_64+0x1e8/0x640
[ 1026.886120]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1026.890958]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1026.896219] RIP: 0033:0x45a7b7
[ 1026.899406] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1026.907105] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045a7b7
[ 1026.914368] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0
[ 1026.921622] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
05:40:05 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1026.928884] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1026.936143] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000028
05:40:05 executing program 3 (fault-call:0 fault-nth:41):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[ 1027.111794] FAULT_INJECTION: forcing a failure.
[ 1027.111794] name failslab, interval 1, probability 0, space 0, times 0
[ 1027.123469] CPU: 1 PID: 22582 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1027.131467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1027.140825] Call Trace:
[ 1027.143433]  dump_stack+0x142/0x197
[ 1027.147070]  should_fail.cold+0x10f/0x159
[ 1027.151235]  should_failslab+0xdb/0x130
[ 1027.155215]  __kmalloc+0x71/0x7a0
[ 1027.158673]  ? mls_compute_context_len+0x3f6/0x5e0
[ 1027.163611]  ? context_struct_to_string+0x33a/0x630
[ 1027.168632]  context_struct_to_string+0x33a/0x630
[ 1027.173473]  ? security_load_policycaps+0x320/0x320
[ 1027.178491]  security_sid_to_context_core+0x18a/0x200
[ 1027.183680]  security_sid_to_context_force+0x2b/0x40
[ 1027.188783]  selinux_inode_init_security+0x493/0x700
[ 1027.193902]  ? selinux_inode_create+0x30/0x30
[ 1027.198397]  ? kfree+0x20a/0x270
[ 1027.201868]  security_inode_init_security+0x18d/0x360
[ 1027.207058]  ? ext4_init_acl+0x1f0/0x1f0
[ 1027.211124]  ? security_kernel_post_read_file+0xd0/0xd0
[ 1027.216483]  ? posix_acl_create+0xf5/0x3a0
[ 1027.220719]  ? ext4_set_acl+0x400/0x400
[ 1027.224688]  ? lock_downgrade+0x740/0x740
[ 1027.228853]  ext4_init_security+0x34/0x40
[ 1027.232999]  __ext4_new_inode+0x3385/0x4860
[ 1027.237332]  ? ext4_free_inode+0x1210/0x1210
[ 1027.241739]  ? dquot_get_next_dqblk+0x160/0x160
[ 1027.246413]  ext4_mkdir+0x331/0xc20
[ 1027.250051]  ? ext4_init_dot_dotdot+0x4c0/0x4c0
[ 1027.254718]  ? security_inode_mkdir+0xd0/0x110
[ 1027.259299]  vfs_mkdir+0x3ca/0x610
[ 1027.262840]  SyS_mkdir+0x1b7/0x200
[ 1027.266377]  ? SyS_mkdirat+0x210/0x210
[ 1027.270262]  ? do_syscall_64+0x53/0x640
[ 1027.274235]  ? SyS_mkdirat+0x210/0x210
[ 1027.278122]  do_syscall_64+0x1e8/0x640
[ 1027.282007]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1027.286855]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1027.292036] RIP: 0033:0x45a7b7
[ 1027.295220] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1027.302920] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045a7b7
[ 1027.310179] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0
[ 1027.317439] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1027.324704] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1027.331970] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000029
05:40:07 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:07 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000180)='./bus\x00', 0x0)
r4 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r4, r0, 0x0)

05:40:07 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:07 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0)='gtp\x00')
sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r4, 0x1, 0x0, 0x0, {}, [@GTPA_PEER_ADDRESS={0x8, 0x4, @multicast2}, @GTPA_O_TEI={0x8}, @GTPA_I_TEI={0x8}, @GTPA_LINK={0x8}, @GTPA_MS_ADDRESS={0x8, 0x5, @remote}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x44}}, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r6 = dup(r5)
sendmsg$GTP_CMD_DELPDP(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r4, 0x4, 0x70bd2b, 0x25dfdbfe, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @GTPA_NET_NS_FD={0x8, 0x7, r6}]}, 0x24}, 0x1, 0x0, 0x0, 0x4880}, 0x4000000)
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
getpid()
dup3(r7, r0, 0x0)

05:40:07 executing program 3 (fault-call:0 fault-nth:42):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:07 executing program 5:
r0 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x0, 0x2)
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x805c6103, &(0x7f0000000080))
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
gettid()
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/commit_pending_bools\x00', 0x1, 0x0)
ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r2, 0xc0105303, &(0x7f0000000300)={0x1, 0x4})
r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r5, r4, 0x0, 0x209)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x7ff, 0x1000, 0x5, 0x0, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_MAP_DUMB(r3, 0xc01064b3, &(0x7f0000000180)={r6})
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r1, 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r8 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r8, r7, 0x0, 0x209)
ioctl$TIOCGPGRP(r8, 0x540f, &(0x7f0000000340)=<r9=>0x0)
sched_setscheduler(r9, 0x2, &(0x7f0000000380)=0xcd72)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r1, 0x3c)
accept$inet6(r3, &(0x7f0000000240)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000280)=0x1c)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

05:40:07 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1029.339232] FAULT_INJECTION: forcing a failure.
[ 1029.339232] name failslab, interval 1, probability 0, space 0, times 0
[ 1029.351560] QAT: Invalid ioctl
[ 1029.356103] CPU: 1 PID: 22599 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1029.363996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1029.373339] Call Trace:
[ 1029.375922]  dump_stack+0x142/0x197
[ 1029.379544]  should_fail.cold+0x10f/0x159
[ 1029.383682]  should_failslab+0xdb/0x130
[ 1029.387642]  kmem_cache_alloc+0x2d7/0x780
[ 1029.391772]  ? __debug_object_init+0x171/0x8e0
[ 1029.396337]  ? ext4_alloc_inode+0x1d/0x610
[ 1029.400561]  selinux_inode_alloc_security+0xb6/0x2a0
[ 1029.405650]  security_inode_alloc+0x94/0xd0
[ 1029.409959]  inode_init_always+0x552/0xaf0
[ 1029.414182]  alloc_inode+0x81/0x180
[ 1029.417795]  new_inode_pseudo+0x19/0xf0
[ 1029.421758]  new_inode+0x1f/0x40
[ 1029.425108]  __ext4_new_inode+0x32c/0x4860
[ 1029.429339]  ? avc_has_perm+0x2df/0x4b0
[ 1029.433301]  ? ext4_free_inode+0x1210/0x1210
[ 1029.437714]  ? dquot_get_next_dqblk+0x160/0x160
[ 1029.442383]  ext4_mkdir+0x331/0xc20
[ 1029.446004]  ? ext4_init_dot_dotdot+0x4c0/0x4c0
[ 1029.450660]  ? security_inode_mkdir+0xd0/0x110
[ 1029.455230]  vfs_mkdir+0x3ca/0x610
[ 1029.458761]  SyS_mkdir+0x1b7/0x200
[ 1029.462285]  ? SyS_mkdirat+0x210/0x210
[ 1029.466186]  ? do_syscall_64+0x53/0x640
[ 1029.470144]  ? SyS_mkdirat+0x210/0x210
[ 1029.474019]  do_syscall_64+0x1e8/0x640
[ 1029.477892]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1029.482725]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1029.487898] RIP: 0033:0x45a7b7
[ 1029.491076] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1029.498917] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045a7b7
[ 1029.506172] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0
[ 1029.513477] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1029.520736] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1029.528010] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000002a
05:40:08 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
ptrace$cont(0x18, r1, 0x1, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r2 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r3, 0x0, 0x209)
ioctl$sock_inet6_SIOCSIFDSTADDR(r4, 0x8918, &(0x7f00000000c0)={@mcast1, 0x158})
ptrace$setopts(0x4206, r2, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r2, 0x3c)
r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ubi_ctrl\x00', 0x400040, 0x0)
bind$alg(r5, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r2, 0x0, 0x0)

05:40:08 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x60200, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x2, 0x0, [{0xb71, 0x0, 0x10001}, {0xbf3, 0x0, 0x2}]})
r3 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r3, r0, 0x0)

05:40:08 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r4 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r4, r0, 0x0)

05:40:08 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:08 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x20ac2)
ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000080)={0x100000001, 0x4, 0x0, [{0x1f8000, 0x20, 0x2, 0x4, 0x1, 0x13, 0x3}, {0x86b2, 0x81, 0x4, 0xdd, 0x60, 0x2, 0x5}, {0x100, 0xa4e0, 0x5, 0x40, 0x1, 0x1, 0x1}, {0x1, 0x77145ac8, 0x0, 0x2, 0x7f, 0x6, 0x3}]})
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)

[ 1029.674753] QAT: Invalid ioctl
05:40:10 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:10 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x0)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:10 executing program 3 (fault-call:0 fault-nth:43):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:10 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
ftruncate(0xffffffffffffffff, 0x208200)
r4 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r4, r0, 0x0)

05:40:10 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000180)={0x9, 0x6f6, 0x3, 0x1}, 0x10)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r1, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r1, 0x3c)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x10500, 0x0)
r3 = fcntl$getown(0xffffffffffffffff, 0x9)
fcntl$setown(r2, 0x8, r3)

05:40:10 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video0\x00', 0x2, 0x0)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:10 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x0)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1032.375880] FAULT_INJECTION: forcing a failure.
[ 1032.375880] name failslab, interval 1, probability 0, space 0, times 0
[ 1032.387305] CPU: 1 PID: 22649 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1032.390509] QAT: Invalid ioctl
[ 1032.395186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1032.395191] Call Trace:
[ 1032.395212]  dump_stack+0x142/0x197
[ 1032.395230]  should_fail.cold+0x10f/0x159
[ 1032.395246]  should_failslab+0xdb/0x130
[ 1032.422061]  __kmalloc+0x71/0x7a0
05:40:10 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
ftruncate(0xffffffffffffffff, 0x208200)
r4 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r4, r0, 0x0)

05:40:10 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x0)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:10 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000000)={0x0, 0x1, 0xa, 0x4, 0x16, &(0x7f00000003c0)="1473364bac3c6cf7ee5d819ae4ef273f4867d2b25ff1e92bb486e579a254619d8d3be8413df04e7dca18872f8be7bc4420b01e8963bc6b99711dbe7086b8cd28b3ade42664eae79833c294ed557ec34c8dde80c3984cc259fccc570a065fa55bbf224e484c430752fd017c11e91ac5baadb2fad4c0509cb1e7c9083fb9383983b2eea46f633425123b40f44ac07441fd5e4ae7bf9ab4dfc09649a879262530d8674e03647bb59424181943be2e3ba41e0e33ab1e5689af5868cb06db01ff602bfb95afb572305faadabe6674f29b3099ec5cc87411652ecb2ff4e2363dbdb3fcf42341bdbacce4e403b89a6992ea66d9e322789a6aaf8e07bca9d78e24eabdbac21c42623adfff2a126e89307c67523dac100dc41af0604e8a3eccbc962a94299708a757ce0e177f3a7e80d9dc93bd5f509d5dd964ac0b46fe4e817a2bbb6596e277aaa891b4eb189666c86e37a0f535c3f5c864d29ef376448ddf966c31c24cb40735fc04a28ed16a76ee4bc111c1ff6f21333989e1700168cf8a03a8d1bb73e9ce14f4a72cd5fa50295acaa000dbfe67b0a4de3e50d89206022ce27542a61f542cef75ed8fdde531299ce0432532499452c66c780f6ce216bffc03470b6c8eb9dfaa6db9c55810c0d1f5823197217f1b49aff66c639b07f670057413a037d67618b6b2d19e5bed0ae0f86c3650ddd136bac3aa8644b219f7b654bf85bc0ffd9fc7d093edb4c9f266fff4ffe14ce5f9fb07ea0f18f1b0c932db26fdb92f191247222a45a3b8ec9c6ae891819a96ce54ca784cf14a60b76189016383cf24ae8a90b554ca59d7db910f65e819c9491d0552b0d1f9e69ca57af923ed9952968609a8f94175a03e95e1d4c628c48593700ab486b994eeedce425850f0909f22ae4e3b5862712ad75e3b19efff16eb6416db24085878b113c546180f99e1836d298eab4cd708c826e80c559aef8261398f33fed5f088c1afe9d9b18933a340e980f16ce29b12b0806169e393d1e61d0cc51a41b4b46bbe557740d9c911afba6a1bd36dbfb8122a9175d747ebbac6e9559e96215ed85166b15ef237b2591e92672945203a1e3f601a68ca323b7582fa2adb1d304be5261d9d0c31be6ddaf5fe4278e18faabc5d3f779b8a8799501899e9c9056f0f963baad2841b914d1ece3e4d92c3770b3607bd2f45ba1a246bf56d36fe91ad094fbe79e7de973ae6f40d048604df2294120bd8e6c6b7e983536901a4d43319b5be5b65018d2020a182beee1abd08135bde87a2056d08c0d82acc245d82feec9931c71d351e5d8a9a6a2ad150faf853ceb0ea2c9c2b5cade07dd18178a3ec8473b0aaa7bc9c2d9a34315cb32385433a33d1f42a4f8054509fd4f4b401e8f012a01c25f32081ca386e9679b8d980aee955a85b979350c7693493b1af96698284129df76303237cd974ce30088f74f2"})
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

[ 1032.425517]  ? mls_compute_context_len+0x3f6/0x5e0
[ 1032.430469]  ? context_struct_to_string+0x33a/0x630
[ 1032.435489]  context_struct_to_string+0x33a/0x630
[ 1032.440335]  ? security_load_policycaps+0x320/0x320
[ 1032.445366]  security_sid_to_context_core+0x18a/0x200
[ 1032.450561]  security_sid_to_context_force+0x2b/0x40
[ 1032.455674]  selinux_inode_init_security+0x493/0x700
[ 1032.460784]  ? selinux_inode_create+0x30/0x30
[ 1032.465283]  ? kfree+0x20a/0x270
[ 1032.468656]  security_inode_init_security+0x18d/0x360
05:40:11 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
ftruncate(0xffffffffffffffff, 0x208200)
r4 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r4, r0, 0x0)

[ 1032.473849]  ? ext4_init_acl+0x1f0/0x1f0
[ 1032.477917]  ? security_kernel_post_read_file+0xd0/0xd0
[ 1032.483280]  ? posix_acl_create+0xf5/0x3a0
[ 1032.486869] QAT: Invalid ioctl
[ 1032.487518]  ? ext4_set_acl+0x400/0x400
[ 1032.487531]  ? lock_downgrade+0x740/0x740
[ 1032.487545]  ext4_init_security+0x34/0x40
[ 1032.487560]  __ext4_new_inode+0x3385/0x4860
[ 1032.507283]  ? ext4_free_inode+0x1210/0x1210
[ 1032.511701]  ? dquot_get_next_dqblk+0x160/0x160
[ 1032.516380]  ext4_mkdir+0x331/0xc20
[ 1032.520014]  ? ext4_init_dot_dotdot+0x4c0/0x4c0
05:40:11 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x0)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

[ 1032.524694]  ? security_inode_mkdir+0xd0/0x110
[ 1032.529275]  vfs_mkdir+0x3ca/0x610
[ 1032.532822]  SyS_mkdir+0x1b7/0x200
[ 1032.536379]  ? SyS_mkdirat+0x210/0x210
[ 1032.540265]  ? do_syscall_64+0x53/0x640
[ 1032.544239]  ? SyS_mkdirat+0x210/0x210
[ 1032.548128]  do_syscall_64+0x1e8/0x640
[ 1032.552014]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1032.556514] QAT: Invalid ioctl
[ 1032.556861]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1032.565221] RIP: 0033:0x45a7b7
[ 1032.568408] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1032.576115] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045a7b7
[ 1032.583383] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0
[ 1032.590658] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1032.597923] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1032.605186] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000002b
05:40:13 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:13 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r4 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r4, r0, 0x0)

05:40:13 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:13 executing program 3 (fault-call:0 fault-nth:44):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:13 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200)='/dev/hwrng\x00', 0x80, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r4=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000002680)={0x0, 0x0, 0x0, 0x0, r4}, &(0x7f00000026c0)=0x10)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000240)={r4, 0x8, 0x80, 0x8, 0x6, 0xfffffffb}, &(0x7f00000003c0)=0x14)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r5 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r5, r0, 0x0)
r6 = shmget$private(0x0, 0x1000, 0x54001800, &(0x7f0000fff000/0x1000)=nil)
getpeername(0xffffffffffffffff, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, <r7=>0xffffffffffffffff, {0x2, 0x0, @empty}}}, &(0x7f0000000000)=0x80)
setsockopt$inet6_tcp_TCP_MD5SIG(r7, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x0, 0x3f, @mcast2, 0x1000}}, 0x0, 0x0, 0x2a, 0x0, "d534b20358d0a18e41c7edbe6cd575d155cdd313606cb88226cf9038ec4838fe2bc1edec506dc913ceab585ed6afa3b6a39e2fd97345d3097117b2581b818f3127a66305cef0c6a35d8be6a04de24452"}, 0xd8)
shmat(r6, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffffff)
shmat(r6, &(0x7f0000ffe000/0x1000)=nil, 0x4000)
shmctl$SHM_UNLOCK(r6, 0xc)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r8, 0x8982, &(0x7f0000000400)={0x2, 'dummy0\x00', {0x40}, 0x9})

05:40:13 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
ioctl$HDIO_GETGEO(r0, 0x301, &(0x7f0000000040))
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r1, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r1, 0x3c)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x2100000001, 0x0)

05:40:13 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1035.401319] FAULT_INJECTION: forcing a failure.
[ 1035.401319] name failslab, interval 1, probability 0, space 0, times 0
[ 1035.413368] CPU: 0 PID: 22686 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1035.421255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
05:40:13 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000701000/0x3000)=nil, 0x3000, 0x0, 0x50, r1, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f00000003c0)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)

[ 1035.428876] audit: type=1800 audit(2844654013.918:125): pid=22687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.1" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0
[ 1035.430602] Call Trace:
[ 1035.456118]  dump_stack+0x142/0x197
[ 1035.459752]  should_fail.cold+0x10f/0x159
[ 1035.463897]  ? __es_tree_search.isra.0+0x15f/0x1c0
[ 1035.465901] QAT: Invalid ioctl
[ 1035.468934]  should_failslab+0xdb/0x130
[ 1035.468946]  kmem_cache_alloc+0x47/0x780
[ 1035.468963]  __es_insert_extent+0x26c/0xe60
[ 1035.468978]  ext4_es_insert_extent+0x1f0/0x590
[ 1035.468990]  ? check_preemption_disabled+0x3c/0x250
[ 1035.494051]  ? ext4_es_find_delayed_extent_range+0x960/0x960
[ 1035.499851]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 1035.505307]  ? ext4_es_find_delayed_extent_range+0x31d/0x960
[ 1035.511099]  ext4_ext_put_gap_in_cache+0xcb/0x110
[ 1035.515935]  ? ext4_zeroout_es+0x170/0x170
[ 1035.520157]  ? ext4_find_extent+0x64c/0x960
[ 1035.524472]  ext4_ext_map_blocks+0x1d4b/0x4fa0
[ 1035.529040]  ? find_inode_nowait+0x147/0x180
[ 1035.533433]  ? save_trace+0x290/0x290
[ 1035.537221]  ? ext4_find_delalloc_cluster+0xb0/0xb0
[ 1035.542231]  ? __lock_is_held+0xb6/0x140
[ 1035.546282]  ? lock_acquire+0x16f/0x430
[ 1035.550240]  ? ext4_map_blocks+0x402/0x17c0
[ 1035.554549]  ext4_map_blocks+0xd3c/0x17c0
[ 1035.558677]  ? __lock_is_held+0xb6/0x140
[ 1035.562719]  ? check_preemption_disabled+0x3c/0x250
[ 1035.567737]  ? ext4_issue_zeroout+0x160/0x160
[ 1035.572224]  ? __brelse+0x50/0x60
[ 1035.575674]  ext4_getblk+0xac/0x450
[ 1035.579289]  ? ext4_iomap_begin+0x8a0/0x8a0
[ 1035.583601]  ? ext4_free_inode+0x1210/0x1210
[ 1035.588000]  ext4_bread+0x6e/0x1a0
[ 1035.591527]  ? ext4_getblk+0x450/0x450
[ 1035.595408]  ext4_append+0x14b/0x360
[ 1035.599113]  ext4_mkdir+0x531/0xc20
[ 1035.602735]  ? ext4_init_dot_dotdot+0x4c0/0x4c0
[ 1035.607400]  ? security_inode_mkdir+0xd0/0x110
[ 1035.611972]  vfs_mkdir+0x3ca/0x610
[ 1035.615502]  SyS_mkdir+0x1b7/0x200
[ 1035.619033]  ? SyS_mkdirat+0x210/0x210
[ 1035.622909]  ? do_syscall_64+0x53/0x640
[ 1035.626870]  ? SyS_mkdirat+0x210/0x210
[ 1035.630747]  do_syscall_64+0x1e8/0x640
[ 1035.634620]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1035.639454]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1035.644626] RIP: 0033:0x45a7b7
[ 1035.647810] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1035.655518] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045a7b7
[ 1035.662778] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0
[ 1035.670040] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1035.677302] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1035.684569] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000002c
[ 1035.701350] audit: type=1400 audit(2844654013.958:126): avc:  denied  { map } for  pid=22683 comm="syz-executor.1" path="socket:[78472]" dev="sockfs" ino=78472 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=rawip_socket permissive=1
05:40:14 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r4 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r4, r0, 0x0)

05:40:14 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:14 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000140)=[{&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f0000000000)=""/27, 0x1b}, {&(0x7f0000000080)=""/58, 0x3a}, {&(0x7f00000000c0)=""/18, 0x12}, {&(0x7f0000000100)=""/33, 0x21}], 0x5, 0x7f)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

[ 1035.791106] audit: type=1800 audit(2844654013.968:127): pid=22687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.1" name="SYSV00000000" dev="hugetlbfs" ino=32769 res=0
05:40:14 executing program 3 (fault-call:0 fault-nth:45):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:14 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x10, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1035.843324] QAT: Invalid ioctl
05:40:14 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:14 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
socket$alg(0x26, 0x5, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r3 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r3, r0, 0x0)

05:40:14 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xffffffffffffff43)
ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x7704, 0x0)
writev(r2, &(0x7f0000000000)=[{&(0x7f0000000080)="f3b14c4157c872b200379aa9217526698d5ec3a2986c014245a770d9896e5dab6fda7247344a176879458024b8b54085fe1531b20e018dc13e7b397bd11414609a98b125e7463652", 0x48}], 0x1)

05:40:14 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1035.963669] FAULT_INJECTION: forcing a failure.
[ 1035.963669] name failslab, interval 1, probability 0, space 0, times 0
[ 1035.975035] CPU: 1 PID: 22724 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1035.982935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1035.992288] Call Trace:
[ 1035.994888]  dump_stack+0x142/0x197
[ 1035.998526]  should_fail.cold+0x10f/0x159
[ 1036.002680]  ? __es_tree_search.isra.0+0x15f/0x1c0
[ 1036.007730]  should_failslab+0xdb/0x130
[ 1036.011708]  kmem_cache_alloc+0x47/0x780
[ 1036.015775]  __es_insert_extent+0x26c/0xe60
[ 1036.020118]  ext4_es_insert_extent+0x1f0/0x590
[ 1036.024705]  ? check_preemption_disabled+0x3c/0x250
[ 1036.029726]  ? ext4_es_find_delayed_extent_range+0x960/0x960
[ 1036.035527]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 1036.040977]  ? ext4_es_find_delayed_extent_range+0x31d/0x960
[ 1036.046888]  ext4_ext_put_gap_in_cache+0xcb/0x110
[ 1036.051736]  ? ext4_zeroout_es+0x170/0x170
[ 1036.055976]  ? ext4_find_extent+0x64c/0x960
[ 1036.060310]  ext4_ext_map_blocks+0x1d4b/0x4fa0
[ 1036.064911]  ? find_inode_nowait+0x147/0x180
[ 1036.069323]  ? save_trace+0x290/0x290
[ 1036.073133]  ? ext4_find_delalloc_cluster+0xb0/0xb0
[ 1036.078147]  ? __lock_is_held+0xb6/0x140
[ 1036.082221]  ? lock_acquire+0x16f/0x430
[ 1036.086190]  ? ext4_map_blocks+0x402/0x17c0
[ 1036.090504]  ext4_map_blocks+0xd3c/0x17c0
[ 1036.094642]  ? __lock_is_held+0xb6/0x140
[ 1036.098685]  ? check_preemption_disabled+0x3c/0x250
[ 1036.103686]  ? ext4_issue_zeroout+0x160/0x160
[ 1036.108165]  ? __brelse+0x50/0x60
[ 1036.111606]  ext4_getblk+0xac/0x450
[ 1036.115256]  ? ext4_iomap_begin+0x8a0/0x8a0
[ 1036.119558]  ? ext4_free_inode+0x1210/0x1210
[ 1036.123953]  ext4_bread+0x6e/0x1a0
[ 1036.126825] QAT: Invalid ioctl
[ 1036.127487]  ? ext4_getblk+0x450/0x450
[ 1036.134555]  ext4_append+0x14b/0x360
[ 1036.138267]  ext4_mkdir+0x531/0xc20
[ 1036.141890]  ? ext4_init_dot_dotdot+0x4c0/0x4c0
[ 1036.146554]  ? security_inode_mkdir+0xd0/0x110
[ 1036.151147]  vfs_mkdir+0x3ca/0x610
[ 1036.154682]  SyS_mkdir+0x1b7/0x200
[ 1036.158212]  ? SyS_mkdirat+0x210/0x210
[ 1036.162088]  ? do_syscall_64+0x53/0x640
[ 1036.166050]  ? SyS_mkdirat+0x210/0x210
[ 1036.169924]  do_syscall_64+0x1e8/0x640
[ 1036.173797]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1036.178631]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1036.183807] RIP: 0033:0x45a7b7
[ 1036.186982] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1036.194678] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045a7b7
[ 1036.201933] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0
[ 1036.209188] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1036.216439] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1036.223691] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000002d
05:40:16 executing program 5:
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_SIOCDELRT(r1, 0x890c, &(0x7f0000000000)={0x0, @ax25={0x3, @default, 0x2}, @hci={0x1f, 0x4, 0x4}, @tipc=@name={0x1e, 0x2, 0x3, {{0x43, 0x2}, 0x3}}, 0x6, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x20, 0x71e, 0xd})

05:40:16 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x50201, 0x0)
accept4$llc(r2, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f00000000c0)=0x10, 0x800)

05:40:16 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:16 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:16 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
socket$alg(0x26, 0x5, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r3 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r3, r0, 0x0)

05:40:16 executing program 3 (fault-call:0 fault-nth:46):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[ 1038.391835] QAT: Invalid ioctl
[ 1038.417993] FAULT_INJECTION: forcing a failure.
[ 1038.417993] name failslab, interval 1, probability 0, space 0, times 0
[ 1038.430469] CPU: 0 PID: 22752 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1038.438368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1038.447717] Call Trace:
[ 1038.450305]  dump_stack+0x142/0x197
[ 1038.453944]  should_fail.cold+0x10f/0x159
[ 1038.458097]  should_failslab+0xdb/0x130
[ 1038.462071]  kmem_cache_alloc+0x2d7/0x780
[ 1038.466202]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1038.471251]  ? __mark_inode_dirty+0x2b7/0x1040
[ 1038.475825]  ext4_mb_new_blocks+0x513/0x3b30
[ 1038.480225]  ? ext4_find_extent+0x709/0x960
[ 1038.484579]  ext4_ext_map_blocks+0x26cd/0x4fa0
[ 1038.489142]  ? ext4_find_delalloc_cluster+0xb0/0xb0
[ 1038.494166]  ? __lock_is_held+0xb6/0x140
[ 1038.498232]  ? lock_acquire+0x16f/0x430
[ 1038.502193]  ext4_map_blocks+0x881/0x17c0
[ 1038.506333]  ? ext4_issue_zeroout+0x160/0x160
[ 1038.510845]  ? __brelse+0x50/0x60
[ 1038.514300]  ext4_getblk+0xac/0x450
[ 1038.517919]  ? ext4_iomap_begin+0x8a0/0x8a0
[ 1038.522227]  ? ext4_free_inode+0x1210/0x1210
[ 1038.526619]  ext4_bread+0x6e/0x1a0
[ 1038.530155]  ? ext4_getblk+0x450/0x450
[ 1038.534044]  ext4_append+0x14b/0x360
[ 1038.537749]  ext4_mkdir+0x531/0xc20
[ 1038.541365]  ? ext4_init_dot_dotdot+0x4c0/0x4c0
[ 1038.546020]  ? security_inode_mkdir+0xd0/0x110
[ 1038.550587]  vfs_mkdir+0x3ca/0x610
[ 1038.554130]  SyS_mkdir+0x1b7/0x200
[ 1038.557668]  ? SyS_mkdirat+0x210/0x210
[ 1038.561567]  ? do_syscall_64+0x53/0x640
[ 1038.565531]  ? SyS_mkdirat+0x210/0x210
[ 1038.569400]  do_syscall_64+0x1e8/0x640
[ 1038.573295]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1038.578135]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1038.583309] RIP: 0033:0x45a7b7
[ 1038.586480] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1038.594174] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045a7b7
[ 1038.601437] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0
[ 1038.608694] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
05:40:17 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:17 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x300000d, 0x810, r0, 0xdf148000)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$ASHMEM_SET_NAME(r1, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xc0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x88\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x019\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r3 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r3, r0, 0x0)

05:40:17 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r3 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r3, r0, 0x0)

[ 1038.615961] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1038.623226] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000002e
[ 1038.645338] ptrace attach of "/root/syz-executor.5"[22759] was attempted by "/root/syz-executor.5"[22760]
05:40:17 executing program 3 (fault-call:0 fault-nth:47):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[ 1038.717801] QAT: Invalid ioctl
05:40:17 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x2, &(0x7f0000000440)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x4, 0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x4000000}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x9, 0xffffffffffffffff, &(0x7f00000003c0)="2bbc5ab06dcd6354d42423021b46161a78905e26f7469e3b7125a5251545a884", 0x20, 0x4, 0x0, 0x2}])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
r1 = getpid()
tkill(r1, 0x9)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={<r4=>r1, r3, 0x0, 0x7, &(0x7f0000000000)='%,user\x00'}, 0x30)
ptrace$setopts(0x4200, r4, 0x3, 0x12)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
r5 = getpid()
tkill(r5, 0x9)
r6 = getpid()
tkill(r6, 0x9)
ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000240)="3e022d0b357e000400003ce511f1bba2526c9b94abd84abb38385015bd7c8aa67a54db73b86ee98be1871c5548863b464928cfa00faa6fdbf97b9bdcd8f8905c530f3eb406de8a171bbd975a8061dcfaef80bfc3b37bd7ce1ada5506985f92ab63284eb0a579ee408ea6c622b7c66c9ed5f7160c49fa15d16fa3ea9d1fed9f26181ec0683963404086f719c6581eb021ad1b5061504498c00ec3b8b4b3d81aab874f5797412dd7c4611d79da3cfb16ca4a05a8359d6d5318f1f570d6345beec65d038dd93995ad")
ptrace$cont(0x9, r0, 0x20000000000000, 0x3f)
r7 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r8 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r8, r7, 0x0, 0x209)
ioctl$VIDIOC_QBUF(r7, 0xc058560f, &(0x7f0000000340)={0x6, 0xc, 0x4, 0x100, 0x1, {0x77359400}, {0x1, 0x1, 0xe8, 0x5, 0x34, 0x6, "a24e70f9"}, 0x0, 0x4, @offset=0xfffffff7, 0xed, 0x0, <r9=>r3})
ioctl$PPPIOCGIDLE(r9, 0x8010743f, &(0x7f0000000180))

05:40:17 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:17 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r3 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r3, r0, 0x0)

05:40:17 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)=0x1)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
prctl$PR_SET_ENDIAN(0x14, 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x80000)

[ 1038.802678] FAULT_INJECTION: forcing a failure.
[ 1038.802678] name failslab, interval 1, probability 0, space 0, times 0
[ 1038.843823] CPU: 0 PID: 22776 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1038.851729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1038.861081] Call Trace:
[ 1038.862035] QAT: Invalid ioctl
[ 1038.863671]  dump_stack+0x142/0x197
[ 1038.863691]  should_fail.cold+0x10f/0x159
[ 1038.863710]  should_failslab+0xdb/0x130
[ 1038.863721]  kmem_cache_alloc+0x2d7/0x780
[ 1038.863735]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1038.863746]  ? __mark_inode_dirty+0x2b7/0x1040
[ 1038.863761]  ext4_mb_new_blocks+0x513/0x3b30
[ 1038.896767]  ? ext4_find_extent+0x709/0x960
[ 1038.901102]  ext4_ext_map_blocks+0x26cd/0x4fa0
[ 1038.905699]  ? ext4_find_delalloc_cluster+0xb0/0xb0
[ 1038.910714]  ? __lock_is_held+0xb6/0x140
[ 1038.914779]  ? lock_acquire+0x16f/0x430
[ 1038.918763]  ext4_map_blocks+0x881/0x17c0
[ 1038.922920]  ? ext4_issue_zeroout+0x160/0x160
[ 1038.927414]  ? __brelse+0x50/0x60
[ 1038.930875]  ext4_getblk+0xac/0x450
[ 1038.934491]  ? ext4_iomap_begin+0x8a0/0x8a0
[ 1038.938800]  ? ext4_free_inode+0x1210/0x1210
[ 1038.943206]  ext4_bread+0x6e/0x1a0
[ 1038.946740]  ? ext4_getblk+0x450/0x450
[ 1038.950638]  ext4_append+0x14b/0x360
[ 1038.954349]  ext4_mkdir+0x531/0xc20
[ 1038.957979]  ? ext4_init_dot_dotdot+0x4c0/0x4c0
[ 1038.962640]  ? security_inode_mkdir+0xd0/0x110
[ 1038.967211]  vfs_mkdir+0x3ca/0x610
[ 1038.970754]  SyS_mkdir+0x1b7/0x200
[ 1038.974286]  ? SyS_mkdirat+0x210/0x210
[ 1038.978172]  ? do_syscall_64+0x53/0x640
[ 1038.982143]  ? SyS_mkdirat+0x210/0x210
[ 1038.986028]  do_syscall_64+0x1e8/0x640
[ 1038.989908]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1038.994752]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1038.999936] RIP: 0033:0x45a7b7
[ 1039.003121] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1039.010833] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045a7b7
[ 1039.018093] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0
[ 1039.025351] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1039.032615] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1039.039876] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000002f
05:40:19 executing program 4:
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:19 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:19 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_setup(0x7, &(0x7f0000000100)=<r0=>0x0)
io_destroy(r0)
io_submit(r0, 0x0, &(0x7f0000000200))
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r1 = gettid()
wait4(0x0, 0x0, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r1, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r1, 0x3c)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

05:40:19 executing program 3 (fault-call:0 fault-nth:48):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:19 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
socket$alg(0x26, 0x5, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)

05:40:19 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ashmem\x00', 0x501080, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000140)={{0x1, 0x0, @identifier="81bad13afa45cd7945b424e0f5f2d709"}, 0x99, [], "671b069640be92ccf9db59b00b65b2323d161dabebaa1416cdc91a0bd1b8adbc17748051dcd7e50a80e8fe0b179d1dea0daf2cb7a233c1208e287166611b34464eb6c2a5562fb6844559d82aa9cd258994274dc5c620ebda33a271afb8a049bba3b1cb8ba90ad9fbbf61feaffd9569b0ce6fa0f243dd39aa4e95e16b818b1854e3ae58a082cc1632ea60e3c787a763d39072c5bfd1c88b528d"})
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r3, 0xc0305710, &(0x7f0000000000)={0x1, 0x6982, 0x800})
dup3(r2, r0, 0x0)

05:40:19 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:19 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1041.433707] FAULT_INJECTION: forcing a failure.
[ 1041.433707] name failslab, interval 1, probability 0, space 0, times 0
[ 1041.445236] CPU: 0 PID: 22805 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1041.453123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1041.462475] Call Trace:
[ 1041.465074]  dump_stack+0x142/0x197
[ 1041.467120] QAT: Invalid ioctl
[ 1041.468708]  should_fail.cold+0x10f/0x159
[ 1041.468720]  ? __es_tree_search.isra.0+0x15f/0x1c0
[ 1041.468733]  should_failslab+0xdb/0x130
[ 1041.468743]  kmem_cache_alloc+0x47/0x780
[ 1041.488956]  ? ext4_es_can_be_merged+0x16e/0x230
[ 1041.493699]  __es_insert_extent+0x26c/0xe60
[ 1041.498013]  ext4_es_insert_extent+0x1f0/0x590
[ 1041.502585]  ? ext4_es_find_delayed_extent_range+0x960/0x960
[ 1041.508393]  ext4_map_blocks+0xab1/0x17c0
[ 1041.512548]  ? ext4_issue_zeroout+0x160/0x160
[ 1041.517040]  ? __brelse+0x50/0x60
[ 1041.520489]  ext4_getblk+0xac/0x450
[ 1041.524104]  ? ext4_iomap_begin+0x8a0/0x8a0
[ 1041.528416]  ? ext4_free_inode+0x1210/0x1210
[ 1041.532813]  ext4_bread+0x6e/0x1a0
[ 1041.536342]  ? ext4_getblk+0x450/0x450
[ 1041.540220]  ext4_append+0x14b/0x360
[ 1041.543921]  ext4_mkdir+0x531/0xc20
[ 1041.547544]  ? ext4_init_dot_dotdot+0x4c0/0x4c0
[ 1041.552200]  ? security_inode_mkdir+0xd0/0x110
[ 1041.556788]  vfs_mkdir+0x3ca/0x610
[ 1041.560313]  SyS_mkdir+0x1b7/0x200
[ 1041.563834]  ? SyS_mkdirat+0x210/0x210
[ 1041.567708]  ? do_syscall_64+0x53/0x640
[ 1041.571666]  ? SyS_mkdirat+0x210/0x210
[ 1041.575544]  do_syscall_64+0x1e8/0x640
[ 1041.579426]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1041.584261]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1041.589437] RIP: 0033:0x45a7b7
[ 1041.592623] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1041.600318] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045a7b7
[ 1041.607570] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0
[ 1041.614824] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1041.622078] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1041.629332] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000030
05:40:20 executing program 5:
iopl(0x2)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:20 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
socket$alg(0x26, 0x5, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)

[ 1041.663783] ptrace attach of "/root/syz-executor.4"[22815] was attempted by "/root/syz-executor.4"[22819]
05:40:20 executing program 4:
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:20 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, 0x0)

[ 1041.766319] QAT: Invalid ioctl
05:40:20 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)

05:40:20 executing program 4:
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:20 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, 0x0)

[ 1041.813689] ptrace attach of "/root/syz-executor.4"[22836] was attempted by "/root/syz-executor.4"[22841]
[ 1041.889273] QAT: Invalid ioctl
[ 1041.918182] ptrace attach of "/root/syz-executor.4"[22851] was attempted by "/root/syz-executor.4"[22852]
05:40:20 executing program 3 (fault-call:0 fault-nth:49):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:20 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, 0x0)

05:40:20 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:20 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
r3 = getpid()
tkill(r3, 0x9)
r4 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r5=>0x0}, &(0x7f0000cab000)=0xa)
setreuid(0x0, r5)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
fstat(r6, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000480)={0x0, 0x80000, <r8=>0xffffffffffffffff})
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r10 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r10, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000004c0)=<r11=>0x0)
r12 = getpid()
tkill(r12, 0x9)
lstat(&(0x7f0000000500)='./bus\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, <r13=>0x0, <r14=>0x0})
stat(0x0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, <r15=>0x0})
setresgid(0x0, r15, 0x0)
r16 = getpid()
tkill(r16, 0x9)
r17 = getpgrp(r16)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000005c0)={{{@in=@local, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r18=>0x0}}, {{@in=@multicast2}}}, &(0x7f00000006c0)=0xe8)
r19 = getegid()
r20 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r20, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r20, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r21 = getpid()
tkill(r21, 0x9)
r22 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r23 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r23, r22, 0x0, 0x209)
getsockopt$inet6_IPV6_XFRM_POLICY(r22, 0x29, 0x23, &(0x7f0000000700)={{{@in=@initdev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r24=>0x0}}, {{@in6=@dev}, 0x0, @in6=@local}}, &(0x7f0000000800)=0xe8)
r25 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r25, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r25, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r26 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r26, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r26, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r27 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r27, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r27, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r28 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r28, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r28, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r29 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r29, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r29, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r30 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r30, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r30, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
sendmmsg$unix(r1, &(0x7f0000000980)=[{&(0x7f0000000080)=@file={0x0, './bus\x00'}, 0x6e, &(0x7f00000003c0)=[{&(0x7f0000000140)="0174d04060aab7b3d0be0d0e2f6161aca95f5f0026d5c56d9c9faf316041c590b0452e38f0da1e00f7cd94eca12eed1f7f740b97b3c010f237cce9478fd7bd81de3f2783547383f1678622f16a00911f3ec42448b486539006307654e6913fbc0e64ca7839117cd0505737edf1638eaadb6fbf0877468efa69c66ac2efe675ca8e52b404493097c34d29966c62127737eed3c134f033d7f120f3c1915b845ae868c51438714dc9d159d46d56c93b144928393a0ed56826cc5178957660b83d4caf8436e1bba2827cc059123c17ab829a4b2444a896a294133a525057b7d968cf73", 0xe1}, {&(0x7f0000000240)="8893b7", 0x3}], 0x2, &(0x7f0000000e80)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r3, @ANYRES32=r5, @ANYRES32=r7, @ANYBLOB="000000002c000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r8, @ANYRES32=r9, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r10, @ANYBLOB="000000001c0000000200"/20, @ANYRES32=r11, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r12, @ANYRES32=r13, @ANYPTR64=&(0x7f0000000d40)=ANY=[@ANYPTR64=&(0x7f00000009c0)=ANY=[@ANYPTR, @ANYRESOCT=r24, @ANYPTR64, @ANYRESHEX=r14], @ANYPTR=&(0x7f0000000a80)=ANY=[@ANYRESDEC=r23, @ANYBLOB="aa205051ae323706e275a37d01c5af0af6f4cbf723c1718d0fca2eab651fa50635eb1f1e45bf50b349c5065f3646f2067b65ed6c46181d86da4c155ca2fdd44ef8705122288be4e3bddff5e768eadae1fed99f4ccfe3034fae3fbb0d25ed53d23c625c9ee6ec89f0ac4f1159ce0961027e556b21a9b3be9a942fb39ff3909515d8fdb553b63633f247df007671c9ea09fe81e718e85e061a2d09d93fc388ea831833c9534b9c5a1caa047de67331baaf9b38bc247c55e0114ed6644d0ffd59a3803900f4c92b03c57d28dab39df2fa81af986504f6de224c7d530048708617ffa5bf9b39cfac2e8e4fd5def1ff", @ANYRES64=r25, @ANYRESOCT=0x0, @ANYPTR64, @ANYPTR, @ANYRES32=r8, @ANYPTR64], @ANYRESHEX=0x0, @ANYPTR=&(0x7f0000000bc0)=ANY=[@ANYRESOCT, @ANYRESDEC=r26, @ANYPTR], @ANYBLOB="1748543c638679c4ec4a56a05017b58c606b4befc7393a1494d6cb3f54c93dbee53e5cc640145de5b6b40f4809e3f45381f95d9b05177ff51aed0559621bb732aba934e4e5c726d938deef84b9c70a1f2b5c3b320f04fa2576ec1a32a864c7c79d507eb2f9df138ddc0f42db142e15541d2cd8a528fe3e37bcfe80ad6e0cf273e2e17fc603cd5eee266b4ca8965f523a9702a0a75fdd0fdc3ef2ec1fd9a5b8eb7af63099d9161edd815100bad6458d2f4e5b31c1d286aeee81b313c443c63114778219953a2090a099666766e5cfc62251df03", @ANYPTR64=&(0x7f0000000c00)=ANY=[@ANYRESHEX=r8, @ANYRESHEX=r28], @ANYRES16=0x0, @ANYPTR64=&(0x7f0000000c40)=ANY=[@ANYPTR64, @ANYRES64=r29, @ANYRESHEX=r30, @ANYBLOB="ee9b7ca0e8ef9a11281ac1313cc98ef4eb6194362d12fea85e0bb9125995e2c780c40b6412344c6a328eaa414ca90ccbe99fd7963d5355dbbd639b99ba648d9fde93c02246ade8f07e86f92546bf0e3de5a916feb646cf291e0a9bcc5c62e6a83332b62c501b758d58175b5a6d3582ec23a6b5f72193f27c8dad071d6422d379790fc45ca56192ec6799b49c84a038ddc49cc2f133d6e3b1414059d75e5047a052a8e881f70b7723033469b7903ee3", @ANYRES32=r18, @ANYRES32]], @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r17, @ANYRES32=r18, @ANYRES32=r19, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r0, @ANYRES32, @ANYRES32=r20, @ANYRES32=r0, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r21, @ANYRES32=r24, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x10c, 0x8004}], 0x1, 0x40010)
r31 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r32 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r32, r31, 0x0, 0x209)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x200000)
r33 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r34 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r34, r33, 0x0, 0x209)
r35 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r36 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r36, r35, 0x0, 0x209)
ioctl$ASHMEM_SET_SIZE(r36, 0x40087703, 0x800000ffd)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r37 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r37, r0, 0x0)

05:40:20 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

[ 1042.139550] FAULT_INJECTION: forcing a failure.
[ 1042.139550] name failslab, interval 1, probability 0, space 0, times 0
[ 1042.151122] CPU: 0 PID: 22862 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1042.159010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1042.168361] Call Trace:
[ 1042.170939]  dump_stack+0x142/0x197
[ 1042.174574]  should_fail.cold+0x10f/0x159
[ 1042.178710]  ? __es_tree_search.isra.0+0x15f/0x1c0
[ 1042.183625]  should_failslab+0xdb/0x130
[ 1042.187585]  kmem_cache_alloc+0x47/0x780
[ 1042.191632]  ? ext4_es_can_be_merged+0x16e/0x230
[ 1042.196375]  __es_insert_extent+0x26c/0xe60
[ 1042.200690]  ext4_es_insert_extent+0x1f0/0x590
[ 1042.205261]  ? ext4_es_find_delayed_extent_range+0x960/0x960
[ 1042.211054]  ext4_map_blocks+0xab1/0x17c0
[ 1042.215195]  ? ext4_issue_zeroout+0x160/0x160
[ 1042.219674]  ? __brelse+0x50/0x60
[ 1042.223120]  ext4_getblk+0xac/0x450
[ 1042.226733]  ? ext4_iomap_begin+0x8a0/0x8a0
[ 1042.231041]  ? ext4_free_inode+0x1210/0x1210
[ 1042.235440]  ext4_bread+0x6e/0x1a0
[ 1042.238966]  ? ext4_getblk+0x450/0x450
[ 1042.242848]  ext4_append+0x14b/0x360
[ 1042.246548]  ext4_mkdir+0x531/0xc20
[ 1042.250182]  ? ext4_init_dot_dotdot+0x4c0/0x4c0
[ 1042.254848]  ? security_inode_mkdir+0xd0/0x110
[ 1042.259433]  vfs_mkdir+0x3ca/0x610
[ 1042.262961]  SyS_mkdir+0x1b7/0x200
[ 1042.266486]  ? SyS_mkdirat+0x210/0x210
[ 1042.270355]  ? do_syscall_64+0x53/0x640
[ 1042.274313]  ? SyS_mkdirat+0x210/0x210
[ 1042.278186]  do_syscall_64+0x1e8/0x640
[ 1042.282056]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1042.286981]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1042.292151] RIP: 0033:0x45a7b7
[ 1042.295344] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1042.303037] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045a7b7
[ 1042.310289] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0
[ 1042.317553] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1042.324808] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
[ 1042.332064] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000031
05:40:23 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0xffffffffffffffff, 0x0, 0x4, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000003c0)={{{@in6=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@dev}, 0x0, @in=@local}}, &(0x7f00000004c0)=0xe8)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000500)={@rand_addr="f29ce4166bcb14d08f17de16a536faed", 0x6b, r1})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:23 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$sock_SIOCDELDLCI(r1, 0x8981, &(0x7f0000000000)={'xfrm0\x00', 0x101})
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)

05:40:23 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:23 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:23 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, &(0x7f0000000000)={0x3, 0x4, 0xe1000000})
wait4(r0, 0x0, 0x80000002, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x1e)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$EXT4_IOC_MIGRATE(r1, 0x6609)

05:40:23 executing program 3 (fault-call:0 fault-nth:50):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:23 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_INFO(r1, 0x81204101, &(0x7f0000000400))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x1000001, 0xd0810, r3, 0x6dfe4000)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
ftruncate(r4, 0x208200)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x101400, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r6], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r6, 0x0, 0x70bd25, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "fb4880584d"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000c0)
write(r4, &(0x7f0000000040)='e', 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r7 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r7, r0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r10 = getpid()
tkill(r10, 0x9)
r11 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r12 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r12, r11, 0x0, 0x209)
perf_event_open(&(0x7f0000000540)={0x1, 0x70, 0x40, 0x3, 0x1, 0x8, 0x0, 0x3, 0x2020, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x10000, 0x5, @perf_config_ext={0x1000, 0x9}, 0x32114, 0x6, 0x5, 0x2, 0x5, 0x0, 0x3ff}, r10, 0x2, r12, 0x0)
sendfile(r9, r8, 0x0, 0x209)
ioctl$VHOST_SET_OWNER(r8, 0xaf01, 0x0)

05:40:23 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:23 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x204000, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f0000000240)={'filter\x00', 0x0, 0x0, 0x0, [], 0x2, &(0x7f0000000040)=[{}, {}], 0x0, [{}, {}]}, 0x98)
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 1044.757332] FAULT_INJECTION: forcing a failure.
[ 1044.757332] name failslab, interval 1, probability 0, space 0, times 0
[ 1044.810390] CPU: 1 PID: 22887 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1044.818324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1044.827681] Call Trace:
[ 1044.830270]  dump_stack+0x142/0x197
[ 1044.833905]  should_fail.cold+0x10f/0x159
[ 1044.838048]  ? __lock_is_held+0xb6/0x140
[ 1044.842112]  ? mempool_free+0x1d0/0x1d0
[ 1044.846085]  should_failslab+0xdb/0x130
[ 1044.850061]  kmem_cache_alloc+0x47/0x780
[ 1044.854134]  ? mempool_free+0x1d0/0x1d0
[ 1044.858133]  mempool_alloc_slab+0x47/0x60
[ 1044.862286]  mempool_alloc+0x138/0x300
[ 1044.866167]  ? remove_element.isra.0+0x1b0/0x1b0
[ 1044.870976]  ? __unlock_page_memcg+0x53/0x100
[ 1044.875456]  ? save_trace+0x290/0x290
[ 1044.879272]  bio_alloc_bioset+0x368/0x680
[ 1044.883419]  ? bvec_alloc+0x2e0/0x2e0
[ 1044.887209]  submit_bh_wbc+0xf6/0x720
[ 1044.890999]  __sync_dirty_buffer+0xcf/0x260
[ 1044.895309]  sync_dirty_buffer+0x1b/0x20
[ 1044.899357]  __ext4_handle_dirty_metadata+0x16e/0x470
[ 1044.904541]  ext4_handle_dirty_dirent_node+0x35b/0x480
[ 1044.909824]  ? ext4_rename_dir_prepare+0x3f0/0x3f0
[ 1044.914735]  ? memcpy+0x46/0x50
[ 1044.917999]  ? ext4_init_dot_dotdot+0x360/0x4c0
[ 1044.922650]  ext4_mkdir+0x5c6/0xc20
[ 1044.926264]  ? ext4_init_dot_dotdot+0x4c0/0x4c0
[ 1044.930954]  ? security_inode_mkdir+0xd0/0x110
[ 1044.935537]  vfs_mkdir+0x3ca/0x610
[ 1044.939069]  SyS_mkdir+0x1b7/0x200
[ 1044.942597]  ? SyS_mkdirat+0x210/0x210
[ 1044.946485]  ? do_syscall_64+0x53/0x640
[ 1044.950440]  ? SyS_mkdirat+0x210/0x210
[ 1044.954309]  do_syscall_64+0x1e8/0x640
[ 1044.958180]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1044.963012]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1044.968272] RIP: 0033:0x45a7b7
[ 1044.971447] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1044.979148] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045a7b7
[ 1044.986406] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0
[ 1044.993658] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a
[ 1045.000910] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003
05:40:23 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x2)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
getsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000000000), &(0x7f00000001c0)=0x4)
fcntl$notify(r0, 0x402, 0x10)
r1 = memfd_create(&(0x7f0000000680)='A\x05\xd5\x98!1\xa6\x1c\x18\x9ez?K0sow\xd8^\x9aI]w`\xb6n2\xb32\xc3~c\xcc\x9a=\xb5y\x9f\xf6\x15ZQS\x1b\xa5\xafJ\xb7;\xf0#P%!\xc3\x94e\xb6\x02\x88\xa1\x16\xfa\xaa\xb0G\x88\xbaI\x03\x8c\x7f\xba\x05\xed\xa2]\xdb\xa9v\xd1J%\v\b\x00E1\t\xd8\r\x8eq\x92-~\xd9d)\xa5p\x06\x901O:\x93G\x80\x9e\xe4\xea;\xb4\x8c\xcbF\x7fP\x12\xebU\xb4\xecQ\xb0\xdaA\xc9-\x9a\"\xe3\xe6\'i\xd7b%\xaeIcRo*\x14\xf6j\'k7\x9d\x83\x93I\xda]\xc6\x14*\xdff\fY\xae\x0e\x14\xa9\\\xf3\xfc\xedD9<\xe5\xa2\xa8\xc1b7\xa9\xf4\xb8\x87EP\x11\xf7\x17\xd8\x10\n[r\xf72h\x00\x00\x00\x01\x00\x00\x00\x01\xf8\xb9\xb0>!fo\xf9\x1cm\xe2\xdd=\xe2\xe1\x98t\\ylM\x9a\x82\xccHs\xde,\xf4Jm\x87g#\x9f.y\x8b\xd5\xaa\bo\x13\x0fJ\x87\x00\x80\x85\xd6\xb3\x898I\xac\x82\xfdg\x98 ,\x97\xec\rN\xbci*/\x95\x19\x05W\xf9q\x90\xcd%\x1bR\xca&\x9fB5u47f\xe3\xd8J:\xc5\x88\xea\xbc\xdc\xd9\a\xf9\x99+\xc7U\xa3\xb5\xa3\xbbZi\x15\n\xa8\x189\xe2\x9d\x05Dl]\xdf\xddZ\n\x0f3\xc6z\x92\xaa\r\xc0-\n\xe0\x87\x9fNC\x06w\x10\xa7\xcc\xcb\xe0\xfe\xda \x00\xffq$\xe7\xd6\xb7\xed\xf0sp\xea\xf5\x02\xd1\xebng\x06\xba\x8fj\x90\x9e\x19\x19\xf4\x84\xdb\xce}\x83\xa9\xa1\x1a\xa8\x98\xa4j\xf5\xfe(\x03\x91\xe7\x98\xf5M\xd0\x88\xe7D \xe6\x1c\xa9\xb1\xdd\xd7\xd6V\xb7\xb7\x00\x00\x00\x00\x00\x00\x00\x00\fT\x9f\x8c\x8a\xca\xee\xeb=z#U\x8b\\\xd5\xb11\xa3\xd28\xbc\xc0A\x94\x92*)\xc0\xe0\x9f\xad\xdc\xeb\xa5\x98\x97\x02\x0e\xb8)U\x84\xfa\x91S\xa7\xf0\xae\x85\x19\xa8\xbeZS\x06\x12\xa4\x06-\xf8=[\xa52k\xfao\xe6\x80\xf3U\xb5\xbf6S\xfaM\xb0\xfab\x8a\xe5\xa1Zq\x98i\x11G\xf9\xec\xfd\x1aT\x91\"\xaf$\x12\x06\xf8\x1f\x02\xff\x14`\xdcz\xf2\x1b\x8bBP!\xfe(#\xb6x\x00'/559, 0x4)
ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, &(0x7f0000000080)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
dup3(r1, r0, 0x0)

05:40:23 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 1045.008163] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000032
[ 1045.046061] QAT: Invalid ioctl
05:40:23 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, r0, 0x0, 0x209)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000080)={0x0, 0x8, 0x2, <r3=>r2, 0x0, &(0x7f0000000040)={0x9e0907, 0x796f4a93, [], @value=0x7}})
ioctl$TIOCCBRK(r3, 0x5428)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r4 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x8002, 0x0)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0)='ethtool\x00')
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x11, 0x2, 0x0)
bind(r7, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r7, &(0x7f0000000040)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c0000001000"/15, @ANYRES32=r8, @ANYBLOB="00000000000000001c0016801800018014000a00"/36], 0x3c}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000300)={'wireguard0\x00', <r9=>r8})
r10 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r10, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r11 = socket$nl_route(0x10, 0x3, 0x0)
r12 = socket(0x11, 0x2, 0x0)
bind(r12, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r12, &(0x7f0000000040)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@ipmr_getroute={0x1c, 0x1a, 0x100, 0x70bd2c, 0x25dfdbfe, {0x80, 0x20, 0x10, 0x6, 0x0, 0x1, 0xfe, 0x5, 0xc00}, ["", ""]}, 0x1c}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r10, 0x8933, &(0x7f00000009c0)={'wireguard1\x00', <r14=>r13})
r15 = socket$nl_route(0x10, 0x3, 0x0)
r16 = socket(0x11, 0x2, 0x0)
bind(r16, &(0x7f0000000380)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r16, &(0x7f0000000040)={0x11, 0x0, <r17=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r15, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB='<\x00\x00\x00\x00\x00\x00\b\x00'/20, @ANYRES32=r17, @ANYBLOB="00000000000000001c0016801800018014000a00"/36], 0x3c}}, 0x0)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000b40)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a00)=ANY=[@ANYBLOB="fc000000", @ANYRES16=r5, @ANYBLOB="020028bd7000fedbdf25030000005000018008000300c6da3fe6080003000200000008000100", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="14000200626174616476300000000000000000000800030003000000080003000300000008000300020000000500050008000000440001801400020074756e6c30000000000000000000000008000100", @ANYRES32=r14, @ANYBLOB="08000100", @ANYRES32=r17, @ANYBLOB="08000300030000001400020073797a5f74756e000000000000000000050b05004500000005000200af00000005000300010000002c000180140002007866726d30000000000000000000deff1300020076657468305f766c616e0000feffffff0500030014000000"], 0xfc}, 0x1, 0x0, 0x0, 0x40}, 0x1)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r4, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f00000012c0)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/57, 0x39}, {&(0x7f00000023c0)=""/53, 0x35}, {&(0x7f0000000180)=""/42, 0x2a}, {&(0x7f0000001380)=""/4102, 0x1006}], 0x6, 0x0, 0x0, 0x0)
tkill(r4, 0x3c)
r18 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r19 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r19, r18, 0x0, 0x209)
ioctl$VT_GETSTATE(r19, 0x5603, &(0x7f0000000240)={0xffff, 0x4, 0x6})
ptrace$cont(0x9, r4, 0x0, 0x0)

05:40:23 executing program 1:
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r2 = accept4(r1, 0x0, &(0x7f0000000000), 0x80000)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

[ 1045.171667] audit: type=1800 audit(2844654023.643:128): pid=22905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.2" name="bus" dev="sda1" ino=16640 res=0
05:40:23 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:23 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:23 executing program 3 (fault-call:0 fault-nth:51):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:23 executing program 2 (fault-call:3 fault-nth:0):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1045.301886] selinux_nlmsg_perm: 69 callbacks suppressed
[ 1045.301894] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=22923 comm=syz-executor.5
[ 1045.345948] FAULT_INJECTION: forcing a failure.
[ 1045.345948] name failslab, interval 1, probability 0, space 0, times 0
[ 1045.357549] CPU: 0 PID: 22933 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1045.365436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1045.374791] Call Trace:
[ 1045.377375]  dump_stack+0x142/0x197
[ 1045.381002]  should_fail.cold+0x10f/0x159
[ 1045.385148]  should_failslab+0xdb/0x130
[ 1045.389114]  kmem_cache_alloc+0x47/0x780
[ 1045.393166]  ? lock_downgrade+0x740/0x740
[ 1045.397388]  __sigqueue_alloc+0x1da/0x400
[ 1045.401526]  __send_signal+0x1a2/0x1280
[ 1045.405485]  ? lock_acquire+0x16f/0x430
[ 1045.409455]  send_signal+0x49/0xc0
[ 1045.412986]  force_sig_info+0x243/0x350
[ 1045.416955]  force_sig_info_fault.constprop.0+0x1c6/0x2b0
[ 1045.422484]  ? is_prefetch.isra.0+0x350/0x350
[ 1045.426972]  ? trace_raw_output_x86_exceptions+0x140/0x140
[ 1045.432596]  __bad_area_nosemaphore+0x1dc/0x2a0
[ 1045.437275]  bad_area+0x69/0x80
[ 1045.440540]  __do_page_fault+0x86f/0xb80
[ 1045.444593]  ? vmalloc_fault+0xe30/0xe30
[ 1045.448640]  ? page_fault+0x2f/0x50
[ 1045.452250]  do_page_fault+0x71/0x511
[ 1045.456031]  ? page_fault+0x2f/0x50
[ 1045.459642]  page_fault+0x45/0x50
[ 1045.463081] RIP: 0033:0x454f9f
[ 1045.466251] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00010283
[ 1045.471613] RAX: 00007fc1a18e6b40 RBX: 00007fc1a18e76d4 RCX: 0000000000000000
[ 1045.478867] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007fc1a18e6b40
[ 1045.486118] RBP: 000000000075bf20 R08: 00000000000000e0 R09: 000000000000000a
05:40:24 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

[ 1045.493370] R10: 0000000000000075 R11: 00000000004ee0e0 R12: 0000000000000003
[ 1045.500631] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000033
05:40:24 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x8441, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000000180)={0xa00000, 0xff, 0x5, <r1=>0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xa10908, 0x100000, [], @value64=0x5}})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r2], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r3, 0x0, 0x209)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f0000000340)={<r5=>0x0, 0xfff, 0x4}, &(0x7f0000000440)=0x8)
setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000480)={r5, @in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x84)
sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r2, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x1}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x42c}, @NL80211_ATTR_STA_VLAN={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44000}, 0x20000080)
syslog(0xa, &(0x7f0000000040), 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000003c0)={[], 0x200, 0x10001, 0x0, 0x7ff, 0xffffffffffffffe1, r0})

05:40:24 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000400)='/dev/vcs\x00', 0x20a00, 0x0)
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000440)={0x1, 0x0, {0x26, 0x23, 0x7, 0x4, 0x7, 0x80000000, 0x0, 0xc5}})
ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000080)={0x9, 0x1, 0x4, 0x4, 0x10000, {}, {0x4, 0x8, 0x7, 0x0, 0x1, 0x7, "66df31b5"}, 0x6, 0x4, @planes=&(0x7f0000000000)={0x3931, 0x1, @fd, 0x1}, 0xc927, 0x0, <r2=>0xffffffffffffffff})
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000140)='NLBL_MGMT\x00')
sendmsg$NLBL_MGMT_C_PROTOCOLS(r2, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20090}, 0xc, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a0000000", @ANYRES16=r3, @ANYBLOB="0b000800000005000100000000001400ba6cbc710facf4550d00fe8000000000000000000000000000aa140005000000000000000000000000000000000014000600cc8a04519037843a04a55b8f1e96033708000800ffffffff08000200ae0000001400060000000000000000000000ffffe000000208000c0000000000140005001a02000080000000000000000000000100"/162], 0xa0}}, 0x40)
openat$ion(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ion\x00', 0x1, 0x0)
pwrite64(0xffffffffffffffff, &(0x7f0000000180)="4363d32d28437dff8158936494f268769592401e5627", 0x16, 0x800)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:24 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$USBDEVFS_GETDRIVER(0xffffffffffffffff, 0x41045508, &(0x7f0000000080)={0x6, "9b266f7822bdfdcb71d040d4f42d170a294957059570892a4734d3325bff7a60c23e7b81c571cff47d4140ae421bde9a78c53cc4ff62d4a9c061bbe2543849fd5419242a22aabff64803d664e686ba4188bd4454e3ca8d31a52dcf360d7d1e7ecd492bf099ac0a11880e240bfeea8315e13eafd25abaa762cf25a1da10043dfae6d0e30284470b33eac34494ebe49eceb180ab8e2b61fef073590a4b884d6b673f67757e53dcf1e5fef350644bbd9d6cbebbaed9c1d3e6a082653ca0363ca3ec22062c19f99595a1b1b5d0b417e014a8a99d7ccf229ccdbd90a09e6b7ad2e823275ab29702a9c4c0be2e858c5418576fb508a808f0b36327373f1adbdd928b25"})
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:24 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x8000, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:24 executing program 3 (fault-call:0 fault-nth:52):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:24 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0xffffe000)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
getsockname$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000080)=0x20)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1045.789264] FAULT_INJECTION: forcing a failure.
[ 1045.789264] name failslab, interval 1, probability 0, space 0, times 0
[ 1045.800491] CPU: 1 PID: 22968 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1045.808370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1045.817739] Call Trace:
[ 1045.820334]  dump_stack+0x142/0x197
[ 1045.823971]  should_fail.cold+0x10f/0x159
[ 1045.828130]  should_failslab+0xdb/0x130
[ 1045.832103]  kmem_cache_alloc+0x47/0x780
[ 1045.836172]  ? lock_downgrade+0x740/0x740
[ 1045.840329]  __sigqueue_alloc+0x1da/0x400
[ 1045.844482]  __send_signal+0x1a2/0x1280
[ 1045.848462]  ? lock_acquire+0x16f/0x430
[ 1045.852448]  send_signal+0x49/0xc0
[ 1045.855989]  force_sig_info+0x243/0x350
[ 1045.859968]  force_sig_info_fault.constprop.0+0x1c6/0x2b0
[ 1045.865505]  ? is_prefetch.isra.0+0x350/0x350
[ 1045.870006]  ? trace_raw_output_x86_exceptions+0x140/0x140
[ 1045.875638]  __bad_area_nosemaphore+0x1dc/0x2a0
[ 1045.880309]  bad_area+0x69/0x80
[ 1045.883588]  __do_page_fault+0x86f/0xb80
[ 1045.887652]  ? vmalloc_fault+0xe30/0xe30
[ 1045.891715]  ? page_fault+0x2f/0x50
[ 1045.895341]  do_page_fault+0x71/0x511
[ 1045.899139]  ? page_fault+0x2f/0x50
[ 1045.902765]  page_fault+0x45/0x50
[ 1045.906225] RIP: 0033:0x454f9f
[ 1045.909408] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00010283
[ 1045.914872] RAX: 00007fc1a18e6b40 RBX: 00007fc1a18e76d4 RCX: 0000000000000000
[ 1045.922139] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007fc1a18e6b40
[ 1045.929410] RBP: 000000000075bf20 R08: 00000000000000e0 R09: 000000000000000a
05:40:24 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

[ 1045.936682] R10: 0000000000000075 R11: 00000000004ee0e0 R12: 0000000000000003
[ 1045.943948] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000034
05:40:26 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:26 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x8, 0x12, r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$sock_bt_bnep_BNEPGETCONNLIST(r2, 0x800442d2, &(0x7f0000000000)={0x3, &(0x7f0000000080)=[{}, {0x0, 0x0, 0x0, @local}, {0x0, 0x0, 0x0, @remote}]})
fcntl$setpipe(r0, 0x407, 0x10000)
r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/commit_pending_bools\x00', 0x1, 0x0)
ioctl$TIOCGPTLCK(r3, 0x80045439, &(0x7f0000000180))
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:26 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:26 executing program 3 (fault-call:0 fault-nth:53):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:26 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
r1 = add_key$user(&(0x7f0000000180)='user\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000002880)="423be3fb7c82e427549aeacd2d992c21881359ea5da636d9875677b23fdf0ee6ff60b1fe008c6a59176c7e3cd844ef07a92b4c718eb835da5bd13421d2731b6bdb0a4f9b0410158e7415dd0c73611c502b5d650d4c0330df0d49799517", 0x5d, 0xffffffffffffffff)
keyctl$search(0xa, r1, &(0x7f0000000240)='logon\x00', &(0x7f0000002900)={'syz', 0x1}, 0xfffffffffffffff8)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r3, 0x0, 0x209)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x400)
r6 = syz_genetlink_get_family_id$ethtool(0x0)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x3c, r6, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x5}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x9}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x1}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x3f}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="a0240001", @ANYRES16=r6, @ANYBLOB="020a25bd7000ffdbdf25050000008424038000020380240001800800010025000000100002002f6465762f6173686d656d000400030004000300300001801b000200626465762d6d643573756d6e6f6465763a656d312b2400000800010004000000040003000400030054010180040003000800010000000000040003002f01020000000001000000bc065ebe7756f3b3a465fbc57d9c22c4eeba0634b29c1ad1cb7bb0d61e006751cada0e55f7278cc1c6bbc51cf7af95833d0937961aadd0d0ee9c96320875bafcaec219eb1f000000000000008ef689c227df6e28513d762d3c0dd13f248b17796e17681bacfc821cf4d0f5d580c0b46120159a9ff03afd24adbb9a7c62e2ffeec4930d99be18e3638d6ece10fc9785292e28cb8205fe5b48af0118c81b1ebed83eec9f7ea7f7af4464f1db6a4501d173448994265c550c18995dab61e93301a233c9685031dc2d27909e7d89ff8ccffdff4d70dc9ead9a6a99d5c18fb553cb0d41c5c216959fa8c8860b2db4b56394c6ca9bee02493a98534682ac0e7e7e150c6ee258e325c70471878de6eec08277a972580b1f39cc2d2638065783a9caa5ba7faee4ea00040003000400030008000100090000000c0001800800010007000000040001804400018008000100080000000400030008000100000000000400030004000300100002002f6465762f6173686d656d000a00020047504c2c2d000000040003000400030004100500cb8b45589d3698d81252c0b9a7ee4b4844355073556b0024ef1002b9f24106d6577f49efd5f4821cd079fce1ff5c1a8cb66b538b89c0cba00086c5da319c7c5371cbee277c0abb6fa231e178e0ca494a801821113019d2c309d00f26d970d94243532164acbb03317496843f6b05232d8e1c9f27d99e31e1f7e3db6cb6c44f302850d1f1cc35f7756b0c15dc8cd519d6f6ad390b0a6c514ad8137ca1b92b766172b9bbfa71097ad09a8675a4480bc5d35e856660180981b5930a68314c8804a7cdde34ff4eee875caf4a5bd45e4734d1fa0acb69569114f136b89f5f22d6337b641127bb3e25234c043639e93c6f3f253dd7d7df39ccb10119be6fb26502a05c2241627160496f5e768bfa52f17022b1015542befea7947207b0ab4b71f19eceacc4773a37afea638e8fbb603d6eade7858df1d57972182708b2d905ef215fc4dfa2b84e463498463fdd1e51b71130e9eced91d1e2fbab8b4d00d75fc63bd836422acf7599593f63dba2baf31a0c7714e335ac714839b8a656d1264ec39a6d6eed16c7872589635e7e20d9c37177accd192d7d9bff613f14cdf60f442ac0176921fd07e0a7b53c58077b933f8ac27f78508572bfc9d9052bede5ec3356112c380a1251082e599dd9277884e1761a46703a30d9c40a5e9d4d4dd3a8f60ef9bde133fb62d6a696641f72bb1288ba411ba9ac2d65241adca257304a381feeb6fbb4da8108ca301c4bccb490695d5d3998d83291d42fac7cc1f15b63625a07ac8307a04132edac6a905410860513a7eb35958ff65ab94f147641d40f94f00d71687d9b2afdadda6caa6142312d62978c066a5940757b1bb6109136e400a4b86d25fc7432452e077bd4bddd0db97f4e12841c6b929e24e09a7e2f73de5cad3420e3ce942c248266ca56881f53b325abdd2623d940a25047f12963e443fb0a5feecb1e980854faa6bbd0e145ae6ff00e730a9881420e37f97979462817a16cb06404c2cb71e91e7acd0a79c2722557387a3fba55a9392ba75f3a94bd03e43ba6c54a6fc10b21a5fa02d3095a63af35cb27d0b48e6c076d42f8e03c33ee5cccb431a38d626728d72e94ac3cdda6ee812bb389593a40e221d3b2d1dfd61cc1b6e562e066b76690231d33d8713cb738c1a13c7e7e126bab887fc05bc70cb0e627eadb679aa7b6b299de72607a780df8d05f4c96a555720936798c6ec41fb1e4926538e928abbbb2d5c58a14871c3137f215da1e2752b7f044d69ceddc6e89592b70ece130e0e3cdd5d4cbfe0cbe2f3e9a1be107685b86029ef47ef15e3bf958a2460aa105c6928ee884df3769410394b31c90d8b70c2ad937f651461de11d0e352ce6a94dc350b8a89039dc54e9e30abc792779e8f777e231583373614ae8c0e8f1a5e92cd11c315fb40abdb8b596c756b25392649c3fa721063916a00069a7daf5e390f1b1954caf227f50e8b7c62ee78e33a9f313d427f2b033c09a22c9da449357ec936c8c48107a718cf9575bfe38d02cd21b96912b9b81bb812645e4ad46bb5f1db17a7441511ee3dfce821f39a169068413c80ddbcc7580c990c4b12de7865a0170275e3d3a52c5592355890f41ccfd111bba80ea5e51877c70ea7f8c3f9f98e2be6984a49cae66f1fd63739d0116a68270273b9c1ce94a0dd21b531f4c0b845fa3935933dd0b9ee03390685bf02f4d74fb463b0daa9e95716e4d41a84d21428c4cea5159e1b2cb0f242b9b9d5c48b10315df617599430e68503345903edc5cf60d141cf948fcaebc93b4fe0d6cc518c9c36d746d7850de6ea2fcb1a126447d712b6cf1394ddcd71a5c4e6f5ab64dff7b1234bfcc46289bc579ff5933de4b93f57464fcf3a2bfbbac820c472113bed312413da6b7f070b50549fc3b96a5fd1a9b9426b836259d55c5db89f419786e8b13ab1e81e1844aff2013bcdeecedd20c94e77bf0e4096122bda637b232589b10b43cb1097f11ec23a430401740f5a4ad64c9824ba308922af8b82723402e7b1d17f429150c235d0a2dfeae499b87dc7e412927d9d47a8f4ac585e014237e99a22ab4169c8fad6a7a6300e574fbc029187520b6f910d334b31c8da08533bd273f69de04da962f7da0a77dad84c60e4929e1e4f8ad374964411b277f72e0ab20e4c5529317baeec7ee0df78c0da05476671e8f55fb5cf2588847afa69164bdb71c357d554529309e22f5fc7a5da5879df74d3f63ec685d8005f0af5c0915ac06c47bedec472e4bd6331cf76acd3012b8a8ffe35d6e056bfa2e6ebbe0c39149f8907f37d3cdd93d5fb4f5c54531ce0f5cff7cc4416b3004039ae8d8d9eac57a207cffa7bba2e2943c21bcdf7011f7c6af87a420c8f91afa82791cfb8b3f4f112176c8fa5baee625c313503d9dd46afb8d99cf91686b662b063dd8b01de7ea048d6191093602a649fb58da89360dfbaad99a12511253d6e172c39db88af5b6c7be3a3430a0a057625ab124070c2cc4d3550afed362a87744956f9d0af14b86ddb5cb99092094ca20947113377a9fbeeb307f8858abc7f4c58da7229e60e7fdcfa1eb6265cb63a5fb87c9f695f04ede86ff43691fcfae26dbfbae46209817baed38a00c2ca0d985ab6ce85523f5ec48f209fcd29009e68f2afa92c6d1f57839f62b826b6c57cae7564a68d16a6d81ead5c76abbeb280d1bb5157a1044349fe71c0fd812b0840eb159a0c914e7310cc9110e15f064a3ae45a24fe9a3c8279124b599c2c8e1c67fe98baf88c2193622e44c2cbc0aeeb291d4847a89eeda32b74dd987a045ed1349efb02b2650948e09d4bd1121480dfa1a0b076cb8ff123c686696ba8ed7c45b9265c30516f3decfcaea5a742204b67b44a9e98c526a4b2b4d5a40f16dfe28e86fccd44ec36d4b538cd2625bf6f5c0e3f40f596a59f6f44c9d1d578e5a349ef53b755e3ff0a707135ba826e7160b195edb36daafa457971a240b06c568226dfa65dda47ca22cf4a55f250316198505dad723eaec880fd495d59868d7cf4f66a7c3d45619088953de96ccaf5e4912c068b4bd40df911877fcd23ea1f2fde71030513db9d70a778ba1da2684145c17769dec6b315e907870f147b9cfd68902ddabd1fa1bd56ce10e9657a4dd5d98a52650ccebe4ba1e44a2ddc86cddddabf4debc8bcf3339704e330b01c7a9d803658658444df24b13fe2a7f5484f53911c804afddaf472828986f23332e161e5fae9fbd768de73c21127e1d1fdb0cd13c1d5f6562696dfddd9008209549e8d9c0fe66934f9bd21226738a333e9160c4ed002bc2893e0bb245e32d024748f7f2a0ac47f2cc1ce721dda932fdc92266611c47abb9b63e918bd3ac64c3dff86110c43b851671a973131aad1d3f2b3cdacfb023a59aa5f8b75b00bf8a7354c1c8e86028fb2e9b8961fe3ba6e93adc656d9ac0aedd240eb0450ad62709c6db583de55c1db7bf572d38681d2a0fa25bc75e252189b84f2397d81ab4b46d5d3a3ac3cca91a0cc33afcf5ad9c3ed786cf4dd060c905fdf13823354d8b88b123c89d344798961debd741e4ad49b483d2f21dd681ebb4ea940a9dedbc5ffb30364866930b2a756cb3f57fff31ccf1c00148e9c8d8e640751fa7023d70ff3b48a1026b08c8dc2bd0f139e6e4f6ebb7c2bf6d6ed0891eae11b083ffc6f963bb029407fba2810cfafa46ce90aac4b1581f9668de0385c96508d9578f22fe14bb79fce724968966d2c2ef63a0cae4f61fd7b21e1fe9ce0eed23f4e246f837806600aa118e98d1c471069aaaff631152f50b2891ab4f231cfe1d36a3fac852a643b945e3034d84a6d90db95ae860e9626d422dd1e11ea607c9171d9dfba9db9411d06ec75fde78ab266490720d84602a884a43f6a312931b10c1cf979115fd37ef1d6d527fac1a738a6eb2ae7802c765038583626a90312fa9c76f289118ee24d4565df9773233996152d7003cfc7e35d0ed78f0173d1c0e07213ead10556b12db8717a62647607e0c91410a8cbc5bb4a219100ddf49b3bdbbe75cc16c1f54451ec3c3871647d4efa50755fe754bdaf88d3b5719fc34b44a10aad7f615b8d25d217b52c47ffc623469227e663fcc431093d998d8f3f6d3a6c5382459d09da874fe3f6cfb06f8aacd7581738fb4591fab0b993f3b725286d1f0338fd8b5b1a9f47ff75370899ef0cf63f1e9538b1ba6fbd8408367496469cb5193c3f7ec743396c630222633f2e2e28de089c7100fc488b151fbaba22e8e9b50c109882a69841fb4fc9e04bf8b72bb173e5d58f98f51a3212af9d3c01a6cc950ae7c63f383d8ef6ec960db9f50ec4ee7681e9d61f936193477b225589d53bc51b1756fd856b033a32d28b2b4e3e6361aca5c3ba2bef1a9e9615665768610667cfec9643fd947e465c6e1ae4127e149daa6bf9da61a6909c9f1b5e15e983289d93a11f3ec32abd529c484beac075f29b7c39f57f54785c41d23c43b8c57e3a3a988ca80a3afcc7f5934db04e0bcd3fe76b7710b3dc6886036beaddbcc8f1758de26047256aebcdbada0a03adef35e80cb37011f837a630114156032730f6755d73c4879758a306174d528a7fed2ca3c8d41f663c2d06a536e784e410f0101d00681c2cfbf48902a895c628a4473f3ffa2eb6b08ec3bbc792bdc8e4a53e2a770d84de257214b35945c660dfc2044c046d60a0964c3dde545319c9a41f94658b66504051a473c8e48e9a33f1203d1497a20e12382f33980397de623cbc447fff6f8e962ed519ff5e0c757b4d51190f99ad42eac4266073e4a69e9284c3f73578a114acf50b5953f3e5f26eb2d14913194dbb03a4def6a677bc3a1b59cfbc916664bf571b0ac6159604b35c9ea82edd6f034eb92563cff646e986a42bb4d947a8ee6d278de2b910ba723fa45c422a17fbd5f34247abe30a7491605b99d6f933e6f2ba32d17d856d7847d66dadf2fd643d17856a38745b99bc43a0cad1b9ed1799074b29bc7006a446992db74553ab9ce765179117728def39bc3c898d4dcca44e33331c421b996303b717e4d17e843b10a61c2a06e73c7460ed5dfce57618a0f12da9902f5d9f773ac7653c2ce34dc28e596eecb162a0bc44099e54ee140926d993b2a6a4eec785835361beae3563602163555425b7da243160bc12a75ef7e594a4850919fc63ff6ac13c9c5c89c2bc13ef330e7304aebae74b6124c43cb674e8245511f13a4a09d0aa9eb546980e1003030a730146e9d0b43c2a19a4070935452eefe50d22f84e3c9347a1984e32ede5434a5701ef9959ad498d9dca35c542a58f7712710ac6906d00d9bc366a5cebcf533cafa225e5e1af5a841a267371279ed5942d747371138f4f916108ed871cfef47e6bdd88d88cb7b2740b641e55211ad9d56ec6825e5baa13c640376c83b4b101a3551479b1c974451d1b0c12650998947aa3b16f8a428bae3fd87cc292cc79d54d1fcc4c5444ae124c495d1cf35ac2e6759be8a5fba354d9cfc6f925534910f85a6325689a8f18412c4653ec5fda7db6417ac63a6b3379f7d18be4bb9b0c52f5451b5547dab842748ae0bbe0ef4e22742f94a2e6cd8339817f524501414e16f6468d4124c25d91bf0cdb619b17fd8f819929581b4637ed29a7777acd06a2d28819a41b7d96dcf4cb35dc658f83ab9ef9f03f625b338d3fafb8306f0358ee8060832bf177b13e5c972c237be30bb3508eba57ba683b8bf662a712c24550e03aed8eb9914469b80d15f3cd25e2252ffb5c2c0c4e86a992fee766d04d8e2640f71e1c2d0aa98cd2ed0a6f502720907ab76b4484d2a9e73a115ab2cb1df976a2111dfea04000100041005003b4fef98fd2f09adddbd991acf8b9eacfea779d0e7695256f81534d14c5d9917c54049c8ecedbae463025fdc4d827708099d0585202aecc10c7f4b6f1fd5c9c29fc957478e4bf057fa7b0a7c3f9b36d979160d1075393118cd7e65d765e282ae1d99ceb6c08aa55b1036dbb00d4fb4960d4e5bed1224f77a8993c5ec672b2ab47679123a07f6cf1ae21678256284ba78ad1f8634401162ad8a0d48c7d25883112d57284664b8191d8eb5c62cb7a030eb65af1cbae9448efc8208c4b29db8a960f1ac28bec9982965b54b78c0b58d01a7345b33debe7d056ec8c75211602d0cbd07e309d37d149e9d3c6b6a5ca741c6fddf41ae6bac88b8684a574d94e9f210577a53b632699308886179d81ff2966d9204220cc72685fa85d51d73da00219d4c495593e1f6cc23f4925c18ab9987a8aa32fa9290640985ff3634b321039e1b004fb3d81b7ec453a7a40a0618994c9d661670c61b0cd296d27cbf10dc4c75486541d2d5986f2f6e7eb5c9edf82c99749133c4cb2540687c296dd49c19750af78ffa25fbbf93c65b97f7a25110a617f05a09c82f67b7b27af762912237345766e1bba66ab4a11945fac47f3298dce63af275962b3b938992340e5b6cdfdd37782905f8449e6f4dc26196f97f718307e5d2e18ceee097376776181212d0b8ef46f04638515992f751ff6a4cce4346ef1612c53aa2214e90f9680ffea3288c6376cee884bc55ef64471f93bc8372eaf7f5be3066edca790513d9e79d4b364245962355c4e7f532bfb5e9fb43214bbd64310e2e0b253e79c3fbf49a885e8bb5a1321f5e7a48bc2fd7ab9aaa62e693b86dbf2ce03ae659ea112cb76f35242bb63c09d8b50509c34b1680738f16dae067eb21470dbaa3bc02c2856794e99a3a56c6b139d27c8cb812fb4ce02ccdb1ea9cec13012d00aa1bea80876816431171e66fda8f23600fbdb3a80a75736d0e62d26b31e0f8c8b7dfeed23213782956977a5e94578b444debc638e4a26be90b792f91cd867761e657c267c84cf45ce6e79cadbc5c4cf4c7f5d667514a8d913775547268f30fcd6c916bf4a4db0db213a09bc9004369ee8006d968ae871ed62b5ac9bd4fdc7e053ea6997e60c927586e202a9358e76b5924b663a36ac8255f5e01c343ecca7e88a3a573372e7eb14e548279c92139f237dea2521861376005e406cd7c9e11610de5f444e840f5f1f7f7d085c9c53a80976d4fecf39a8d31475416c223ce0dfbc2cd2f49469b559103f1da0204386b9ca09b998925b617c4ad9433c1ff71e334640df0c197fa8214e0efb488b7ed62b4051b29df3d282c731d5babbd83d5f000ea7c1c904a7b8635844a5ad71ad072b2ce61260f5d51e7dc66228331eeefc71b57698e5442625276080380842721c8ab73207a1d1efec0ee466c8dfe8c08c6247b5c7fa8515fb4dcafc86cccbb54239a7a810dabb0ef685b3f4bef86d5bb76da952913906b9dbde28ab6089142e754d5c3a3aef35cdff7c3a6c9f12810663a735939bcedcb1983da383017f10a333302cfe1359dc53799ca7f919b718fdce77394582d334b817036032e716a444b87961d62d5598c07d4b1746ae1c77b88f5a06d62e65400cc812b7d7e975b594724d2e2b8ffefff309798b24fae3f34136676c1df145c841a519f23394ad5f41ecf5e7c203cc86d32a4e5fb73a72248e3cd9d9b5f063b0bf59761974911e7c65c8bf609adc83210bd0b9c0f64b146f861dd2c558b63e995c4e5d176a07949e328c144a70f7c89a0228f2028f29f6d97284ec8568e0afba586150300b753fcd91c2c2634391028b2c7d222ea119bd7fd9b4dec515970e0dec36892b2d6c64e1b2d47ba2780ef4c750d09a6ed03e69a5fc85fb6bb1a6515bba8d453aa8e659fe46cb32e3b4e10243f15a71412ad848959fe43006f614c2a41a1444cdd202d6472d346d6f49b3196e2d29f47615ef72eb920c98cd5c4fc53ba562e2c1f9594752062f34fc524c589bfc8f2e1897e42db4823c5ac76882b371d7de1e5ed35c877606d059e5564312dbdbc7b56842a06c6730680dc447065240962239cdccbf971e88263650aea4cf9d59926dfb6ae0c35b6d4574dc338f70fce664e0f8de967b67e63fe7ec7ef1489a0ac899366aa6278bac65c265198d1148423376f0fdd7b565afadd54e47f6d4823d2fa325fab75d6d1c91c16a350c95aa439fc566c45e9b5a76f4e1b4e7868cd31c6a0cfb53508b43de3489e24b6d432afc88411aa6e880dbb2874d2d7363884137c961ac0378df2a7aa902e8bbaf76183f4f257dd7e7a40de7d99bd827d0dfd1aa9fc8397cda60320e8addbff082c9d339fb52afd6af039150ef58c2f83b75832b119d5f511bda4dc5ad64c88811291a343a32a11a06f4d0e7c26958eab25f16eb647607788a6575348e19af783987dae2ef27e84f5944a11fb9d9d3f19c9f12bdd139806be9375f9dd22d1c7f03f4cc657c5a35e4e09657cdba73a05c327f63f66ff015e3c289bcae5dabf5ddc4b99a4f14cacccb07f57978a25d8468e603e46280833e3b7ffc33a289778b4eaba793dba33917c70933b335dc026c36c83da18b0d60bbb1e8ce217849ca3a6b262fe92179716702e7febddff27f0aea03f75553ee8ac0449dc1f350af1cb60e231de0b297f96d11334660ed3d1c5689be2aa285516dc69785678db2c6aea17f35debc1823caf5a5d1bc23068a2d55cef55a1aa3c46a32ee304500274c4b1a7959873000605c4635bb0a2118f88119b98a551a74a57b6d8962ac94b527d96f7dad66792b2022480a5ed192b9a1fd535291a7a504e7653dd7c244e6bda8772613b6c83475a09332d9b33b3d7ec2ce7f58d79ff15b9384e21a129528942871dc331fa4573204ced3626b38909cf8330248e0909551f48d1d6d376f35d17676948abb369a16ac5e5ffdd28e8459e8da26300e39013649aea4088a64a108bab835fba7b524167bf64f523d40a4515036392bb3b02aa1baafdc0d2a63ab23925798880b5c3988daef7897fa0371a135ed54ace2a55b0055cde4246ea06302be9751531f687e325ac8222522efde82947b86380c08fb16151f1e5621259a57806c68b312204692e4ef012b6f1c07877479ce8e019acef9720c5fcf04e574da2be14cb92fa284599a1353552d60946e410001304d8f0108f369af227a80e01d8751ede61c64d1a057974becdb63a5c6167b7f619949f35612fff44eb40100dad39b569071e1c42b8e349ef91ee38cfafd716c8e92268fcba81c475dd7e07d2ea697ab4bd0cb838489eccc76b1e87eefab5a683129ddf46b502cba3935221c668705592a34daae7d807f8394aed2225b7c6b14787b1bbb840681da01ebe9eef20d56040de54e0f3f7c877ad40293ec4d8116c08e9bffbeca1c192af8943db5fb18b12bf05486810e497d84fd5821d63f052ade1980c0e37ba3067a1ae34458284cdee6ac57e53a64977c21f644eef59cd69b567cba6784351db523aeed627ca6942a77e19bf24d56f2df2d930575c2a1e6726afae3c227e5c750aad8bcab135b0cf27f370f099734d3e90f80ee9d876a4aed10e3303708a60a9a757c21eb8af21120f4d8e8d94a53a25935af58d519f96bed44e0f59c5679a6ebcdf195a3a8a4c46cef09f50b51bffdf026963f6a9a1f1c09fa3ce375c07ae9b7b49ebb98962766d17e2ef95e43950e83067d7462a0df35066e20ca262631f262999629c7764add489e241cc24db042d9f4454a8c86e7351faef49e8aaff3cc99f4b243387552c425918bb526065b186c070d771887aed54ee13a3965bcdaacfd760f52092a80e73b1685ceb4d75f61e268a75b87a5b85e860a9a6c8296f51463894c69f01287f47f2361c8e3f05f24964d1db25f03a283f8d76a96e702a324e7039c336878814937c58a53520472adf985cdb88b2db7c6933a7b400a1fac53e24f30a688f517d6b390330386c9fd851bb5e49829630f6bdfaf0673b7d2cc6002184a84cdbf35eaa8a6748379f5e08cfa40fb622a01e9b4c59d3c89060445199d2291171f88217109f016a1c526281225a49ff2615eaca2e6331768fca45684f2d1ba7e854d747a8b96e0129e51b466916bb889a6b273cc39d7205aac8de5dc8a37dc35c7ab2d8ed06b7fb0220f29e08900a69ab22810ad2c56bb59a9915677d2a53c2f838f1ea43e791604d7d33d5a308214e18454a6ebfbb381917a38ede14bf454914a89b31e6283efe86bb2137c9f478be0464d93aec4fdbf5187be0c784f8ee14b785a2c53afe93be117e54c10a9d45bbe19977dac2751564b46dda7892804691210b37a86bd3f92507a6eb72875e8842fac15dba32d205a9a87bbe7a2b8ba934704c00729d3b14af8c11ec59b9d952db0577f95a845a38a46bb6fbd4137d2fda675751eec23fcac36203ad83e191e013e9e89c30e91fd204daa7b20b287a1c67b8d537fdd97bf2be0b35056bfca923a9f987eb951cf6c9c7c6917f8a03492f15c225b86d0bb43cc2bac5c7be5f3207736cfd6c737891d4ef570acf8e19527cc4f30e98ef22b5b5019ad4e9fe97e4029aec062b425026f434c3b09d5afe3c6abec57df31ef8a2fc053df3a8bc7e5913ed11821bec2bd57127a986f7ead61418ab455a901b93040b2d567d2c6787f4d0609d3173f6b34ea22919df2924986b93664e89a7eb8b2ad200b22a64f99f1df6ff0b7d901f08147ac14f76f832aa1c2427432240a4ac69ee94e9ae6d08defc67cf25aa74400014e4831fb6433bcaf29d88628d8c8dd7dc006ec5b3e0da6c7059b78c42d4ba226af4ca655dc8eca7d59c48a33a65076aec4f0a71798003c687c49efee8cbf4f8c9e22e3b37fb068d80526f84ede69520833e0167259a4f2e12ff52b6e1c004c6de7ccd23ff1661908943796bef157d1279fbf141ba8bf2e86351a2daddd8c652532b44cce03c382cb38ceaefc44dd3fcbe271d19dff70671bac50529edb9b6bb6aa7a7cd1c507160fb1c6f68c45b09f3e3d174479b24007be17ec4cdc76563e0ffbaa5c76ce5aa91dbb7c8988f1cb6dd45afefa64db4cc2cbabaabac98f867a6c444e9a4400878b8e4660aa8a6ae77474713007d70adc12623da298b1d5d2df4875e060fc975f201cd111e54c76faf3e93d2f60274784ed80fae7e21da684e02ed41b4dca02c725bb3017ac3c4eb3f8e1b90fb7150cf504a3017960a00f598d96f96f88630f3ab8f70bc34ebff5b69300d796e3f2891b5dfdf5b57e77e486aef5928a9b762f9adcd5dec67aa08d0834490a1dfd0d182f8f3709d2c610720fe9ce57ed698f4c5b46c04ca097811dbb24145113779d24c39e24f5d8672da5a69cac586eeaf996afa50a0cf872be25ac56af82d616c95dab0a3676e896dd438d39bc7d2287e172a3e52f7a571d266b7871896015579b06b7d8f9376a4cfc3d16cdcd17972a043a8b209977880289fb7f009a3c981dd4dfc86d2ccd1788dc493da4cb96ebc86755a84d63fce20841c38f131ffb5b5843c30fde7d12daf50c7bd23fee1bcecd52b9811b96c76fc08c9c5f479d4eef3de4099cb9051b20df854e3f35408dcdf7269827a6c6f585ab94ba5a201c8047fa7f438d2a8f63fe1de603f5b7d1590982582635ba77c68bde5740b1f47f0c7ed5c973d661e261579a97ec2f2ed395b063c99bd29cd8fb94067c60f8aebeceff05018f88c3b30a3c9f24406d37c24734d6e75d8d9b935bfe173586f7aed09c6ed1349e9990d4ff38668ece721a3e7c6506083f76b39e7e1da7882524b4d97b914e2090912a1a49a7f4fab2c09daed00040097311c7d65681d97cd2b04ef9352974a196cce9da26de255735bb04a979e2ebf5c82ee3c3a3de8cd86bd1d2db558ab75d66654049ce8e97f19f0eca57c216ae6c1d99e9ac63e6c7e9a69add0633a89f8c5cb7317229501306cb8bdbe9234e7b952b0f65b5bb4a7cb2a3a68095a4f202ba89d4799e4771678992a60cf13481ce63aa0b91594a84e107eef4f0b930c9dd03c6b55fb89984ec20e0d89a4a48e880a991a1fa1d83d94be500d7d34cc560cea0859e526c3415d5fe8fa81e4762044c487fcf7658fc84dad37e1f593b276002ab7b9148da75fbbc25fd316b37d500df7b6f7fab79d8e39702c00000008000200a10e00005c01038058010180100002002f6465762f6173686d656d00040003002f01020000000001000000bc065ebe7756f3b3a465fbc57d9c22c4eeba0634b29c1ad1cb7bb0d61e006751cada0e55f7278cc1c6bbc51cf7af95833d0937961aadd0d0ee9c96320875bafcaec219eb1f000000000000008ef689c227df6e28513d762d3c0dd13f248b17796e17681bacfc821cf4d0f5d580c0b46120159a9ff03afd24adbb9a7c62e2ffeec4930d99be18e3638d6ece10fc9785292e28cb8205fe5b48af0118c81b1ebed83eec9f7ea7f7af4464f1db6a4501d173448994265c550c18995dab61e93301a233c9685031dc2d27909e7d89ff8ccffdff4d70dc9ead9a6a99d5c18fb553cb0d41c5c216959fa8c8860b2db4b56394c6ca9bee02493a98534682ac0e7e7e150c6ee258e325c70471878de6eec08277a972580b1f39cc2d2638065783a9caa5ba7faee4ea0004000300080001000600000004000300080002004e040000100003800c000180040003000400030008000200070000000500020004000000"], 0x24a0}, 0x1, 0x0, 0x0, 0xc040}, 0x10)

[ 1048.334170] FAULT_INJECTION: forcing a failure.
[ 1048.334170] name failslab, interval 1, probability 0, space 0, times 0
[ 1048.345402] CPU: 0 PID: 22985 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1048.353290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1048.362652] Call Trace:
[ 1048.365258]  dump_stack+0x142/0x197
[ 1048.368901]  should_fail.cold+0x10f/0x159
[ 1048.373068]  should_failslab+0xdb/0x130
[ 1048.377041]  kmem_cache_alloc+0x47/0x780
[ 1048.381104]  ? lock_downgrade+0x740/0x740
[ 1048.385246]  __sigqueue_alloc+0x1da/0x400
[ 1048.389378]  __send_signal+0x1a2/0x1280
[ 1048.393340]  ? lock_acquire+0x16f/0x430
[ 1048.397299]  send_signal+0x49/0xc0
[ 1048.400836]  force_sig_info+0x243/0x350
[ 1048.404820]  force_sig_info_fault.constprop.0+0x1c6/0x2b0
[ 1048.410355]  ? is_prefetch.isra.0+0x350/0x350
[ 1048.414845]  ? trace_raw_output_x86_exceptions+0x140/0x140
[ 1048.420468]  __bad_area_nosemaphore+0x1dc/0x2a0
[ 1048.425128]  bad_area+0x69/0x80
[ 1048.428395]  __do_page_fault+0x86f/0xb80
[ 1048.432446]  ? vmalloc_fault+0xe30/0xe30
[ 1048.436497]  ? page_fault+0x2f/0x50
[ 1048.440112]  do_page_fault+0x71/0x511
[ 1048.443910]  ? page_fault+0x2f/0x50
[ 1048.447524]  page_fault+0x45/0x50
[ 1048.450953] RIP: 0033:0x454f9f
[ 1048.454125] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00010283
[ 1048.459479] RAX: 00007fc1a18e6b40 RBX: 00007fc1a18e76d4 RCX: 0000000000000000
[ 1048.466739] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007fc1a18e6b40
[ 1048.473989] RBP: 000000000075bf20 R08: 00000000000000e0 R09: 000000000000000a
[ 1048.481244] R10: 0000000000000075 R11: 00000000004ee0e0 R12: 0000000000000003
[ 1048.488505] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000035
05:40:27 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x2)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:27 executing program 0:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)

05:40:27 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0xaedb1000)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
memfd_create(&(0x7f0000000040)='\x00', 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
dup3(r2, r0, 0x0)

05:40:27 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
syncfs(r1)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:27 executing program 3 (fault-call:0 fault-nth:54):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:27 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x1fc)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'caif0\x00', &(0x7f0000000000)=@ethtool_modinfo={0x42, 0x3f, 0x7}})

[ 1048.647006] FAULT_INJECTION: forcing a failure.
[ 1048.647006] name failslab, interval 1, probability 0, space 0, times 0
[ 1048.659886] CPU: 0 PID: 23016 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1048.667783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1048.677144] Call Trace:
[ 1048.679744]  dump_stack+0x142/0x197
[ 1048.683386]  should_fail.cold+0x10f/0x159
[ 1048.687550]  should_failslab+0xdb/0x130
[ 1048.691533]  __kmalloc_track_caller+0x2ec/0x790
05:40:27 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x400, 0x212a00)
ioctl$KDSETLED(r1, 0x4b32, 0x6)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)

[ 1048.696212]  ? strndup_user+0x62/0xf0
[ 1048.700024]  memdup_user+0x26/0xa0
[ 1048.703561]  strndup_user+0x62/0xf0
[ 1048.707192]  SyS_mount+0x3c/0x120
[ 1048.710634]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1048.714506]  do_syscall_64+0x1e8/0x640
[ 1048.718388]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1048.723236]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1048.728421] RIP: 0033:0x45ddea
[ 1048.731602] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1048.739300] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1048.746561] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1048.753815] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1048.761069] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1048.768324] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000036
05:40:29 executing program 3 (fault-call:0 fault-nth:55):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:29 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:29 executing program 0:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)

05:40:29 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x400002, 0x0)
getsockopt$PNPIPE_INITSTATE(r1, 0x113, 0x4, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)

05:40:29 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000280)='selinuxposix_acl_accesscpuset%$ppp0cpusetmd5sumproc#ppp1}\x10lo+trusted\x00')
getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, &(0x7f0000000180), &(0x7f0000000200)=0x68)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$FICLONE(r3, 0x40049409, r1)
sendfile(r2, r1, 0x0, 0x209)
r4 = getpid()
getsockopt$packet_buf(r2, 0x107, 0x6, &(0x7f00000000c0)=""/20, &(0x7f0000000140)=0x14)
tkill(r4, 0x9)
r5 = getpgrp(r4)
syz_open_procfs(r5, &(0x7f0000000080)='wchan\x00')
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r7, r6, 0x0, 0x209)
ioctl$VHOST_GET_VRING_BASE(r7, 0xc008af12, &(0x7f0000000240))
ioctl$PIO_FONTX(r2, 0x4b6c, &(0x7f0000000000)={0x38, 0x13, &(0x7f00000003c0)="bf6bb1904fba1f88a1c92f9642afc32766a16b27277041940540f43595348f463b9ae0254ff4be5af92b930ea728925c6a624cfc3a22ecb754e06338823d9e4027ee84168c54f125a393cac2083e018404b093dff51c8bd047262e54cb17176b1724f7924dba993acda2452c2d781296e4076d0313ba6504bf9981d4ec620089269c3d45b03ceeaf20fb2803a6861a48f4cf830b3df917c6a0f3125f6f98622d441532b202019cc1620d2e88e224eb8882727215a017620461d41715001d95001597b74a4086efc51add256f13cbda3c6aeae7940e0e80153a501abc43b69d56abaf84a5bd483a2b03a24d55eddd942feddb19d66690403b5efed89321c6ffc19885535a5bbb75a0dee8645feef00275743c297e26b4b31cc5cefd1c8830de2d7c281b1673e2360c95ace3f86548886ad3d3335554b07387b53e96a55a0abf68db18f03224cb565988d38a2bc0356e2fb4afb8d77555292669a982cf3b1363a80642a29b462086b14e59bc6e7158710ee0faee14fa8a00ce06d53ab53f4acf3c620bb6d633620a876b6ae3444a6cd59773947fbe03212f998cb6f3f8ad2dc71ce6c56b5c7ea388e05b914159a77d7d424ada413b0571a721d053476103aeb337d401c1563b1980b7a561d762df02ef7071700080917ec73354179f0b2894889d69d275b3eb064599daef0a23e6af10bed22e09dd7893afc2f9c72cb297e4724c700a0dab101727da5cd51312a9cb43da83abc75dacca20d81708d00f4645df6a39a1181194e8f070d48455dac107e69556063a8f506453aa9a18d2e592eabae80fa2355f8dfd093f612a62ea155fb2af5feb91db21acddbce7e0aec8b14d1c2d9a653f089294decbf0993fc47fff3aca4a726ac90c87b48bf1438e52a3009eaca8c01f3d08b9e5f9fa99e4e2ddd1a6399eae07f0f81f195f67cea26681e9adfc86f7ab0b13f547d32d5778fc36aeb1cccd7aa560790974d0078ae50c70bfe89567426d8ff59fab75c4168075d91544983e4105d511a01e40512636c4c4e08b150caeb5b0bc802de82e7d1b469143dc7d6cecdeb2ad03cde58dec4f7abc49dd55d305e00bdf155411d028500ed6836df4bfe320adc3731b88af73ea132f3fcb58713af507e49b8f3ab63c78e4da21824a552036261f14fd2bc1ef4099915f5e9244dbabf8d88b8f564de86ebfc32619a8c428799bf0ce38683e39bd84b115214b35b345ec97974dbca44c409db8b3c3916ac4e465bc45b0a399eeb5c8f45d2db7f36688deac42934a37d53bf39b2c6a7280db1574ed7c409a38913f3eec9c3a81528ee02bbc4e79a232f1fa639bf01861ab3fcf20613c1bb07caf26b40f9957b80e6f16ec81ffbac229c4f95765e1cdc88f55566719f66eb24afecbbfbfa852a6a3f41838371c278aaa346b80309a78feaa8b6db9d2ec19ba9e2275c874595fc3"})
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r10=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r8, 0x84, 0x22, &(0x7f0000002680)={0x0, 0x0, 0x0, 0x0, r10}, &(0x7f00000026c0)=0x10)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000300)={<r11=>r10, 0x80000001}, &(0x7f0000000340)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000380)={r11, 0x6}, 0x8)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f00000007c0)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x9e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[\xd8\xd4C1\xfae\xddt9\x91H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea]\'}\x95\xcf\xcdg\xf5\xa4\xbb\xc1\x13\xccc\xd4\x05\xf0\x91KKhy\xfb\xcd\xb9\xb7cu70\xde\xde\xfb/3C\x01\x82n\x87\xf0\bG\xe3\xb9\xc9f\x1bq\xbbwCN5S\xb5\xc2\x91\xeb[.>\xee\x91\xde(N\x11\xec\xfb\x05i\x114o\xd1r\x96y\xc3\xf6\xadm\x99\xads\x1d\x97[\xbc\xf93T\xa4\xab\xaf\x19\xb0Y\xba:S\xb5r\x9e\x0eTPRa\xbbD\x01\xe8\x9a\x95\xcb\xd6%\xeec\xbf,\xc2F\xda\xfaD\xd1v\xde\x01\x05\x9c\xaah@\x1c\xea\xcc\x12^a\xb8\xd1\x9a\x17\x1c\xfb\xeez05h\xd1C\x1c\xfb\xaf\xdd\xe5~Q\xd1\x8c\xbd\x02\aj\xc2(}U\x13\xddv\xc2g\xbfx=^\x81\xed\x1d\xa4\xc9\xb5\x8e.u\xe6 f\xb1\x84N\x83\x99:iU_\x8bW\xb0GG\x80\xb4\th\x01\'Z\xadiU\xf4>\x88\xb5n\xef\x8dMO-\x94pN,\x86\xd0\x9dp\xbc=\xcbJ\x9fc\xd5=\xf9\x12\x85\xbb\x14\x94')

[ 1051.370031] FAULT_INJECTION: forcing a failure.
[ 1051.370031] name failslab, interval 1, probability 0, space 0, times 0
[ 1051.387022] CPU: 1 PID: 23041 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1051.394932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1051.404284] Call Trace:
[ 1051.406880]  dump_stack+0x142/0x197
[ 1051.410517]  should_fail.cold+0x10f/0x159
[ 1051.414664]  should_failslab+0xdb/0x130
[ 1051.418618]  kmem_cache_alloc_trace+0x2e9/0x790
[ 1051.423272]  ? kasan_check_write+0x14/0x20
[ 1051.427485]  ? _copy_from_user+0x99/0x110
[ 1051.431615]  copy_mount_options+0x5c/0x2f0
[ 1051.435830]  SyS_mount+0x87/0x120
[ 1051.439261]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1051.443140]  do_syscall_64+0x1e8/0x640
[ 1051.447018]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1051.451852]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1051.457023] RIP: 0033:0x45ddea
[ 1051.460195] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
05:40:30 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x1f)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)

05:40:30 executing program 0:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)

05:40:30 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem\x00', 0x4100, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r5=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000002680)={0x0, 0x0, 0x0, 0x0, r5}, &(0x7f00000026c0)=0x10)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000000)={<r6=>r5, 0x7}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000000c0)={r6, 0x0, 0x30}, &(0x7f0000000100)=0xc)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000580)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea\x82\x1a\xc88\xbc\xe0\x94\xd2\xfe4\xbb\xa25\xc9\xd6$mNHa(\xceM\x97\xb7\x86\xc1W\xb3\xe90\xebT\x8fN\x97\x85*\x19<\ru\x9d\x13J\x02\xa5\x8d\x92\xe3>\x1e\xe0\xab\x1e\x96Xly\xab\xe7%\xb5\x0e\x05R\x93\x0fR\xe9\xd1s[[\x9e\xe8\xca*\xa5\xf1W\x9aH\xb8\x91m\xd1u\xc0\xb6\xf8\x82\x0e\xac1].\x97\xc7\x00;\xc6\tJ{!9\xa9o\xff{\a;\xab7\xcb\x19\x99\xeck\xc1Tk\x99\xa9}R\xe6\xcaIA\xfd\xfa\xd8\xaa\x1a\xa9')
r7 = getpid()
tkill(r7, 0x9)
ptrace$setopts(0x4206, r7, 0x8c, 0x0)

[ 1051.467893] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1051.475144] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1051.482398] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1051.489666] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1051.496916] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000037
05:40:30 executing program 3 (fault-call:0 fault-nth:56):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:30 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$TCGETS(r2, 0x5401, &(0x7f0000000000))
r3 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r3, r0, 0x0)

05:40:30 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:30 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, r0, 0x0, 0x209)
ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0205647, &(0x7f0000000280)={0x0, 0x8, 0x6, <r2=>0xffffffffffffffff, 0x0, &(0x7f0000000240)={0x990af4, 0x80000001, [], @p_u16=&(0x7f0000000180)=0xff12}})
ioctl$USBDEVFS_DISCARDURB(r2, 0x550b, &(0x7f00000002c0)=0x6)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r3 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)=@gettaction={0xb4, 0x32, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_gd=@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9be1}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x9}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x7fff}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x3}, @action_gd=@TCA_ACT_TAB={0x4c, 0x1, [{0x10, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7ff}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80000000}}, {0x10, 0x0, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}]}, 0xb4}, 0x1, 0x0, 0x0, 0x884}, 0x40)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r3, 0x0, 0x20)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/55, 0x37}], 0x3, 0x0, 0x0, 0x0)
tkill(r3, 0x3c)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
fsync(r4)
ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080))
r5 = getpid()
tkill(r5, 0x9)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={<r6=>r5, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='bdevlo\x00', 0xffffffffffffffff}, 0x30)
ptrace$cont(0x11, r6, 0x0, 0x1a4)

[ 1051.682647] FAULT_INJECTION: forcing a failure.
[ 1051.682647] name failslab, interval 1, probability 0, space 0, times 0
05:40:30 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
write$binfmt_elf32(r1, &(0x7f0000002040)=ANY=[@ANYBLOB="7f454c46083f4d06fdffffffffffffff0200030000000000770000003800000005010000010000000600200001004000000202000000000000000060ffffffff05000000ff7f0000ff010000ff7f00001f0000000800000078faedd142d80851e58ac802f473ea82df72c8810b1eac9084c774f9a10ac6f026b754dfd42f5006e9229ce416cdcc9420a04f61de7a010b24b1cada58e3fc0ab6e2e493e4fcd376c088376bbe5120dac6b02daaba0dc93174034f8b5783200c72bf2503b0147bb7f6ed569ceb747d5389954f98fe716192550f65278aab117d7a56aecde48251c90ff03bed7dc0f00f3c6a154c8208834ae625e42fe2507350c9d38364e23baecda6f9d2d82fa4fb6b29fec3dbd7f332acff83178f2abb540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021ce9e85ca4b6c480000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004b80fb855a3f8f2200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002ce3d7456f8ac4d3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020578c3457a4d1171c1c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010231c4b8f7aabc01644d773cf918417011251df12a52b7cd18a3fad234273e4aaa53edf87f2863302c4929a680fc0f692110b49e002f2407737659c82c9128353f6fcfa67dcc624c2169df761d38e85ceab3cd00e402684636f852fc45d57ff62f18e82a046f633cbcec29fcc9b6a5dbced9bd2ace2f0dfa40a15d56ae68413fd4963e2f86f39a7d4cdbc310d4352a74f2285644b35a0329b6be97db67fbf7820ef27"], 0x90b)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl(r3, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe8478071")
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="240000000201010000400700000000809915434818000200070001000800020004000180034d80e250baa22015b164f96a3d9bf0c17beec1058475035d61e6c96fd1220deab92562e9d14541a602db266569ef6f7f919ea319a6c98b7adaa2000000000000005f0a034b8dffe7958cd16c1a140a08577426ada4e239924dd4f3756713481b97ec4610f9ff80464143ffe82063956a9b861580e069868625b28ec70090e1357b2d2b34d21760668254267bb620a16b745dc639828af5e8aaded46b18c058a360fbef36aa3352b73dd9559fa2b1beba51090ad4a94000c007da3cecbcf69a3b967e494d2fb8c9c5639835f816fdf010068f3fff6c04f163dda6cfe32d5218492fea4d07aa154c4042081a3df0832f84e91e6a4c088e5839630230e5fac04b7a5856aabe691c129b79a8256073ea5b1b787ccb30b4bd2040f3140a6458d8187863d79cecc25428bf3384bb51853bb67594bd1a0a8617ceb0a09b74911a795db077fa7f6fddc92a4932e92396123815243cfca1e7088a8039a1252510a286bb3695db8f6ad8be497d6a8a87018e292ab1679e0408876e044233df4414786bcdcbd188676e7208802ddb5396d2cf4268c74987b080b3c3be4d7a996efdf6778009be0713f432322081803b930a2d2d83ae7b52869da30131eeda5d42145c74001bd5e2252aca42e76333884c1a0be31227cf29b0575882fe6f907ff52d68309b59e8d74981def5271c582a49ebc86b7791507e01d2d839e3fca4089e5fbdb5db7222afdb6943a39ba3bffe919ae83364b7024107d1b10ea474874096975a2b993ac2e877e90b4d046037974926626845b100000000000000000000000000000000f7d2b3b023c91cb6b63a1ab83dad410d0932c81c7049d61c01cdd8fc96c083313401598f65fc8f9a8a79e7d14e13f6114c5d273b952c11fadc815058b788bcb62ef3bab43c31fabf724b299b45f3e777c7cf"], 0x24}}, 0x0)
r4 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r4, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)="24000000010a07141dfffd946ff20c0020200a0009000140021d8568031baba20400ff7e", 0x24}], 0x14}, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$EVIOCSMASK(r2, 0x40104593, &(0x7f0000000000)={0x17, 0xa1, &(0x7f0000000240)="31a11b00b9edb536013b957e29daad7fcc2aa3a587347d5b53924247829d57aa0c6838957bb8875699b9ab48b898b8bbf62c472ceded7045116f90b284b7d2507f70119f8cc4f28b7aa7d8d3cb25c44eeba2442c86c36af9d7fae9d4db116877fb1f39eece0ed5192fd31ef9f678f533d9cc4448676701cf99700e85bc50834a5756daefe44fbf0e016ff60e8fff4903793e4abc191f2fc4a38e64ddd7305c2c2e"})
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x5c58e2, 0x0)
sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r5, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, 0x2, 0x7, 0x101, 0x0, 0x0, {0xf, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 1051.730322] CPU: 1 PID: 23065 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1051.738238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1051.747597] Call Trace:
[ 1051.750208]  dump_stack+0x142/0x197
[ 1051.753852]  should_fail.cold+0x10f/0x159
[ 1051.758014]  should_failslab+0xdb/0x130
[ 1051.762000]  kmem_cache_alloc_trace+0x2e9/0x790
[ 1051.766673]  ? kasan_check_write+0x14/0x20
[ 1051.770912]  ? _copy_from_user+0x99/0x110
[ 1051.775067]  copy_mount_options+0x5c/0x2f0
[ 1051.779308]  SyS_mount+0x87/0x120
[ 1051.782763]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1051.786658]  do_syscall_64+0x1e8/0x640
[ 1051.790561]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1051.795412]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1051.800600] RIP: 0033:0x45ddea
[ 1051.803790] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1051.811509] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1051.818790] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1051.826062] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1051.833331] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1051.840602] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000038
05:40:32 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:32 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:32 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080))
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:32 executing program 3 (fault-call:0 fault-nth:57):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:32 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
r2 = socket$kcm(0x10, 0x2, 0x10)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00')
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="d57e81eb", @ANYRES16=r3, @ANYPTR64=&(0x7f0000000200)=ANY=[@ANYRES16=0x0, @ANYRES16=r2, @ANYRESDEC=r1, @ANYRES64=r4, @ANYRESOCT=r5, @ANYPTR64=&(0x7f0000000100)=ANY=[@ANYPTR64, @ANYPTR64, @ANYPTR64, @ANYPTR64]]], 0x3}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0xd)
sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r3, 0x8, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x2000a014)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000700000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x40040000)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1054.397283] FAULT_INJECTION: forcing a failure.
[ 1054.397283] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1054.409242] CPU: 0 PID: 23089 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1054.417269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1054.426627] Call Trace:
[ 1054.429225]  dump_stack+0x142/0x197
[ 1054.432867]  should_fail.cold+0x10f/0x159
[ 1054.437031]  __alloc_pages_nodemask+0x1d6/0x7a0
[ 1054.441728]  ? fs_reclaim_acquire+0x20/0x20
05:40:32 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, r0, 0x0, 0x209)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000080)={0x1, 0x4, 0x4, 0x400000, 0xaaaf, {}, {0x1, 0x0, 0x4, 0x40, 0x8, 0x8, "eb9ab235"}, 0x8, 0x2, @offset=0x4, 0x3, 0x0, <r3=>r2})
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x61, &(0x7f0000000100)={'filter\x00', 0x4}, 0x68)
r4 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r4, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r4, 0x0)
ioctl$ASHMEM_SET_NAME(r4, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r5 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r5, r4, 0x0)

[ 1054.446062]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1054.451098]  cache_grow_begin+0x80/0x400
[ 1054.455171]  kmem_cache_alloc_trace+0x6b2/0x790
[ 1054.459845]  ? kasan_check_write+0x14/0x20
[ 1054.464090]  copy_mount_options+0x5c/0x2f0
[ 1054.468327]  SyS_mount+0x87/0x120
[ 1054.471777]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1054.475664]  do_syscall_64+0x1e8/0x640
[ 1054.479536]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1054.484379]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1054.489555] RIP: 0033:0x45ddea
05:40:33 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:33 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r3=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000002680)={0x0, 0x0, 0x0, 0x0, r3}, &(0x7f00000026c0)=0x10)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f0000000080)=r3, 0x4)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f00000000c0)={0x1, 0x9})
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1054.492732] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1054.500424] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1054.507683] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1054.514945] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1054.522204] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1054.529464] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000039
05:40:33 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:33 executing program 3 (fault-call:0 fault-nth:58):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:33 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

[ 1054.709814] FAULT_INJECTION: forcing a failure.
[ 1054.709814] name failslab, interval 1, probability 0, space 0, times 0
[ 1054.731132] CPU: 0 PID: 23117 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1054.739046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1054.748411] Call Trace:
[ 1054.751010]  dump_stack+0x142/0x197
[ 1054.754659]  should_fail.cold+0x10f/0x159
05:40:33 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000240)={0x0, 0xfffb, 0xe9, "00de5747df30a57727a629e8b76b3661d070373593e190fc320a79b19b8f812e50dc4980bb8a17f7fa722882413152e5854e8b25e54ded951f2fcdeb9b461a0c65b1d357ef9ba19332d2e48f59fc6bdb78db1c637fb2a143ca1271c7a558eb64a01ff1b498c98132d111c764599a8ea5c2036d57c9a0565596d507da9f1f8b550f6471e65617766dac332ad321c80364ed3d6b3b01511a55afbd9803bfd55fddaa0883828ff2f1cbaeb2abf85240304494a27e7e07706e25997947a165031381c671c1de08ee62addb5cb8da1f806035c922ab2c901375995c5961d8d0f438f587a0880691a744fc83"}, 0xf1)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x9, 0xcc680)
getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000040)=0x80, &(0x7f0000000180)=0x2)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000340)='/dev/audio1\x00', 0x0, 0x0)

05:40:33 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x201)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:33 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000000)={r4, r0})

05:40:33 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

[ 1054.758825]  should_failslab+0xdb/0x130
[ 1054.762813]  kmem_cache_alloc+0x2d7/0x780
[ 1054.766967]  ? cache_grow_end.part.0+0x92/0x160
[ 1054.771649]  getname_flags+0xcb/0x580
[ 1054.775452]  ? lock_downgrade+0x740/0x740
[ 1054.779604]  user_path_at_empty+0x2f/0x50
[ 1054.783758]  do_mount+0x12b/0x27d0
[ 1054.787305]  ? copy_mount_options+0x5c/0x2f0
[ 1054.791725]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1054.796740]  ? copy_mount_string+0x40/0x40
[ 1054.800967]  ? copy_mount_options+0x1fe/0x2f0
[ 1054.805449]  SyS_mount+0xab/0x120
[ 1054.808885]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1054.812765]  do_syscall_64+0x1e8/0x640
[ 1054.816649]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1054.821491]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1054.826673] RIP: 0033:0x45ddea
[ 1054.829864] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1054.837557] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1054.844831] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1054.852094] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1054.859353] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1054.866611] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000003a
05:40:33 executing program 3 (fault-call:0 fault-nth:59):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:33 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x10010, r0, 0x53e0e000)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x480800, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000701000/0x2000)=nil, 0x2000}, &(0x7f00000000c0)=0x10)
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)

05:40:33 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00')
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000440)={0x68, r3, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY={0x2c, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_TYPE={0x8, 0x7, 0x1}, @NL80211_KEY_DEFAULT_TYPES={0x10, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "da4180770a"}]}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "aba61eb864f82b6b771690f265"}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "8b099104ce57d95d79776795a3"}]}, 0x68}, 0x1, 0x0, 0x0, 0x7189fcd02d72a76}, 0x4000000)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x200)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="0a0775e5b3e4ddbfcb54dbb7000000772d3a009d18d3899aabaff25f8c6be71781195b0ccb8ecfb989e560cee20e1a80dcb55638ee0d1d091412ccd000378d081d59805309e41305a30719605dc2606e362a", 0x52)
mmap(&(0x7f0000700000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:33 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:33 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0xc7b552c8420c0794, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000ac0)='\x00;/Qv\x840\xcf.Q/Sa\x04\xb98,^\x9a\xb6\xff\xc1\xa6_\x036N!\xa6\x01\x006d\x875f\xacZ\xc9\x15i\x9e\xf0\xdd\xcc\x83K\x90E\n_Q\xeb,EO\xbd]\xfeiq~\x93\x00\x00\x00\x00\x00\x00\x00\xc9\xc1\xd4B\xa0\xc5k\x83\xe4v\xff\xfd\xff\xffj7*\x8f\xd0O\x9b\xe1\x98c\x1ds+\xd01,\xbb\xb2\xb4\x83M\x106\xe0\xec(Bs\xdb\xf8\xdb\x8b8\"\b\xeae\xb4\xf9-\b;\xd3t-}\xdaG\xdd\xe0b\x93\xdb3\x96EN{\x83\xc0\x89\x1c7P\xe1\xc8\xb1%.\xbe(p\xd2\xec\xef$\x10\xee\x11\x82\xea\x85\xe4Pn\xb3E\x82\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf6r\x11\xcaH}\x90w\xd08P\xd5n\x9a\x83\xa3\x9b\xf9\xe2\x840\xdaWB\x7f\x06:.a\xf4\xa7|\xd4\x98\a\xc6H7\xc6\xc2Bn\xa7\x89\x8awO\xb0\xc77\xda\xd6\xcb{\"\x85W\xb6\x14cY\xe0\xdfM\x85~9\x9dM`\xac9:9;\x1cDDdp\bh\xe6\x86l\x88\xcc\xc2\x12\xad7!j\x04\x19t)|5KFV\x90y4\xaa\x98\x86\x91\xb3\x9c\x03\xc9\xa2\xba/\xe7\xfc\x1d\xbb\xbeY\"\x8b:#\x1a\xf7\x16\x0e\xafM\n\xb7\x9fz\x8ap.T9V\xf0\xe1\xb9~\xd9\x9c\xf7&\xc0\x8d\xba^\xc4yZ\b\x8b6\xc3\xc6zh9\xd3\x7f\xfc\x83\xa1\xa0xJB\xc8\xaf\xe0\xcd\xef\x80\xc7(+|e\xfd#\xa5\x80Bf\"0vE\v\x04]~\x99\xcb\xf4\x8c\xd9H\x99\xc2\xe5\xa5jO\xc5\xf5sn^^\x9f\x84/\x1c\xba\\\xa5\xef\x95%~\x05\x00'/426, 0x2)
r2 = dup3(r1, r0, 0x0)
setsockopt$PNPIPE_INITSTATE(0xffffffffffffffff, 0x113, 0x4, &(0x7f0000000000), 0x4)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ubi_ctrl\x00', 0x4c4082, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000200)={0x20, 0x8, 0x80, 0x0, 0x8001, 0x2, 0x0, 0xb5, 0x1, 0xf7, 0xff, 0x7f, 0x0, 0x51b3, 0x4, 0x8, 0x8, 0x6, 0x5, [], 0x4, 0x1})
write$P9_RSTAT(0xffffffffffffffff, &(0x7f0000000580)=ANY=[@ANYBLOB="7e0100007d010000007701800006000000140300000001000000000000000000819f0200000001271947a6403aeef0ffff0600f9ffffffffffffff6370757365742e0c002f6465762f6173686d656d000600283a65746800000000000000000000bc065ebe7756f3b3a465fbc57d9c22c4eeba0634b29c1ad1cb7bb0d61e006751cada0e55f7268cc1c6bbc51cf7af95833d0937961afcaec219021f000000000000008ef689c227df6e28513d762d3c0dd13f248b97796e17681bacfc821cf4d0f5d580c0b46120159a9ff03afd24adbb9a7c62e2ffeec4930d99be18e3638d6ece10fc9785292e28cb820578c45bd1a0369810118d06032a3bdb4cfe5b48af0118c81b1ebed83eec9f7ea7f7af4464f1db6a550c18995dab61e93301a233c9685031dc2d27909e7d89ff8ccffdff4d70dc9ead9a6a99d5c18fb553cb0d41c5c216959fa8c8860b2db4b56394c6ca000000003a98534682ac0e7e7e150c6ee258e325310471878de6eec08277a972f60b1f000000000000000000006b591ac2ce4f2d896ef285bbb188da5aefaaaa69cd6e7a5db56fe5d17dbac9c5a859e191fdb2435ccf7824b71a67e1a9a8f2bd1588000000000000000000"], 0x17e)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x28, 0x2, 0x8, 0x201, 0x0, 0x0, {0x3, 0x0, 0x5}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x28}}, 0x40000)
ioctl$GIO_SCRNMAP(r2, 0x4b40, &(0x7f0000000080)=""/183)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f0000000140)={{0x2, 0x0, @identifier="f5a15cc9a6af1eb4e869ff5898f126f1"}})

[ 1055.039270] FAULT_INJECTION: forcing a failure.
[ 1055.039270] name failslab, interval 1, probability 0, space 0, times 0
[ 1055.075856] CPU: 0 PID: 23150 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1055.083802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1055.093153] Call Trace:
[ 1055.095756]  dump_stack+0x142/0x197
[ 1055.099390]  should_fail.cold+0x10f/0x159
[ 1055.103532]  should_failslab+0xdb/0x130
[ 1055.107489]  kmem_cache_alloc+0x2d7/0x780
[ 1055.111644]  ? lock_downgrade+0x740/0x740
[ 1055.115791]  alloc_vfsmnt+0x28/0x7d0
[ 1055.119490]  vfs_kern_mount.part.0+0x2a/0x3d0
[ 1055.123975]  do_mount+0x417/0x27d0
[ 1055.127500]  ? copy_mount_options+0x5c/0x2f0
[ 1055.131903]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1055.136916]  ? copy_mount_string+0x40/0x40
[ 1055.141140]  ? copy_mount_options+0x1fe/0x2f0
[ 1055.145627]  SyS_mount+0xab/0x120
[ 1055.149081]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1055.152964]  do_syscall_64+0x1e8/0x640
[ 1055.156845]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1055.161691]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1055.166873] RIP: 0033:0x45ddea
[ 1055.170109] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1055.177926] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1055.185189] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1055.192455] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1055.199721] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1055.206991] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000003b
05:40:36 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:36 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x6)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000100)=@req3={0x6, 0x101, 0x5, 0x3fe, 0xa2a7}, 0x1c)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
socket$inet_udplite(0x2, 0x2, 0x88)
r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETENCODER(r2, 0xc01464a6, &(0x7f0000000080)={0x1})

05:40:36 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:36 executing program 3 (fault-call:0 fault-nth:60):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:36 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, r0, 0x0, 0x209)
sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000200040a0101000000000000000005e26cdc2afaed8c30000000"], 0x1c}, 0x1, 0x0, 0x0, 0x48080}, 0x40000801)
r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffe)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r3, 0x0, 0x209)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000140)={0x3b, @multicast1, 0x4e22, 0x4, 'fo\x00', 0x10, 0x9, 0x3a}, 0x2c)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0)
ioctl$ASHMEM_SET_NAME(r2, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r5 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r5, r2, 0x0)

05:40:36 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:36 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, r0, 0x0, 0x209)
ioctl$SG_GET_ACCESS_COUNT(r1, 0x2289, &(0x7f0000000000))
r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0x200)
openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x4000, 0x0)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0)
ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f0000000140)={0x3, 0x0, [{0x6, 0x1, 0x40, 0x1, 0x1000}, {0xb, 0x3f, 0x80000000, 0x4, 0x7}, {0x80000019, 0xffff, 0x200, 0x1ff, 0x9cb}]})
ioctl$ASHMEM_SET_NAME(r2, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:36 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:36 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x6389, 0x240)
r2 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000cab000)=0xa)
setreuid(0x0, r3)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000240)={{{@in=@remote, @in=@loopback, 0x4e23, 0x3f, 0x4e22, 0x0, 0x2, 0xa0, 0x0, 0x11, 0x0, r3}, {0x1ff, 0xb7, 0x8, 0x5, 0x81, 0x7, 0x0, 0x6}, {0xff, 0xd90b, 0x4, 0xc9dc}, 0x2, 0x0, 0x1, 0x0, 0x1, 0x1}, {{@in6=@loopback, 0x4d3, 0xff}, 0xa, @in6=@empty, 0x3500, 0x3, 0x0, 0x0, 0x4, 0x3, 0x4}}, 0xe8)
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x1880)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:36 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

[ 1057.957100] FAULT_INJECTION: forcing a failure.
[ 1057.957100] name failslab, interval 1, probability 0, space 0, times 0
[ 1057.988632] CPU: 1 PID: 23181 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1057.996562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1058.005916] Call Trace:
[ 1058.008516]  dump_stack+0x142/0x197
[ 1058.012158]  should_fail.cold+0x10f/0x159
[ 1058.016316]  should_failslab+0xdb/0x130
[ 1058.020310]  __kmalloc_track_caller+0x2ec/0x790
[ 1058.024983]  ? unwind_get_return_address+0x61/0xa0
[ 1058.030026]  ? __save_stack_trace+0x7b/0xd0
[ 1058.034455]  ? btrfs_parse_early_options+0xa3/0x310
[ 1058.039492]  kstrdup+0x3a/0x70
[ 1058.042699]  btrfs_parse_early_options+0xa3/0x310
[ 1058.047546]  ? btrfs_freeze+0xc0/0xc0
[ 1058.051406]  ? pcpu_alloc+0xcf0/0x1050
05:40:36 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:36 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000000)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:36 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x2f8d, 0x20, 0xfc, 0x9}, {0x370, 0x0, 0x2, 0x40}, {0x8a8, 0x2, 0x4, 0x6}]}, 0x10)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:36 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x100, 0x0)
setsockopt$CAIFSO_LINK_SELECT(r2, 0x116, 0x7f, &(0x7f0000000080)=0xc18, 0x4)
dup3(r1, r0, 0x0)

[ 1058.055299]  ? find_held_lock+0x35/0x130
[ 1058.059360]  ? pcpu_alloc+0xcf0/0x1050
[ 1058.063255]  btrfs_mount+0x11d/0x2b28
[ 1058.067057]  ? lock_downgrade+0x740/0x740
[ 1058.071203]  ? find_held_lock+0x35/0x130
[ 1058.075280]  ? pcpu_alloc+0x3af/0x1050
[ 1058.079173]  ? _find_next_bit+0xee/0x120
[ 1058.083239]  ? check_preemption_disabled+0x3c/0x250
[ 1058.088258]  ? btrfs_remount+0x11f0/0x11f0
[ 1058.092504]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1058.097535]  ? __lockdep_init_map+0x10c/0x570
[ 1058.102033]  ? __lockdep_init_map+0x10c/0x570
05:40:36 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

[ 1058.106534]  mount_fs+0x97/0x2a1
[ 1058.109906]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1058.114410]  do_mount+0x417/0x27d0
[ 1058.117954]  ? retint_kernel+0x2d/0x2d
[ 1058.121851]  ? copy_mount_string+0x40/0x40
[ 1058.126085]  ? copy_mount_options+0x1a0/0x2f0
[ 1058.130600]  ? copy_mount_options+0x1fe/0x2f0
[ 1058.135100]  SyS_mount+0xab/0x120
[ 1058.138551]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1058.142445]  do_syscall_64+0x1e8/0x640
[ 1058.146343]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1058.151191]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
05:40:36 executing program 3 (fault-call:0 fault-nth:61):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:36 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = gettid()
capset(&(0x7f0000000000)={0x19980330, r1}, &(0x7f0000000080)={0x2, 0x3b5ec3d4, 0x0, 0x0, 0xffffffd2, 0x7})
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r2, r0, 0x0)

05:40:36 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x208200)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:36 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0xffffc000)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x04\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
ioctl$ASHMEM_SET_PROT_MASK(r0, 0x40087705, &(0x7f0000000000)={0x10001, 0x6})

[ 1058.156394] RIP: 0033:0x45ddea
[ 1058.159588] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1058.167301] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1058.174567] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1058.181835] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1058.189105] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1058.196376] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000003c
[ 1058.301684] FAULT_INJECTION: forcing a failure.
[ 1058.301684] name failslab, interval 1, probability 0, space 0, times 0
[ 1058.321522] CPU: 0 PID: 23224 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1058.329436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1058.338783] Call Trace:
[ 1058.341374]  dump_stack+0x142/0x197
[ 1058.344991]  should_fail.cold+0x10f/0x159
[ 1058.349172]  should_failslab+0xdb/0x130
[ 1058.353129]  __kmalloc_track_caller+0x2ec/0x790
[ 1058.357780]  ? kstrdup_const+0x48/0x60
[ 1058.361645]  kstrdup+0x3a/0x70
[ 1058.364834]  kstrdup_const+0x48/0x60
[ 1058.368637]  alloc_vfsmnt+0xe5/0x7d0
[ 1058.372417]  vfs_kern_mount.part.0+0x2a/0x3d0
[ 1058.376896]  ? find_held_lock+0x35/0x130
[ 1058.380938]  vfs_kern_mount+0x40/0x60
[ 1058.384722]  btrfs_mount+0x3ce/0x2b28
[ 1058.388505]  ? lock_downgrade+0x740/0x740
[ 1058.392650]  ? find_held_lock+0x35/0x130
[ 1058.396700]  ? pcpu_alloc+0x3af/0x1050
[ 1058.400572]  ? btrfs_remount+0x11f0/0x11f0
[ 1058.404792]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1058.409796]  ? __lockdep_init_map+0x10c/0x570
[ 1058.414272]  ? __lockdep_init_map+0x10c/0x570
[ 1058.418755]  mount_fs+0x97/0x2a1
[ 1058.422110]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1058.426594]  do_mount+0x417/0x27d0
[ 1058.430113]  ? copy_mount_options+0x5c/0x2f0
[ 1058.434504]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1058.439498]  ? copy_mount_string+0x40/0x40
[ 1058.443719]  ? copy_mount_options+0x1fe/0x2f0
[ 1058.448192]  SyS_mount+0xab/0x120
[ 1058.451623]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1058.455489]  do_syscall_64+0x1e8/0x640
[ 1058.459355]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1058.464224]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1058.469393] RIP: 0033:0x45ddea
[ 1058.472562] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1058.480246] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1058.487542] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1058.494839] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1058.502090] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1058.509347] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000003d
05:40:39 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:39 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:40:39 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$FICLONERANGE(r3, 0x4020940d, &(0x7f00000000c0)={{}, 0x1, 0xffffffffffffffc1})
flistxattr(r2, &(0x7f0000000000)=""/64, 0x40)
r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x100, 0x0)
ioctl$IMGETCOUNT(r4, 0x80044943, &(0x7f0000000140))
dup3(r1, r0, 0x0)

05:40:39 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
r1 = syz_open_dev$binderN(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x800)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x6, 0x11, r1, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
fsetxattr$security_ima(r2, &(0x7f00000004c0)='security.ima\x00', &(0x7f0000000500)=@ng={0x4, 0x13, "ed72adf5d64653"}, 0x9, 0x2)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r3, 0x0, 0x209)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r3, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000080)={&(0x7f00000003c0)={0xb0, 0x0, 0x0, 0x70bd2a, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @rand_addr="279a72b81e7432bb21cf63b71f33b044"}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast2}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @rand_addr="ab2e5db72dc85958fbde7071a17a384b"}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:sound_device_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:ksm_device_t:s0\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5}]}, 0xb0}, 0x1, 0x0, 0x0, 0x840}, 0x4004160)
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r6 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/policy\x00', 0x0, 0x0)
r7 = openat$null(0xffffffffffffff9c, &(0x7f0000000900)='/dev/null\x00', 0x4000, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000000940)=[@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x4e23, 0x7, @mcast2, 0x8000}], 0x3c)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r6, 0x4010ae74, &(0x7f00000000c0)={0x81, 0x5, 0x4})
r8 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r8, r5, 0x0, 0x209)
r9 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000240)='/dev/btrfs-control\x00', 0x20040, 0x0)
bind$tipc(r9, &(0x7f0000000480)=@id={0x1e, 0x3, 0x0, {0x4e22, 0x1}}, 0x10)
openat$cgroup_ro(r5, &(0x7f0000000180)='cgroup.events\x00', 0x0, 0x0)

05:40:39 executing program 3 (fault-call:0 fault-nth:62):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[ 1060.982927] FAULT_INJECTION: forcing a failure.
[ 1060.982927] name failslab, interval 1, probability 0, space 0, times 0
[ 1061.041539] CPU: 1 PID: 23241 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1061.049464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1061.058819] Call Trace:
[ 1061.061416]  dump_stack+0x142/0x197
[ 1061.065059]  should_fail.cold+0x10f/0x159
[ 1061.069223]  should_failslab+0xdb/0x130
[ 1061.073213]  __kmalloc_track_caller+0x2ec/0x790
[ 1061.077892]  ? kstrdup_const+0x48/0x60
[ 1061.081787]  kstrdup+0x3a/0x70
[ 1061.084980]  kstrdup_const+0x48/0x60
[ 1061.088696]  alloc_vfsmnt+0xe5/0x7d0
[ 1061.092404]  vfs_kern_mount.part.0+0x2a/0x3d0
[ 1061.096879]  ? find_held_lock+0x35/0x130
[ 1061.100920]  vfs_kern_mount+0x40/0x60
[ 1061.104703]  btrfs_mount+0x3ce/0x2b28
[ 1061.108483]  ? lock_downgrade+0x740/0x740
[ 1061.112610]  ? find_held_lock+0x35/0x130
[ 1061.116651]  ? pcpu_alloc+0x3af/0x1050
[ 1061.120558]  ? btrfs_remount+0x11f0/0x11f0
[ 1061.124783]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1061.129788]  ? __lockdep_init_map+0x10c/0x570
[ 1061.134265]  ? __lockdep_init_map+0x10c/0x570
[ 1061.138744]  mount_fs+0x97/0x2a1
[ 1061.142096]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1061.146579]  do_mount+0x417/0x27d0
[ 1061.150097]  ? copy_mount_options+0x5c/0x2f0
[ 1061.154524]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1061.159542]  ? copy_mount_string+0x40/0x40
[ 1061.163767]  ? copy_mount_options+0x1fe/0x2f0
[ 1061.168256]  SyS_mount+0xab/0x120
[ 1061.171686]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1061.175565]  do_syscall_64+0x1e8/0x640
[ 1061.179439]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1061.184270]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
05:40:39 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
getpeername$ax25(r1, &(0x7f0000000000)={{0x3, @null}, [@netrom, @bcast, @bcast, @remote, @null, @bcast, @null, @rose]}, &(0x7f0000000180)=0x48)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000240)='/dev/btrfs-control\x00', 0x200000, 0x0)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f00000002c0)='l2tp\x00')
sendmsg$L2TP_CMD_TUNNEL_DELETE(r3, &(0x7f0000000680)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000600)={0x48, r4, 0x2, 0x70bd26, 0x25dfdbfd, {}, [@L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x36}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'batadv0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x10)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_GET_UNIQUE(r5, 0xc0106401, &(0x7f00000004c0)={0x4d, &(0x7f0000000440)=""/77})
ptrace$cont(0x9, r0, 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r7, r6, 0x0, 0x209)
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r9, r8, 0x0, 0x209)
getsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000500)={{{@in6=@mcast1, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}}, {{@in=@broadcast}, 0x0, @in6=@mcast1}}, &(0x7f0000000340)=0xe8)
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@rand_addr="1d7ee018b3cc5e9fc4f4c5fa7f12de9a", @initdev={0xfe, 0x88, [], 0x0, 0x0}, @ipv4={[], [], @local}, 0x9, 0x8000, 0x100, 0x0, 0xffffffff, 0x10010, r10})

05:40:39 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, r0, 0x0, 0x209)
bind$isdn_base(r0, &(0x7f0000000140)={0x22, 0xfc, 0x8, 0x5, 0xfb}, 0x6)
r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0)
ioctl$ASHMEM_SET_NAME(r2, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r3 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
ustat(0x7, &(0x7f0000000000))
r4 = dup3(r3, r2, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r7 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r8=>0x0}, &(0x7f0000cab000)=0xa)
setreuid(0x0, r8)
stat(0x0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
setresgid(0x0, r9, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0, <r10=>0x0}, &(0x7f0000000200)=0xc)
fstat(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0})
r12 = getgid()
stat(0x0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, <r13=>0x0})
setresgid(0x0, r13, 0x0)
r14 = getegid()
fstat(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r15=>0x0})
fsetxattr$system_posix_acl(r6, &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f00000004c0)={{}, {0x1, 0x3}, [{0x2, 0x6, r8}, {0x2, 0x2, 0xee01}], {}, [{0x8, 0x3, r9}, {0x8, 0x5, r10}, {0x8, 0x7, r11}, {0x8, 0x1, r12}, {0x8, 0x1, r13}, {0x8, 0x0, r14}, {0x8, 0x2}, {0x8, 0x1, r15}], {}, {0x20, 0x2}}, 0x74, 0x2)
r16 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r16, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r16, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r17 = dup3(r16, r1, 0x0)
setsockopt$ALG_SET_KEY(r17, 0x117, 0x1, &(0x7f0000000100)="0a0780e5b3e4ddbfcccf12af000000000000000000", 0x15)
ioctl$sock_inet_SIOCSIFBRDADDR(r5, 0x891a, &(0x7f0000000080)={'vlan0\x00', {0x2, 0x4e23, @broadcast}})
prctl$PR_SET_SECUREBITS(0x1c, 0x0)
setsockopt$ax25_int(r4, 0x101, 0x1, &(0x7f00000000c0)=0x9ce9, 0x4)

05:40:39 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = memfd_create(0x0, 0x0)
dup3(r1, r0, 0x0)

[ 1061.189439] RIP: 0033:0x45ddea
[ 1061.192608] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1061.200296] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1061.207544] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1061.214793] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1061.222040] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1061.229293] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000003e
05:40:39 executing program 3 (fault-call:0 fault-nth:63):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:39 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cachefiles\x00', 0x400800, 0x0)
ioctl$KDGKBENT(r1, 0x4b46, &(0x7f0000000240)={0xd9, 0x2, 0x9})
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)='*]wlan1\x00')
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
ioctl$ASHMEM_SET_NAME(r2, 0x40087708, &(0x7f0000000080)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\xe93\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x84\x1a\xad\xd0\xd0\'\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dl\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\x1c\xdd\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9bX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea\xb3@*Km\xf4:\x03\x03scc&;\xf4oy\x12b\xb3b\x17\xb2\x849b?\xd2\x0f\xa2\xfe\xe2\xde\xce\x91T\xae\"OH\xc5\v\x9d\x99\x83\x14\xd6!\x0e\xfea\x8b')
preadv(r0, &(0x7f0000000480)=[{&(0x7f0000000280)=""/232, 0xe8}, {&(0x7f0000000380)=""/238, 0xee}], 0x2, 0xffffffff)

05:40:39 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = memfd_create(0x0, 0x0)
dup3(r1, r0, 0x0)

[ 1061.325652] FAULT_INJECTION: forcing a failure.
[ 1061.325652] name failslab, interval 1, probability 0, space 0, times 0
[ 1061.362010] CPU: 1 PID: 23265 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1061.370101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1061.379453] Call Trace:
[ 1061.382045]  dump_stack+0x142/0x197
[ 1061.385685]  should_fail.cold+0x10f/0x159
[ 1061.389843]  should_failslab+0xdb/0x130
[ 1061.393821]  __kmalloc+0x2f0/0x7a0
[ 1061.397364]  ? find_held_lock+0x35/0x130
[ 1061.401423]  ? pcpu_alloc+0xcf0/0x1050
[ 1061.405306]  ? btrfs_mount+0x19a/0x2b28
[ 1061.409288]  btrfs_mount+0x19a/0x2b28
[ 1061.413092]  ? lock_downgrade+0x740/0x740
[ 1061.417256]  ? find_held_lock+0x35/0x130
[ 1061.421338]  ? pcpu_alloc+0x3af/0x1050
[ 1061.425233]  ? btrfs_remount+0x11f0/0x11f0
[ 1061.429477]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1061.434500]  ? __lockdep_init_map+0x10c/0x570
[ 1061.438986]  ? __lockdep_init_map+0x10c/0x570
[ 1061.443474]  mount_fs+0x97/0x2a1
[ 1061.446833]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1061.451317]  do_mount+0x417/0x27d0
[ 1061.454842]  ? copy_mount_options+0x5c/0x2f0
[ 1061.459238]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1061.464242]  ? copy_mount_string+0x40/0x40
[ 1061.468469]  ? copy_mount_options+0x1fe/0x2f0
[ 1061.472954]  SyS_mount+0xab/0x120
[ 1061.476392]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1061.480268]  do_syscall_64+0x1e8/0x640
[ 1061.484226]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1061.489085]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1061.494266] RIP: 0033:0x45ddea
[ 1061.497443] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1061.505142] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1061.512414] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
05:40:39 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, r0, 0x0, 0x209)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2286, &(0x7f0000000380))
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r2 = gettid()
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000240)={{{@in=@empty, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@mcast1}, 0x0, @in6=@dev}}, &(0x7f0000000340)=0xe8)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@ipv4={[], [], @rand_addr=0x5cb}, 0x154, r3})
ptrace$setopts(0x4206, r2, 0x0, 0x0)
syz_open_dev$media(&(0x7f0000000180)='/dev/media#\x00', 0xe6f, 0x109a01)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r2, 0x3c)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r2, 0x0, 0x0)
r4 = getpid()
tkill(r4, 0x9)
ptrace$setsig(0x4203, r4, 0x2, &(0x7f0000000000)={0x22, 0x1})

[ 1061.519670] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1061.526924] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1061.534180] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000003f
05:40:42 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:42 executing program 1 (fault-call:6 fault-nth:0):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:40:42 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$TCSBRK(r1, 0x5409, 0x9)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:42 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000000)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x1}])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:42 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = memfd_create(0x0, 0x0)
dup3(r1, r0, 0x0)

05:40:42 executing program 3 (fault-call:0 fault-nth:64):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:42 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:40:42 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(0xffffffffffffffff, r0, 0x0)

[ 1064.013825] FAULT_INJECTION: forcing a failure.
[ 1064.013825] name failslab, interval 1, probability 0, space 0, times 0
[ 1064.059200] CPU: 1 PID: 23295 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1064.067107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1064.076462] Call Trace:
[ 1064.079060]  dump_stack+0x142/0x197
[ 1064.082702]  should_fail.cold+0x10f/0x159
[ 1064.086863]  should_failslab+0xdb/0x130
[ 1064.090846]  __kmalloc_track_caller+0x2ec/0x790
[ 1064.095518]  ? unwind_get_return_address+0x61/0xa0
[ 1064.100451]  ? __save_stack_trace+0x7b/0xd0
05:40:42 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000d7850000d0feab7500000000000002000000000000"])
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1064.104779]  ? btrfs_parse_early_options+0xa3/0x310
[ 1064.109802]  kstrdup+0x3a/0x70
[ 1064.112999]  btrfs_parse_early_options+0xa3/0x310
[ 1064.117847]  ? save_trace+0x290/0x290
[ 1064.121654]  ? btrfs_freeze+0xc0/0xc0
[ 1064.125457]  ? find_next_bit+0x28/0x30
[ 1064.129348]  ? pcpu_alloc+0xcf0/0x1050
[ 1064.133243]  ? find_held_lock+0x35/0x130
[ 1064.137303]  ? pcpu_alloc+0xcf0/0x1050
[ 1064.141199]  btrfs_mount+0x11d/0x2b28
[ 1064.145006]  ? lock_downgrade+0x740/0x740
[ 1064.149150]  ? find_held_lock+0x35/0x130
[ 1064.153209]  ? pcpu_alloc+0x3af/0x1050
05:40:42 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)
syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x401, 0x101000)

05:40:42 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x200100, 0x0)
accept$ax25(r1, &(0x7f0000000180)={{0x3, @netrom}, [@rose, @bcast, @rose, @default, @netrom, @remote, @null]}, &(0x7f0000000200)=0x48)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
setsockopt$inet_dccp_buf(r3, 0x21, 0xc, &(0x7f0000000080)="4b8619d6af93ea62b57a2f1d4179f6a6b90ffae1be18eb2cde5548e59b32e8752c9753c3a10d191193706b9d8ea6ddb63c2f1f170df9065d6646946e6f67b4f98de3f2fe3f48ea2b15ad8185a9ad75e989f40a43002c6ee37c002236f2b54d53f4a3a6988cbb47c47c267b40765c98cc6c76da88703b689caea3fb6970bcca1c7d0e2d1682ae0ab70fbcd7ec5a87d1ee6f7af7cb3df845ca651ca0c79a4a859f6a080b0a8f497273217fba25cea48d087aef28db5697e1628e010112c38b1652f0a99c1f638d0d3049d845993004e57c59f37df2b0cc120ada91be23a204f50ee3bc26cd56", 0xe5)

[ 1064.157097]  ? _find_next_bit+0xee/0x120
[ 1064.161163]  ? check_preemption_disabled+0x3c/0x250
[ 1064.166179]  ? btrfs_remount+0x11f0/0x11f0
[ 1064.170417]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1064.175445]  ? __lockdep_init_map+0x10c/0x570
[ 1064.179943]  ? __lockdep_init_map+0x10c/0x570
[ 1064.184444]  mount_fs+0x97/0x2a1
[ 1064.187816]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1064.192314]  ? find_held_lock+0x35/0x130
[ 1064.196377]  vfs_kern_mount+0x40/0x60
[ 1064.200183]  btrfs_mount+0x3ce/0x2b28
[ 1064.203984]  ? lock_downgrade+0x740/0x740
05:40:42 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000000)={{r3}, 0x2, 0x1000, 0x8})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r4, 0x0)

[ 1064.208136]  ? find_held_lock+0x35/0x130
[ 1064.212198]  ? pcpu_alloc+0x3af/0x1050
[ 1064.216092]  ? btrfs_remount+0x11f0/0x11f0
[ 1064.220343]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1064.225368]  ? __lockdep_init_map+0x10c/0x570
[ 1064.229869]  ? __lockdep_init_map+0x10c/0x570
[ 1064.234375]  mount_fs+0x97/0x2a1
[ 1064.237749]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1064.242248]  do_mount+0x417/0x27d0
[ 1064.245787]  ? copy_mount_options+0x5c/0x2f0
[ 1064.250191]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1064.255211]  ? copy_mount_string+0x40/0x40
[ 1064.259455]  ? copy_mount_options+0x1fe/0x2f0
[ 1064.263954]  SyS_mount+0xab/0x120
[ 1064.267408]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1064.271298]  do_syscall_64+0x1e8/0x640
[ 1064.275186]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1064.280039]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1064.285227] RIP: 0033:0x45ddea
[ 1064.288415] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1064.296125] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1064.303398] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1064.310664] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1064.317931] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1064.325202] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000040
05:40:45 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:45 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x0, 0x244040)
write$midi(r0, &(0x7f00000000c0)="68403315634d81a9450b2d6b6af210f6479f65bfa2e04194be597b62b760dcdd6f14", 0x22)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$EVIOCRMFF(r1, 0x40044581, &(0x7f0000000000)=0x3f)
r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r3, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r5, r4, 0x0, 0x209)
r6 = openat$cgroup_ro(r4, &(0x7f0000000140)='cpuacct.usage_user\x00', 0x0, 0x0)
ioctl$EVIOCGKEYCODE(r6, 0x80084504, &(0x7f0000000180)=""/199)
ioctl$ASHMEM_SET_NAME(r3, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:45 executing program 3 (fault-call:0 fault-nth:65):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:45 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(0xffffffffffffffff, r0, 0x0)

05:40:45 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, r0, 0x0, 0x209)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000100)={0x7fff, 0x8, 0x4, 0x5a19e5207885064c, 0x1, {0x77359400}, {0x4, 0xc, 0x0, 0x1f, 0x80, 0x7f, 'stZp'}, 0x10001, 0x1, @fd=r0, 0x7fff, 0x0, <r3=>r2})
ioctl$LOOP_SET_DIRECT_IO(r3, 0x4c08, 0xff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
r6 = fcntl$dupfd(r4, 0x0, r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
r7 = socket$alg(0x26, 0x5, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
bind$alg(r8, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-aes-neon\x00'}, 0x58)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x10000, 0x0)
ioctl$KVM_SET_CLOCK(r6, 0x4030ae7b, &(0x7f0000000000)={0x1, 0x4})
dup3(r6, r7, 0x0)

05:40:45 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={<r1=>0x0}, &(0x7f0000000040)=0xc)
ptrace$setopts(0x4200, r1, 0x1, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:45 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(0xffffffffffffffff, r0, 0x0)

[ 1067.081775] FAULT_INJECTION: forcing a failure.
[ 1067.081775] name failslab, interval 1, probability 0, space 0, times 0
05:40:45 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x4, 0x5)
r1 = getpid()
tkill(r1, 0x9)
process_vm_writev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f00000002c0)=""/72}, {&(0x7f0000000380)=""/117, 0x4e}], 0x10000149, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
r2 = getpid()
tkill(r2, 0x9)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r3, 0x0, 0x209)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000000)={0x0, <r5=>0x0})
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r7, r6, 0x0, 0x209)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0x11, 0x2, 0x0)
bind(r9, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r9, &(0x7f0000000040)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r10}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
ioctl$TUNSETIFINDEX(r6, 0x400454da, &(0x7f0000000180)=r10)
ptrace$setregs(0xd, r5, 0x3, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 1067.130966] CPU: 0 PID: 23335 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1067.138890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1067.148247] Call Trace:
[ 1067.150837]  dump_stack+0x142/0x197
[ 1067.154463]  should_fail.cold+0x10f/0x159
[ 1067.158617]  should_failslab+0xdb/0x130
[ 1067.162605]  __kmalloc+0x2f0/0x7a0
[ 1067.166187]  ? match_token+0x22b/0x480
[ 1067.170064]  ? match_strdup+0x5f/0xa0
[ 1067.173853]  match_strdup+0x5f/0xa0
[ 1067.177471]  btrfs_parse_early_options+0x241/0x310
[ 1067.182389]  ? btrfs_freeze+0xc0/0xc0
[ 1067.186171]  ? find_next_bit+0x28/0x30
[ 1067.190048]  ? pcpu_alloc+0xcf0/0x1050
[ 1067.193923]  ? pcpu_alloc+0xcf0/0x1050
[ 1067.197803]  btrfs_mount+0x11d/0x2b28
[ 1067.201606]  ? lock_downgrade+0x740/0x740
[ 1067.205741]  ? find_held_lock+0x35/0x130
[ 1067.209791]  ? pcpu_alloc+0x3af/0x1050
[ 1067.213682]  ? _find_next_bit+0xee/0x120
[ 1067.217736]  ? check_preemption_disabled+0x3c/0x250
[ 1067.222745]  ? btrfs_remount+0x11f0/0x11f0
[ 1067.226977]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1067.231996]  ? __lockdep_init_map+0x10c/0x570
[ 1067.236497]  ? __lockdep_init_map+0x10c/0x570
[ 1067.241003]  mount_fs+0x97/0x2a1
[ 1067.244366]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1067.248846]  ? find_held_lock+0x35/0x130
[ 1067.252894]  vfs_kern_mount+0x40/0x60
[ 1067.256685]  btrfs_mount+0x3ce/0x2b28
[ 1067.260473]  ? lock_downgrade+0x740/0x740
[ 1067.264602]  ? find_held_lock+0x35/0x130
[ 1067.268648]  ? pcpu_alloc+0x3af/0x1050
[ 1067.272527]  ? btrfs_remount+0x11f0/0x11f0
[ 1067.276756]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1067.281777]  ? __lockdep_init_map+0x10c/0x570
[ 1067.286265]  ? __lockdep_init_map+0x10c/0x570
[ 1067.290755]  mount_fs+0x97/0x2a1
[ 1067.294112]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1067.298596]  do_mount+0x417/0x27d0
[ 1067.302119]  ? retint_kernel+0x2d/0x2d
[ 1067.305997]  ? copy_mount_string+0x40/0x40
[ 1067.310216]  ? copy_mount_options+0x195/0x2f0
[ 1067.314700]  ? copy_mount_options+0x1fe/0x2f0
[ 1067.319194]  SyS_mount+0xab/0x120
[ 1067.322648]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1067.326534]  do_syscall_64+0x1e8/0x640
[ 1067.330422]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1067.335269]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1067.340448] RIP: 0033:0x45ddea
[ 1067.343630] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1067.351328] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1067.358585] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1067.365840] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1067.373095] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
05:40:45 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x10640, 0x0)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x200)
r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000480)={0xc8, 0x4, 0x8, 0x5, 0x0, 0x0, {0x2, 0x0, 0x4}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x1a}, @CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0xd4}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x1007}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_GRE_REPLIED={0x8}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x4c, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_FIN_WAIT={0x8, 0x4, 0x1, 0x0, 0x101}, @CTA_TIMEOUT_TCP_SYN_SENT2={0x8, 0x9, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_TCP_TIME_WAIT={0x8, 0x7, 0x1, 0x0, 0x20}, @CTA_TIMEOUT_TCP_CLOSE={0x8, 0x8, 0x1, 0x0, 0x20}, @CTA_TIMEOUT_TCP_TIME_WAIT={0x8, 0x7, 0x1, 0x0, 0x42}, @CTA_TIMEOUT_TCP_CLOSE={0x8, 0x8, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_TCP_LAST_ACK={0x8, 0x6, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_TCP_TIME_WAIT={0x8, 0x7, 0x1, 0x0, 0xfff}, @CTA_TIMEOUT_TCP_TIME_WAIT={0x8, 0x7, 0x1, 0x0, 0x1}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8917}]}, 0xc8}, 0x1, 0x0, 0x0, 0x40}, 0x10000000)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1067.380348] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000041
05:40:45 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r2 = fcntl$getown(r1, 0x9)
syz_open_procfs$namespace(r2, &(0x7f0000000000)='ns/mnt\x00')
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:45 executing program 0:
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)

05:40:45 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(0xffffffffffffffff, r4, 0x0, 0x209)
ioctl$EVIOCSABS20(r5, 0x401845e0, &(0x7f0000000000)={0x9, 0x0, 0x3ff, 0x7fff, 0x7, 0x5})
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:40:48 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:48 executing program 3 (fault-call:0 fault-nth:66):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:48 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x100, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:40:48 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x60c0c0, 0x0)
sendfile(r2, r1, 0x0, 0x209)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r3, 0x0, 0x209)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r4, 0x8983, &(0x7f0000000000)={0x1, 'erspan0\x00', {}, 0x3})
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x80000000)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:48 executing program 0:
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)

05:40:48 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x321c40, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$RTC_PIE_OFF(0xffffffffffffffff, 0x7006)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r1, 0x4112, 0x0)

[ 1070.113126] FAULT_INJECTION: forcing a failure.
[ 1070.113126] name failslab, interval 1, probability 0, space 0, times 0
[ 1070.132480] CPU: 1 PID: 23390 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1070.140384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1070.149739] Call Trace:
[ 1070.152333]  dump_stack+0x142/0x197
[ 1070.155970]  should_fail.cold+0x10f/0x159
05:40:48 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='clear_refs\x00')
ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000000340)={{{0xc, 0x1}}, 0x18, 0x7, &(0x7f0000000300)="eeddc4495badac54d308a8dee76a4f22b4fd86ca687704ab"})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r2)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r5, r4, 0x0, 0x209)
ioctl$KVM_GET_IRQCHIP(r5, 0xc208ae62, &(0x7f00000000c0)={0x0, 0x0, @ioapic})
io_setup(0x7, &(0x7f0000000100)=<r6=>0x0)
io_destroy(r6)
r7 = socket$tipc(0x1e, 0x5, 0x0)
r8 = eventfd2(0x3, 0x800)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r10 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r11 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r11, r10, 0x0, 0x209)
r12 = socket$inet6_udp(0xa, 0x2, 0x0)
clock_gettime(0x0, &(0x7f0000001580)={<r13=>0x0, <r14=>0x0})
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000015c0)={0x1, 0x3, 0x4, 0x40000, 0x9, {r13, r14/1000+10000}, {0x1, 0x0, 0x1, 0x6, 0x2, 0x46, "fafccf5b"}, 0x274a3a2f, 0x4, @offset=0xfff, 0x0, 0x0, <r15=>0xffffffffffffffff})
r16 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r16, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r16, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r17 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r18 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r18, r17, 0x0, 0x209)
r19 = accept(0xffffffffffffffff, &(0x7f0000001780)=@in6={0xa, 0x0, 0x0, @loopback}, &(0x7f0000001800)=0x80)
io_submit(r6, 0x6, &(0x7f00000018c0)=[&(0x7f00000013c0)={0x0, 0x0, 0x0, 0xb, 0x7, r7, &(0x7f00000003c0)="145f8afe3f8856d0a114929721e68a4146eaac17a9a048109c74a8c3be277c19db7682770f49004a0b4cbed4601bc70bb84da546cd4a298b59037c332ba712692da5f994515f863babe7c306b8bf7a0ea6f6192f637621c01cc9b29e908e049e9031b0e5ac69848743af6f70488d4f32b3054c737492c0e36911cbe1cf138429f339607511696f0ae1f00a632253a5e38a1caba44ec5ca2587daabe156b73b5a34ccb03122879f8a94f2d811f496e5f130e640525cd630585c0408df829bec1df27926532e0cf71a07a523337f0c4efde9846222bc3f098eb2b81770973acecbf4e3591b31ed0c00699d0738bc184dc1be7e86cae9b8b1bf80231b64271b885c4183656f507174fe34e9e548050f920adb759a66bd3205855c24ddd8585dbaec56679cb96ae002df96215b552fdc88341bcb9fea1b8664738080eae725f3a22e18577f1a7cc87b6e2eb8d85319865a3bd55877bc4e0a549a7214b7a9b593d9d2bdeaf7a3f7bdc83a5a5abc4547cb30766a79646ceab32a6581fe9f11ba7db11840ddaf46701e18c8e8f56f50bdd98d36da680580188bf6ec9f6f939abbda096cc96e39b49279c03ae9a651c8488d71f6fb07266d4cd6f9725f2942916c0d9ad79c0347cc4783f988d79b901cb823e41338a7b6f485b291e03540172706932526c55141caba9a84916ef17744bd3c00073128cfc1659b2f785cc9208f7aa75f72d8db865b81aea8ee01d623c4f01e314d058c4e8578e70aabeb2acba9f0586dca416c61c94f949fcfeb72f731576a855925f96d51f1f6463af8fc2f3be0c36600412e5a38d18456912b51a860eda44541338c19a59de1c2f6d14bc6c6fdd5ea6e9a5f56b745a5daf6ae05abd98f3fd41fbc6a02a1433fce65af021e7b6cc4e40bededf073b5ebfe35b13fd3ff2d82896966e6247d909aa972cb64289af8cf42bbdcd4fd56df9ec7a1d363764c5935e8b062e29e9d2bb439dc049b44e1574d2b0227acecd3d7d05d3c22cf9a8b1ebc404edce977bc5e0867639aa37d60303d4cd74d981cc75df4bd72d13fa3397aab76b04270f68f8f85bf0c6c1ad2cefbf99635d4e15af2480426c46a35da15255f998f59182ee331b20605f309b6a65fdd3b24c72cdf7c91700211500e5d4bb63f56564fa48e1d095923518703e28f6b25367a3d7e159f3ffdf6afd7ff35ec532e85257fc8f943f18244d7b546b5d07c760186c599fc6a1611dff7e0b693ccd58fdfc5e434c614ea4a2b371a8bdd0437492c2b8759246c81451e65860a584d58f4f800d78dd70cf91a5f7eb69c26f8f3cfb1a1c0e500a1460c08d82ba4b74121520b181353914c6033383ab68b0c2bdf3307a59b5a85955af3ee9337c1e08cad87c3967c8b18d6860136df3bc1e05508cfd4802b8c2fe7da77d04f580af43a39be73273f5318355354e05ce265da5e1383173f1f7c24890850bfa8b2bde21a5c6def923cfa4fa6c8417685eeadc64723c0373592a1e475662a3adea084266ec943f073cc7d20642f23503751673563dedc661ca8906f49b78eeb9243ff47a0cb6c2d67a20d407a3b6e765378f78faf93b3a15d0005237af2997045aed80aa5eeaec30612131e745220bdcb21ac608425425a213145fe16a9891a17a911bd356fbca35125f5ab1563c8801762b6463910bef4392f31c6a89050ac8acf5efd149d3811e52eda8a9d820903da23f16ab5170bc1a5776a0ad6f23b29e73f61649b6ab453c4109dfbc8d428589e95553d4c509192b1836cffcec28537e81e0ec00dd892393b665009c08184ea9cb481a4ec0a7c794ffb3ca9f8d31af6b4c058b13494fb347922bd194f3d412dc443f79f3a678770173e29cd2677267e98548838e503630e131f095d437dce8dd5821de457ac151a3e0ce9457e59ec962277f5a1b00f558da88c9f20fece769a57ac15ce439961a10149fdff897e6132e188530db40f2d42fa752ee9542cf89e644f647f6a8229d28b33f28fb0e455310ed97ff717c47c99aac6c062076fccdba11a8ca0295ba536e0d03a94ea135977571797a3996795e373012875b72bd42861d1852e798a9ebed67e2a44a1af6200e491b7be4045f6d0a5d93d7ef5201d7244721c669be597dfda1d340a7d0ef38edfa8eda2954048926a3e5b79f9e92103ed844506b3dd8934f92067f250cd8a5c15406cc3c53f15948ca38c880a2c0b54ac3fcc8390679ca1cfd3a75273432cd5648623834dc12b1eeca256005428ad05b95a35de41b5d8e33aa04ef138ba4e1de6df76581e151f3d5991241e98d3394878875153b4342694ac25b028284f8e1f4d158f302ab088f3defc99a4c7caf5e7208e4f9a30744663d59c5aa4507f67d63fe876d348ad739d9f095457bed4358d83760fe3d6f32a98413b35091a965a5f1ea1622c6b95880dd9ed10b5cf5889adf04fa647364c08f3e37924a367519c1ad63adc2b1d274ea5d1ea9c9e96c16d2d2290f13be382a01802ebd853277e3a341c553052d55888e804cfc84a6d458e0bf096ef27b3533582c19b05040a4a95acd34c815aa3ebee6e62d4ab057559d0658006ab21dad101ba0cf6ad627b4656f2940ea468ee45ba60b26ccf70279c9cca6abac370d3df53dda259a225c2d95f9523c71a42b6d3ee134a8aaa0e73bca4ead2678463629b8e6f38963b1df1b3c9ee08d13885e8af68a0b7693e00656a7c526344b5c998b2219f3207c9bf1bed498e3ca9c6349e93825a82dff99d211e0c3c585dcdcd7f5ec7b1a9884ed2b0aa6a57047817c0f22b80d324e05b33d89130b20b3470a6c5cd368a57d6ec9934318b6a35435c5b57648f0368126379d05fef006a3ab946ad47fad9d8c3794d83ebf37c07a18808005f1c4adec34ee0c3f45adc4fa8f659ad7b8e68b93f63b35ec7bde6228739888e4937a983ea11bc2fde72f77d597bfae542aac5ed8c184cb5d759b4f637c4eb67d1a1a6944a74a38398b89a65b174404e8524947ee7764d7f1b2a7b73585c58b11c71be1cfdd29b0ee3dc4d1a69cece1f3f07e834b27dfadbfe19ba2b3e2a4aa2782f1b12c41f4549fd08752dd555c9ec845137745ebcb243923fe1d886c8028ac4d00d4288071de7c9f202e8718708ea7677bcfad0d03258703cf31ccfb5ebe29f9b2143cea6e7a5eaf3e3de56ccccf419c02cf8d509848366b17ec79b659a574dc11486f07ab4642918abf985de8dcf9ec7649fc2b6b3f837362fe8e10e02f421e499e22c1b3821b87877f317855efc2af75e8513cd68761d53787eb2d461ee36896756c9f4330ce874ad35c9cf70d5973c1b23a88e790dcbf948315a84982233e77bb08a2aaf0e23057b45e873a86e07e9a3926d9d9c21becdd4f096034a98d66e29644731e3930d261b1262800face69e33592101dce5a390b0999bc371ba0eae69bcdfb8f253ac6399c0d760051ba3323c11c0279a8c9ff09c83d13d430ea7e503a343cee34fe05caa9b9cf79be1dea27266e4adc9f6475f16ca03b33ddbd88ac247a5df44effd5b0e5aa0321886710ed4b87eec989b6fd8fcb417dbb57c5cb9779637d66feeffb914c27c64fe4c78edf31b50b096a1aeb75455c0ba7d2052f84a449960d8d205748f8cb5ae8d60bcd38e2131ffcbe38b107def0ad777897cfe1c3ee147a5faa6d05fadee589a2f25c0e03e436328649753aaf1922426d4659aa42d87225ed9fdcb6483eba031df1c0dbf3f2ad7ad9b019f0c1dcdf173088b52c867e04d61907b9b1d7de6efb1c6273f2768c8fa8faa50f449a34ceb0e58e490211e6bde31bb589b0d091496a8b464d49cf5d52c6dc9ad615ad185c2c7d6bc4ac7868663ab32443a564df8118bc9333b64ea1a904dfe7a5cd003f7f4a8b7529cbe703980bbadd394797f98d1d37de3c0be74c59fbb4208b7864d85ead590b68c2199d7c43595a3e405d10ae1c839cd942dd552e919012ee1919a8a7fefc31d852f7c236d985f94b0a0c5dcc8a4f4980ff31b15cbb8480ef8905e42a1912dfcde165dc819a4b5d66fefd3bcd7cb9049a9f6f14865cb0bab2497fa1389afe8f03a47d1b9f7c8527c434c2fd01ff4c59cca3a67e43a1a950f2cb44592ed9553c4b5f0eb5a62f96613789223a22ced9effe9d8dc3449c37ee4f41acf5148dee74f8f95f15dfb06771ffe2a1372bcc1a695ffb4caace4ebfcb5a0cc678dacb8dc9be0842620843a90cf28a742442e31cec060dd342423856900192aec5142aa62375da0ab1cfe245b25956e328307a18f5686f6e07116665f3d842e15430a8ce22c4d7d9e2cb7f268a6a2785dad8a0579c3f29ee1c07250d5864068d70f4df06f1fd03871a43639fa5ed97c2d912660ce6590ec1429ec64dfbeab7ba3791aa47c7e5a5798fa59bab6a31d5330915b28033bd196944960b4148ed32406af7153284ac0402dc7b754cac4bfe7145f11d627d5e45697814f99760ad1980ce94d4046bde60ed4c7bc0d20099fb96af41f4e512653d722ea2646857691689dfa1ab56a9c1c28b924d9436a4f43a20828ec7704a830cdd854865f9ecac9f0bc37999126413a2d3bec0abde9c81924b808bf8cd4ea5a20aefece1f3c30db467433b836bc2188c7bd8185b401051d9610db0209d1a25fc668a6aba875506f38ba1e9260851f77a462bea3d1befa4b8d42abebbef0b6c84352ca9981a0ca0073fe207461c1c48b7825446ca5950fdc8e60e99b1723ab83bb5202f235b3562edc74223adeb26b24002594e59a3874382b14754d98873d3dce1c38b69cc36d2a6ad91a67ebde8f5c6a6e597ff657f893a42ee777ab20bc78969317e1b883ac565a72934fd5f4ad056079051aae2d27aa9775d48d42d856b101239f80051b1999fefc0c854d4b2f3cb19f3b8fdc1cf465642474c6abff13930e701fefe5ef8fe63eb592d7d4683ef00286d01dd8dce117f8c0dc2c5e2ef17ba11176079fcd167d5fb7a69d12518ada467a11f73433b5c2ffe9a0215736a5f964fb06450498f51fede858baea586037502364ad23c7737a82ab77df38f585d4425046aaa0875fc7b31bef64c859d13bef63d6052a50c97142b82c52432122a1bf9c48c9d5a5ae39c8dfa393fd4f814b2fd750264e5b49c461607bc4c934386204723cfa45d7bca24d6e1e012fc4d5bbdcfbd32b1f4265e588176420e0afd12e3e2be0a9557c98616bb37cd8e7cbf1f4e93ac950db175c2884ec99f41d3b8499198a6669fa6dd9a24e1190780ac133ad4afc7d5a36a8386cc98f573488881cc5d1fb00f0a36aef186c1396c7eef5bf54c0d62773baa9ae76fb9dc768ffa94c958783d56993e3ae7a23e10e1c731c14ff4f69cd8328a96ccfe753d7f5ee39a561fd30a1577caac41d60fa03568bf352ceb289d44aaf53dc982815d5d0be93892e10a5a9c34bee916336ba440906792fb20f2f5a039368a08480bbdb7b39b2b4f1e9ed31f6415a2c0fe67670620e65a9e95e4122fccbdbc3454aa4e2ac659fae47b4d583f99b9eca817f7ff2dc49e9acddc4c3150db840224ae5f95addf2e68c180da79555cbe942d9e4a98cc5e1a53a49538397853e645826c1544f93fc934eac47eb2dff033246399ca72677a7885f85bfae7000a26ea504b6c45e280048fe01c982b2191da3d3a246e4f7431318e586332a7bf7479cfe9447548b41e8ab6e56e7d8b8e0f6660008e98fec9c5cacaead0f8d9e8497bb8d45eff76f51f5c9cd1623efe9d29f41426acbf4d924401e75560038c07d7471102842d5c0af559f87603ed178b9393e3a1b4ebaeca938fd838bb5e1c382a02c05892413e6a237f7f5d1c385", 0x1000, 0x21, 0x0, 0x2, r8}, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x8, 0x7, r9, &(0x7f0000001400)="0d89856ee6d32ca179d80502f95156cd2c8cf948ffe4b93c2f1cb1e90144e092d28603e88cb2f109b7b3fccf73fe82e8db16866a0dc179888709d4", 0x3b, 0x0, 0x0, 0x2, r11}, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x7, 0x401, r12, &(0x7f0000001480)="1560a7b3232ca69312f862c9c46bdbadf135109ab84a2140c546e33458fb9f714555ba1d606044f04c7ca9565899e03215799772749ba84873113e6269aa1c39baedefca2413ca862e0592463dc72cdbe5d9d90c27d5f426b5e7e0b37e93ecb4abfbb6a5442cd061fadf5b5ac13b4d14ad5993313b4bf014fe7c75ebf9b6f51cc4104bb55de29a6232b9fe0d496ecd02a09a8d64ab1672b06547bd786e3dcb8a1655b2cbdbe676ea6fb78be2fa2f9a97e929b1830aa904b082c0a450930805d6fa797b86d69ae4359d4eba370524ac904c0a5e00cf10b96e7ff2fd0d44293587245a019f", 0xe4, 0x3, 0x0, 0x3, r15}, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, 0x2, r0, &(0x7f0000001680), 0x0, 0xfffffffffffff800, 0x0, 0x0, r0}, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x6, 0x100, r16, &(0x7f0000001700)="49ad06b58ee22f4781f9b05af50e9955efc4bc33d739ad3f96bb01c4eccaba1addf8e094244be382512e42", 0x2b, 0x20, 0x0, 0x0, r18}, &(0x7f0000001880)={0x0, 0x0, 0x0, 0xa, 0x5, r19, &(0x7f0000001840)="64472baaf6e8c66eaa2ddd2dc505b7d1397efad05e76885712c991108ec63473ad518b916f5317e3d2f5", 0x2a, 0x3}])
mknodat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0xc000, 0x3)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r20 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r20, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r3, r20, 0x0)

[ 1070.160135]  should_failslab+0xdb/0x130
[ 1070.164118]  __kmalloc_track_caller+0x2ec/0x790
[ 1070.168795]  ? kstrdup_const+0x48/0x60
[ 1070.172707]  kstrdup+0x3a/0x70
[ 1070.175908]  kstrdup_const+0x48/0x60
[ 1070.179624]  alloc_vfsmnt+0xe5/0x7d0
[ 1070.183347]  vfs_kern_mount.part.0+0x2a/0x3d0
[ 1070.187839]  ? find_held_lock+0x35/0x130
[ 1070.191904]  vfs_kern_mount+0x40/0x60
[ 1070.195710]  btrfs_mount+0x3ce/0x2b28
[ 1070.199517]  ? lock_downgrade+0x740/0x740
[ 1070.203665]  ? find_held_lock+0x35/0x130
[ 1070.207730]  ? pcpu_alloc+0x3af/0x1050
[ 1070.211626]  ? btrfs_remount+0x11f0/0x11f0
[ 1070.215867]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1070.220895]  ? __lockdep_init_map+0x10c/0x570
[ 1070.225405]  ? __lockdep_init_map+0x10c/0x570
[ 1070.229906]  mount_fs+0x97/0x2a1
[ 1070.233276]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1070.237779]  do_mount+0x417/0x27d0
[ 1070.241328]  ? copy_mount_string+0x40/0x40
[ 1070.245571]  ? copy_mount_options+0x151/0x2f0
[ 1070.250129]  ? __sanitizer_cov_trace_pc+0x4e/0x60
[ 1070.254977]  ? copy_mount_options+0x1fe/0x2f0
[ 1070.259475]  SyS_mount+0xab/0x120
05:40:48 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
ioctl$SG_GET_SG_TABLESIZE(r2, 0x227f, &(0x7f0000000000))
dup3(r2, r3, 0x0)

05:40:48 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x1, 0x80000000, 0x1})
r1 = semget$private(0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
r4 = openat(r3, &(0x7f0000000180)='./file0\x00', 0x200, 0x180)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, &(0x7f00000001c0)="408ffb6f1f1d0df28ef620243b66fedc", 0x10)
semctl$SETALL(r1, 0x0, 0x11, 0x0)
semctl$GETVAL(r1, 0x3, 0xc, &(0x7f0000000080)=""/248)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r5 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ip6_tables_names\x00')
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r6, r5, 0x0, 0x209)
ioctl$SNDRV_PCM_IOCTL_HWSYNC(r6, 0x4122, 0x0)

[ 1070.262926]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1070.266829]  do_syscall_64+0x1e8/0x640
[ 1070.270722]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1070.275578]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1070.280767] RIP: 0033:0x45ddea
[ 1070.283954] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1070.291659] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1070.298925] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1070.306190] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1070.313467] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1070.318352] audit: type=1326 audit(2844654048.601:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23405 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45e1da code=0x0
[ 1070.320757] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000042
05:40:48 executing program 0:
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r0, 0xffffffffffffffff, 0x0)

05:40:48 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x410180, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200040001ff)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
mmap(&(0x7f0000701000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:48 executing program 3 (fault-call:0 fault-nth:67):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[ 1070.545203] FAULT_INJECTION: forcing a failure.
[ 1070.545203] name failslab, interval 1, probability 0, space 0, times 0
[ 1070.560308] CPU: 0 PID: 23423 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1070.568221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1070.577583] Call Trace:
[ 1070.580178]  dump_stack+0x142/0x197
[ 1070.583811]  should_fail.cold+0x10f/0x159
[ 1070.587956]  should_failslab+0xdb/0x130
[ 1070.591931]  __kmalloc+0x2f0/0x7a0
[ 1070.595483]  ? match_token+0x22b/0x480
[ 1070.599376]  ? match_strdup+0x5f/0xa0
[ 1070.603169]  match_strdup+0x5f/0xa0
[ 1070.606793]  btrfs_parse_early_options+0x241/0x310
[ 1070.611720]  ? btrfs_freeze+0xc0/0xc0
[ 1070.615515]  ? find_next_bit+0x28/0x30
[ 1070.619403]  ? pcpu_alloc+0xcf0/0x1050
[ 1070.623284]  ? pcpu_alloc+0xcf0/0x1050
[ 1070.627154]  btrfs_mount+0x11d/0x2b28
[ 1070.630945]  ? lock_downgrade+0x740/0x740
[ 1070.635082]  ? find_held_lock+0x35/0x130
[ 1070.639129]  ? pcpu_alloc+0x3af/0x1050
[ 1070.643021]  ? _find_next_bit+0xee/0x120
[ 1070.647066]  ? check_preemption_disabled+0x3c/0x250
[ 1070.652083]  ? btrfs_remount+0x11f0/0x11f0
[ 1070.656317]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1070.661342]  ? __lockdep_init_map+0x10c/0x570
[ 1070.665830]  ? __lockdep_init_map+0x10c/0x570
[ 1070.670324]  mount_fs+0x97/0x2a1
[ 1070.673694]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1070.678186]  ? find_held_lock+0x35/0x130
[ 1070.682240]  vfs_kern_mount+0x40/0x60
[ 1070.686033]  btrfs_mount+0x3ce/0x2b28
[ 1070.689834]  ? lock_downgrade+0x740/0x740
[ 1070.693981]  ? find_held_lock+0x35/0x130
[ 1070.698032]  ? pcpu_alloc+0x3af/0x1050
[ 1070.701915]  ? btrfs_remount+0x11f0/0x11f0
[ 1070.706141]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1070.711164]  ? __lockdep_init_map+0x10c/0x570
[ 1070.715652]  ? __lockdep_init_map+0x10c/0x570
[ 1070.720135]  mount_fs+0x97/0x2a1
[ 1070.723526]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1070.728005]  do_mount+0x417/0x27d0
[ 1070.731536]  ? copy_mount_options+0x5c/0x2f0
[ 1070.735935]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1070.740942]  ? copy_mount_string+0x40/0x40
[ 1070.745170]  ? copy_mount_options+0x1fe/0x2f0
[ 1070.749655]  SyS_mount+0xab/0x120
[ 1070.753103]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1070.756982]  do_syscall_64+0x1e8/0x640
[ 1070.760852]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1070.765719]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1070.770898] RIP: 0033:0x45ddea
[ 1070.774075] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1070.781764] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1070.789017] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1070.796276] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1070.803525] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1070.810778] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000043
[ 1071.112694] audit: type=1326 audit(2844654049.580:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=23405 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45e1da code=0x0
05:40:51 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:51 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r1 = socket(0x1f, 0xa, 0x6)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x2, 0x0)
bind(r3, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r3, &(0x7f0000000040)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c0000001000010800000000000000a8f509111d", @ANYRES32=r4, @ANYBLOB="00000000000000001c0016801800018014000a00"/36], 0x3c}}, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000000c0)={@dev={0xfe, 0x80, [], 0x8}, 0x154, r4})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r6, r5, 0x0, 0x209)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x11, 0x2, 0x0)
bind(r8, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r8, &(0x7f0000000040)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r9}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00')
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="f067964e4dd7789c51229d0a63cdbd8324000000c22ae40bab41689847213bb92975d73cbb43fcb2eb124d52442a9e2daa551d43c26f96af47dda10dbdff03104b7999e4c61c59fbff1fb602eb0359f21b41da67fd7e54cad822877ef808", @ANYRES16=r10], 0x2}, 0x1, 0x0, 0x0, 0x40004}, 0x40808)
sendmsg$NL80211_CMD_START_AP(r8, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r10, 0x10, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0xffff}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x24048010)
ioctl$TUNSETIFINDEX(r6, 0x400454da, &(0x7f0000000180)=r9)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
r11 = getpid()
tkill(r11, 0x9)
ptrace$setregs(0xd, r11, 0x1002, &(0x7f0000000000)="e706d8ef2c944a16b439ed618c26e0fbe212e6ce79683b2dce61da5c")
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:51 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x680200, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f0000000100)={0x15, 0x110, 0xfa00, {r2, 0xf4, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @broadcast}, @ib={0x1b, 0x7, 0x8001, {"6ad1630b305703571c3307cd45a35c79"}, 0x2, 0x8, 0x9a2}}}, 0x118)

05:40:51 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x1, 0x80000000, 0x1})
r1 = semget$private(0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
r4 = openat(r3, &(0x7f0000000180)='./file0\x00', 0x200, 0x180)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, &(0x7f00000001c0)="408ffb6f1f1d0df28ef620243b66fedc", 0x10)
semctl$SETALL(r1, 0x0, 0x11, 0x0)
semctl$GETVAL(r1, 0x3, 0xc, &(0x7f0000000080)=""/248)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r5 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ip6_tables_names\x00')
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r6, r5, 0x0, 0x209)
ioctl$SNDRV_PCM_IOCTL_HWSYNC(r6, 0x4122, 0x0)

05:40:51 executing program 3 (fault-call:0 fault-nth:68):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:51 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r5, r4, 0x0, 0x209)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(r5, 0x110, 0x4, &(0x7f0000000000)=0x1, 0x4)

05:40:51 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x2001, 0x0)
ioctl$KVM_S390_UCAS_MAP(r1, 0x4018ae50, &(0x7f0000000080)={0x7, 0x1, 0x8})
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:51 executing program 0 (fault-call:4 fault-nth:0):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

[ 1073.155144] FAULT_INJECTION: forcing a failure.
[ 1073.155144] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1073.169670] CPU: 0 PID: 23442 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1073.177576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1073.186931] Call Trace:
[ 1073.189530]  dump_stack+0x142/0x197
[ 1073.193171]  should_fail.cold+0x10f/0x159
[ 1073.197331]  ? __might_sleep+0x93/0xb0
[ 1073.201221]  __alloc_pages_nodemask+0x1d6/0x7a0
[ 1073.205885]  ? trace_hardirqs_on+0xd/0x10
[ 1073.210023]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1073.215023]  ? btrfs_parse_early_options+0x1a2/0x310
[ 1073.220113]  alloc_pages_current+0xec/0x1e0
[ 1073.224423]  __get_free_pages+0xf/0x40
[ 1073.228290]  get_zeroed_page+0x11/0x20
[ 1073.232161]  parse_security_options+0x1f/0xa0
[ 1073.236636]  btrfs_mount+0x2bb/0x2b28
[ 1073.240428]  ? lock_downgrade+0x740/0x740
[ 1073.244565]  ? find_held_lock+0x35/0x130
[ 1073.248621]  ? pcpu_alloc+0x3af/0x1050
[ 1073.252501]  ? btrfs_remount+0x11f0/0x11f0
[ 1073.256723]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1073.261741]  ? __lockdep_init_map+0x10c/0x570
[ 1073.266248]  mount_fs+0x97/0x2a1
[ 1073.269598]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1073.274073]  ? find_held_lock+0x35/0x130
[ 1073.278116]  vfs_kern_mount+0x40/0x60
[ 1073.281907]  btrfs_mount+0x3ce/0x2b28
[ 1073.285698]  ? lock_downgrade+0x740/0x740
[ 1073.289825]  ? find_held_lock+0x35/0x130
[ 1073.293868]  ? pcpu_alloc+0x3af/0x1050
[ 1073.297739]  ? btrfs_remount+0x11f0/0x11f0
[ 1073.301968]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1073.306985]  ? __lockdep_init_map+0x10c/0x570
[ 1073.311473]  ? __lockdep_init_map+0x10c/0x570
[ 1073.315966]  mount_fs+0x97/0x2a1
[ 1073.319337]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1073.323830]  do_mount+0x417/0x27d0
[ 1073.327373]  ? copy_mount_options+0x5c/0x2f0
[ 1073.331784]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1073.336794]  ? copy_mount_string+0x40/0x40
[ 1073.341027]  ? copy_mount_options+0x1fe/0x2f0
[ 1073.345519]  SyS_mount+0xab/0x120
[ 1073.348957]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1073.352833]  do_syscall_64+0x1e8/0x640
[ 1073.356714]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1073.361563]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1073.366747] RIP: 0033:0x45ddea
[ 1073.369930] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1073.377671] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1073.384933] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1073.392193] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
05:40:51 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
write$FUSE_IOCTL(r2, &(0x7f0000000000)={0x20, 0x30ab97725dabcf3a, 0x1, {0x1ff, 0x4, 0x5, 0x5}}, 0x20)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:40:51 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x208000, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000240)={0x0, {{0x2, 0x4e21, @multicast2}}}, 0x88)

[ 1073.399465] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1073.406727] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000044
05:40:51 executing program 3 (fault-call:0 fault-nth:69):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:52 executing program 1:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r2 = fcntl$dupfd(r1, 0x406, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
creat(&(0x7f00000000c0)='./file0\x00', 0xf3)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

[ 1073.609482] FAULT_INJECTION: forcing a failure.
[ 1073.609482] name failslab, interval 1, probability 0, space 0, times 0
[ 1073.645460] CPU: 0 PID: 23471 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1073.653365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1073.662715] Call Trace:
[ 1073.665290]  dump_stack+0x142/0x197
[ 1073.668911]  should_fail.cold+0x10f/0x159
[ 1073.673057]  should_failslab+0xdb/0x130
[ 1073.677022]  kmem_cache_alloc+0x2d7/0x780
[ 1073.681162]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1073.686304]  ? btrfs_scan_one_device+0x89/0x4e0
[ 1073.690965]  ? trace_hardirqs_on_caller+0x400/0x590
[ 1073.695988]  getname_kernel+0x53/0x350
[ 1073.699863]  kern_path+0x20/0x40
[ 1073.703230]  lookup_bdev.part.0+0x63/0x160
[ 1073.707448]  ? blkdev_open+0x260/0x260
[ 1073.711321]  ? free_hot_cold_page+0x763/0xca0
[ 1073.715803]  blkdev_get_by_path+0x76/0xf0
[ 1073.719973]  btrfs_scan_one_device+0x97/0x4e0
[ 1073.724458]  ? device_list_add+0x8d0/0x8d0
[ 1073.728718]  ? __free_pages+0x54/0x90
[ 1073.732506]  ? free_pages+0x46/0x50
[ 1073.736134]  btrfs_mount+0x2e3/0x2b28
[ 1073.739933]  ? lock_downgrade+0x740/0x740
[ 1073.744066]  ? find_held_lock+0x35/0x130
[ 1073.748115]  ? pcpu_alloc+0x3af/0x1050
[ 1073.751991]  ? btrfs_remount+0x11f0/0x11f0
[ 1073.756225]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1073.761235]  ? __lockdep_init_map+0x10c/0x570
[ 1073.765723]  mount_fs+0x97/0x2a1
[ 1073.769079]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1073.773562]  ? find_held_lock+0x35/0x130
[ 1073.777610]  vfs_kern_mount+0x40/0x60
[ 1073.781401]  btrfs_mount+0x3ce/0x2b28
[ 1073.785198]  ? lock_downgrade+0x740/0x740
[ 1073.789332]  ? find_held_lock+0x35/0x130
[ 1073.793393]  ? pcpu_alloc+0x3af/0x1050
[ 1073.797268]  ? btrfs_remount+0x11f0/0x11f0
[ 1073.801499]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1073.806507]  ? __lockdep_init_map+0x10c/0x570
[ 1073.810991]  ? __lockdep_init_map+0x10c/0x570
[ 1073.815509]  mount_fs+0x97/0x2a1
[ 1073.818864]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1073.823386]  do_mount+0x417/0x27d0
[ 1073.826914]  ? copy_mount_options+0x5c/0x2f0
[ 1073.831309]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1073.836348]  ? copy_mount_string+0x40/0x40
[ 1073.840580]  ? copy_mount_options+0x1fe/0x2f0
[ 1073.845079]  SyS_mount+0xab/0x120
[ 1073.848527]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1073.852417]  do_syscall_64+0x1e8/0x640
[ 1073.856301]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1073.861165]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1073.866340] RIP: 0033:0x45ddea
[ 1073.869516] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1073.877236] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1073.884510] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1073.891770] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1073.899032] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1073.906287] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000045
05:40:54 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
ftruncate(0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
r2 = dup3(r1, r0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r5, r4, 0x0, 0x209)
sendmsg$NFT_BATCH(r4, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000000a01020000000000000000070000010900010073797a3000000000080002400000000008000240bf6d987a08000240000000010900010073797a31000000000c0004400000000000000004340000001100010000000000000000000000000a"], 0x78}}, 0x8800)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
sendmsg$nl_netfilter(r2, &(0x7f0000000700)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000006c0)={&(0x7f00000000c0)={0x5c4, 0xb, 0x8, 0x101, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x1}, [@nested={0x90, 0x76, 0x0, 0x1, [@generic, @typed={0x8, 0x4b, 0x0, 0x0, @ipv4=@multicast2}, @generic="86302fb3bee31189c77a804ae851715dd6daefc891601cd91730fb9fbfcda863e8ccb43b1618c74ec436df0ab5745fca296304ba81ee725f6c3077e859009017641866727f81ea3c15223ae5265ffe0b77d4332c5be7046c99b602becd84fd229f5cf4a159e3391aefc835d371c9c42f", @typed={0x8, 0x1b, 0x0, 0x0, @u32=0x598}, @typed={0xc, 0x33, 0x0, 0x0, @u64=0x751a}]}, @typed={0x8, 0x92, 0x0, 0x0, @ipv4=@loopback}, @nested={0x3bb, 0x38, 0x0, 0x1, [@generic="5e2b91b71e3049569acc9a287eef68b737df29b281959046fa9b84d1f624ad6d495edff207beb32c5197be5623e03c03849988c5b4d9693af269cd694e3e2d0a7fdcb875f756b3462e0414f8bedd79f5064e4870b64ac5a82a5deedb3fae8ddf0b7a28750930f1378aaeb14783aa53f08beb7738419ccf406df84dad1e82ca7a9916bfb6d4af3195eb4cd9a82732916623e9528cf73ef9edb46eb1e342337c", @generic="0167f67362099f0102b1602fb67893a03e2e3622419b63fae0b6dc38d285336f8ad2c82258c7868b60521f907650f4cd52268c785264a05d4dc5d731bc2aa1e14022f27a0f4eba435416c2304bfbd603b8a7b7b9c2d4bbe60e28956de796d45c4300ef2f3d08f19296a251b46ad547b937f7a6909688782107488897b0d2583ffad9f3f281851c515be1706fa300e3b6ce310b65e455783c67cd3463a5060ba1b43541303a448de0e0d3b316f742204b0adad3dde419df5c0009006b87fb0a723809dca1cfd0b1fdd52210d1f86824df99d5221d844b", @generic="d13b3586a2305bb97038068a0120a2973cc8d7818f11ffb517b1e0e1ed04c7d750bb5d8d53452d51b23d13ef038334de381372e63ab0e060c9e176be4b5b115fd88c50f848d8af79555f32c201690c5dc9839173e99dfbbe4e09a82c0d3ce55589b6234af83e662dbf560360ab643174b1de3da43cab8b1e55442c5f36aeb84fcbebf65ca7e2db70525dba779059b908ad858a0f41790d7633c9", @generic="d1b5c16ac264d8f9bc44f533218b022a0c5956e5ca29c84b49d23a5fd7a5022902ac856bb3f1aebd4612837d56c878f308ce5c837f5a75b1c949c2652d157004803dbad21d86b5556eb103280a1d347fe67a847ef96922bfda3324ba9f6de8c96c36cecb46be3f42c703d2a093d649d5e291d7bdb278390b3bb9206d4aa1417c6bed0be57bf5e2006cca75ac6d64260ff119c0962d355294a28e9d08fc02bc1961720f1ee6a151f2b5d85669f9d2", @generic="0c58e283e04083334fe8bbf12f7230f9b6b97c4b4d0b0d005db193fe3a3d1759168e7dbc47896ee291f225fd50f1151a1515b7e55a0a7312adf214c9a736ff38b16ab0fba26ff047200aa6749f55db8a3a6fe5e5570f42b104e03e5521ec89393207e0fa39b5ccc70f6a81ab73efa287591f2e178754692d89f42cd9e7f3bc6d57c3489bfeec84c0feb93b36199d34da16f7f1f167f1490d0c4ab1946a1d619716e00b86885bfc0fa5a9a9b9a1a5aca0eec20d16a93b7affd50d18ac20f2041ac8173f3beabe23f99634de05782cc212495e0c21587e45acf0ee629e84e6ce5d4bc0bffc7237024c76a44889527e056cf122c001b5315d06da98"]}, @nested={0x152, 0x16, 0x0, 0x1, [@generic="79877e1d80ca94de94180a8271deedc020c17c3192d290f38153ccdd1d0db5756273df2741df316649da4a9bcf9b34432f39ec53744af94d2929cc95ba547276d38b87f29111978af600f4ea47a0c17569d836a0bee7e803f3765840ad3e6f53e9e7812f296f8fbbbe044531f333f5cec1850c1f53d4fc0bfd6bbcc300f54bde3859391da275bc23af3ff7a6cf60315117f5aea9f6ede2c37d7b00a86b57844013d69719ef175880a26f5f821840", @typed={0xc, 0x76, 0x0, 0x0, @u64=0x6}, @typed={0x8, 0x2d, 0x0, 0x0, @fd=r3}, @generic="aff56b6f0ddcaaf68493df66ccb148325ca6b0d1e01d6c5fcda485cc9328e26a9fc714fe4c578cc26495bc", @typed={0x8, 0x7, 0x0, 0x0, @ipv4=@remote}, @typed={0x45, 0x7a, 0x0, 0x0, @binary="bb6a2b2bbdcf1ec7a1451f67be54812c2ac99c26289d1e49abd3ab38b048c776a5e5545c1d74da753a82b4fad99253b341d6615cc5dbf91d9028b26c9cf5aa313e"}, @generic="f9fd56b55998dc0cb46c9ef34cdc67c24c"]}, @typed={0x8, 0x91, 0x0, 0x0, @fd=r6}]}, 0x5c4}}, 0x1)

05:40:54 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f", 0x1}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:54 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r3, 0x0, 0x209)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x11, 0x2, 0x0)
bind(r6, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r6, &(0x7f0000000040)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r7}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r9, r8, 0x0, 0x209)
r10 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r11 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r11, r10, 0x0, 0x209)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x8, 0xc, &(0x7f0000000240)=@raw=[@map_val={0x18, 0x6, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x4}, @alu={0x4, 0x0, 0x0, 0x8, 0x0, 0x20, 0x3839e35fa9f5e028}, @map, @alu={0x4, 0x0, 0xd, 0xa, 0x9, 0x0, 0x4}, @jmp={0x5, 0x0, 0x3, 0x6, 0x9, 0xffffffffffffffe0, 0x4}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @jmp={0x5, 0x1, 0xa, 0x6, 0x0, 0x1, 0x2bef58d9e1905cf1}, @generic={0x39, 0x5, 0x0, 0x8, 0x1f}, @alu={0x4, 0x1, 0x8, 0x6, 0x3, 0xffffffffffffffe0, 0x4}, @generic={0x2, 0x9, 0xe, 0x100, 0xcbd}], &(0x7f0000000040)='GPL\x00', 0x1f, 0x1000, &(0x7f00000002c0)=""/4096, 0x40f00, 0x1, [], r7, 0x19, r9, 0x8, &(0x7f0000000180)={0x1, 0x2}, 0x8, 0x10, &(0x7f00000012c0)={0x3, 0xa, 0x7fff, 0x5}, 0x10, 0xffffffffffffffff, r11}, 0x78)
kcmp$KCMP_EPOLL_TFD(r0, 0x0, 0x7, r1, &(0x7f0000001380)={r2, r12, 0x40})
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:54 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000000))

05:40:54 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
r4 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2)
dup3(r4, r3, 0x0)

05:40:54 executing program 3 (fault-call:0 fault-nth:70):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[ 1076.165562] FAULT_INJECTION: forcing a failure.
[ 1076.165562] name failslab, interval 1, probability 0, space 0, times 0
[ 1076.207452] CPU: 1 PID: 23487 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1076.215374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1076.224728] Call Trace:
[ 1076.227341]  dump_stack+0x142/0x197
[ 1076.230985]  should_fail.cold+0x10f/0x159
[ 1076.235144]  should_failslab+0xdb/0x130
[ 1076.239119]  kmem_cache_alloc_trace+0x2e9/0x790
[ 1076.243797]  selinux_parse_opts_str+0x3c1/0xa30
[ 1076.248450]  ? selinux_sb_show_options+0xd50/0xd50
[ 1076.253362]  ? free_pages+0x46/0x50
[ 1076.256980]  ? selinux_sb_copy_data+0x21e/0x390
[ 1076.261629]  security_sb_parse_opts_str+0x75/0xb0
[ 1076.266458]  parse_security_options+0x4e/0xa0
[ 1076.270942]  btrfs_mount+0x2bb/0x2b28
[ 1076.274730]  ? lock_downgrade+0x740/0x740
[ 1076.278858]  ? find_held_lock+0x35/0x130
[ 1076.282901]  ? pcpu_alloc+0x3af/0x1050
[ 1076.286823]  ? btrfs_remount+0x11f0/0x11f0
[ 1076.291043]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1076.296080]  ? __lockdep_init_map+0x10c/0x570
[ 1076.300564]  mount_fs+0x97/0x2a1
[ 1076.303916]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1076.308390]  ? find_held_lock+0x35/0x130
[ 1076.312444]  vfs_kern_mount+0x40/0x60
[ 1076.316224]  btrfs_mount+0x3ce/0x2b28
[ 1076.320015]  ? lock_downgrade+0x740/0x740
[ 1076.324176]  ? find_held_lock+0x35/0x130
[ 1076.328254]  ? pcpu_alloc+0x3af/0x1050
[ 1076.332135]  ? btrfs_remount+0x11f0/0x11f0
[ 1076.336355]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1076.341358]  ? __lockdep_init_map+0x10c/0x570
[ 1076.345843]  ? __lockdep_init_map+0x10c/0x570
[ 1076.350322]  mount_fs+0x97/0x2a1
[ 1076.353674]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1076.358150]  do_mount+0x417/0x27d0
[ 1076.361673]  ? copy_mount_string+0x40/0x40
[ 1076.365888]  ? copy_mount_options+0x18f/0x2f0
[ 1076.370361]  ? __sanitizer_cov_trace_pc+0x2a/0x60
[ 1076.375329]  ? copy_mount_options+0x1fe/0x2f0
[ 1076.379853]  SyS_mount+0xab/0x120
[ 1076.383285]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1076.387154]  do_syscall_64+0x1e8/0x640
[ 1076.391019]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1076.395959]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1076.401126] RIP: 0033:0x45ddea
05:40:54 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x8}, &(0x7f0000000080)=0x8)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:54 executing program 1:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

[ 1076.404328] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1076.412013] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1076.419260] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1076.426508] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1076.433756] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1076.441012] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000046
05:40:54 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$RTC_ALM_READ(r0, 0x80247008, &(0x7f0000000040))
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r1, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r1, 0x3c)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
ioctl$PPPOEIOCDFWD(r3, 0xb101, 0x0)
ptrace$cont(0x9, r1, 0x0, 0x0)

05:40:54 executing program 3 (fault-call:0 fault-nth:71):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:55 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x43, 0x1, 0x1}, 0x10)
dup3(r1, r0, 0x0)

05:40:55 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0106426, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{<r4=>0x0}]})
ioctl$DRM_IOCTL_UNLOCK(r1, 0x4008642b, &(0x7f0000000100)={r4, 0x32})
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:55 executing program 1:
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00')
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c0000002bc24e92cab8cd344475a31c49dc6b1504cea9d367f6801de6f7f637327e3a2d8362791ec564cebe1b43aca0b1f3d67bf89f579d74c2c6befb982793794449771d7a3682b35e961d7a543e28b144a3a6eec2ca273449941d9002c4853059dd29ed3c2e63ae4e791328cdaef6b39d2784805acf076b40259fd76f5fb4bcdcfaaf3591b01dc6de1f0dd41e833942127d4941794cd3d5246d8440bd29ade3c6ac65a9f447ab90d22a7d40160378016ada0598e0002b11c242c475df1f9f296be55427de689cffd9b47717559007b74b274d8307f69dcb9e6ece691c789ea36304580332f768cbd23f5d1e5099daa5a543b74c8e74a68ad70ab1e399c1e5852bd2b8484e92364f890d54c4e1c703157503a9367da766e6566a944a9f00a31dbf2be4806bbf3369eac8693b897d4b2eec1df15bd52de78139428906f1e02a72a14fa6d414852863fea593db53696e5c2903687f8b44c0d25213d097210cdf2c3fec4fbb4f8f7a6f22e77f7a50f9f595b37c48c57e4cd9147b26ee975167e9c0925a00d64283b6a986889750d795124aa9f2ae319f0ed90f63950d2d", @ANYRES16=r2, @ANYBLOB="20002abd7000fedbdf25010000000000000002410000001000137564703a73797a3000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4040045}, 0x20000010)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r3, 0x0)

[ 1076.609460] FAULT_INJECTION: forcing a failure.
[ 1076.609460] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1076.623477] CPU: 0 PID: 23517 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1076.631380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1076.640735] Call Trace:
[ 1076.643335]  dump_stack+0x142/0x197
[ 1076.646985]  should_fail.cold+0x10f/0x159
[ 1076.651149]  ? __might_sleep+0x93/0xb0
[ 1076.655050]  __alloc_pages_nodemask+0x1d6/0x7a0
[ 1076.659728]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1076.664753]  ? lock_downgrade+0x740/0x740
[ 1076.668916]  alloc_pages_current+0xec/0x1e0
[ 1076.673244]  __page_cache_alloc+0x248/0x3e0
[ 1076.677572]  do_read_cache_page+0x6d5/0x1320
[ 1076.681990]  ? blkdev_writepages+0xd0/0xd0
[ 1076.686231]  ? find_get_pages_contig+0xcf0/0xcf0
[ 1076.690998]  ? blkdev_get+0xb0/0x8e0
[ 1076.694709]  ? dput.part.0+0x170/0x750
[ 1076.698601]  ? bd_may_claim+0xd0/0xd0
[ 1076.702404]  ? path_put+0x50/0x70
[ 1076.705865]  ? lookup_bdev.part.0+0xe1/0x160
[ 1076.710275]  read_cache_page_gfp+0x6e/0x90
[ 1076.714567]  btrfs_read_disk_super+0xdd/0x530
[ 1076.719058]  btrfs_scan_one_device+0xc6/0x4e0
[ 1076.723549]  ? device_list_add+0x8d0/0x8d0
[ 1076.727776]  ? __free_pages+0x54/0x90
[ 1076.731567]  ? free_pages+0x46/0x50
[ 1076.735189]  btrfs_mount+0x2e3/0x2b28
[ 1076.738973]  ? lock_downgrade+0x740/0x740
[ 1076.743114]  ? find_held_lock+0x35/0x130
[ 1076.747167]  ? pcpu_alloc+0x3af/0x1050
[ 1076.751042]  ? btrfs_remount+0x11f0/0x11f0
[ 1076.755265]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1076.760269]  ? __lockdep_init_map+0x10c/0x570
[ 1076.764754]  mount_fs+0x97/0x2a1
[ 1076.768108]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1076.772591]  ? find_held_lock+0x35/0x130
[ 1076.776647]  vfs_kern_mount+0x40/0x60
[ 1076.780439]  btrfs_mount+0x3ce/0x2b28
[ 1076.784234]  ? lock_downgrade+0x740/0x740
[ 1076.788381]  ? find_held_lock+0x35/0x130
[ 1076.792438]  ? pcpu_alloc+0x3af/0x1050
[ 1076.796317]  ? btrfs_remount+0x11f0/0x11f0
[ 1076.800555]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1076.805576]  ? __lockdep_init_map+0x10c/0x570
[ 1076.810056]  ? __lockdep_init_map+0x10c/0x570
[ 1076.814550]  mount_fs+0x97/0x2a1
[ 1076.817956]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1076.822447]  do_mount+0x417/0x27d0
[ 1076.825982]  ? copy_mount_options+0x5c/0x2f0
[ 1076.830375]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1076.835376]  ? copy_mount_string+0x40/0x40
[ 1076.839637]  ? copy_mount_options+0x1fe/0x2f0
[ 1076.844126]  SyS_mount+0xab/0x120
[ 1076.847569]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1076.851461]  do_syscall_64+0x1e8/0x640
[ 1076.855344]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1076.860186]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1076.865366] RIP: 0033:0x45ddea
[ 1076.868538] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1076.876227] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1076.883484] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1076.890747] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1076.897998] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1076.905252] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000047
05:40:57 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f", 0x1}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:40:57 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, r0, 0x0, 0x209)
ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000100)=""/67)
r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0x200)
r3 = perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x4, 0x63, 0x7, 0x43, 0x0, 0x1f, 0x10100, 0x8, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xffff, 0x4, @perf_bp={&(0x7f0000000000), 0xa}, 0x4018, 0x7f, 0x6, 0x8, 0x6, 0x10001, 0x5}, 0x0, 0x6, 0xffffffffffffffff, 0x3)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x4000)
ioctl$ASHMEM_SET_NAME(r2, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:57 executing program 3 (fault-call:0 fault-nth:72):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:57 executing program 1:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:40:57 executing program 0:
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
socket$bt_cmtp(0x1f, 0x3, 0x5)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0)
dup3(r2, r0, 0x0)

[ 1079.197332] FAULT_INJECTION: forcing a failure.
[ 1079.197332] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1079.235783] CPU: 0 PID: 23544 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
05:40:57 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x209)
write$P9_RATTACH(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x69, 0x0, {0x4, 0x4}}, 0x14)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x1000008, 0x110, r0, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
r4 = openat(r3, &(0x7f0000000080)='./bus\x00', 0x80, 0x100)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000100)=0x4)
r6 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r7=>0x0}, &(0x7f0000cab000)=0xa)
setreuid(0x0, r7)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in6=@local, 0x4e22, 0x200, 0x4e21, 0x3, 0xa, 0x20, 0xa0, 0x87, r5, r7}, {0x441, 0xf1ef, 0x1000000000, 0x3, 0x1, 0x9, 0x34a7, 0x20}, {0xa65671d, 0x101, 0x9, 0x7}, 0xffffffff, 0x6e6bb9, 0x1, 0x0, 0x0, 0x4298481e8cbdc0b9}, {{@in=@local, 0x4d4, 0xe7}, 0xa, @in=@loopback, 0x3500, 0x0, 0x3, 0x9, 0x5, 0x5, 0x10000}}, 0xe8)
lseek(0xffffffffffffffff, 0x100000000, 0x1)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:40:57 executing program 1:
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-arm64\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r2, 0x0)

[ 1079.243691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1079.253045] Call Trace:
[ 1079.255639]  dump_stack+0x142/0x197
[ 1079.259295]  should_fail.cold+0x10f/0x159
[ 1079.263443]  ? __might_sleep+0x93/0xb0
[ 1079.267344]  __alloc_pages_nodemask+0x1d6/0x7a0
[ 1079.272023]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1079.277034]  ? lock_downgrade+0x740/0x740
[ 1079.281171]  alloc_pages_current+0xec/0x1e0
[ 1079.285481]  __page_cache_alloc+0x248/0x3e0
[ 1079.289795]  do_read_cache_page+0x6d5/0x1320
[ 1079.294197]  ? blkdev_writepages+0xd0/0xd0
[ 1079.298421]  ? find_get_pages_contig+0xcf0/0xcf0
[ 1079.303155]  ? blkdev_get+0xb0/0x8e0
[ 1079.306859]  ? dput.part.0+0x170/0x750
[ 1079.310728]  ? bd_may_claim+0xd0/0xd0
[ 1079.314520]  ? path_put+0x50/0x70
[ 1079.317973]  ? lookup_bdev.part.0+0xe1/0x160
[ 1079.322363]  read_cache_page_gfp+0x6e/0x90
[ 1079.326578]  btrfs_read_disk_super+0xdd/0x530
[ 1079.331051]  btrfs_scan_one_device+0xc6/0x4e0
[ 1079.335569]  ? device_list_add+0x8d0/0x8d0
[ 1079.339784]  ? __free_pages+0x54/0x90
[ 1079.343574]  ? free_pages+0x46/0x50
[ 1079.347190]  btrfs_mount+0x2e3/0x2b28
[ 1079.350971]  ? lock_downgrade+0x740/0x740
[ 1079.355103]  ? find_held_lock+0x35/0x130
[ 1079.359156]  ? pcpu_alloc+0x3af/0x1050
[ 1079.363030]  ? btrfs_remount+0x11f0/0x11f0
[ 1079.367255]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1079.372267]  ? __lockdep_init_map+0x10c/0x570
[ 1079.376761]  mount_fs+0x97/0x2a1
[ 1079.380107]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1079.384590]  ? find_held_lock+0x35/0x130
[ 1079.388642]  vfs_kern_mount+0x40/0x60
[ 1079.392423]  btrfs_mount+0x3ce/0x2b28
[ 1079.396218]  ? lock_downgrade+0x740/0x740
[ 1079.400347]  ? find_held_lock+0x35/0x130
[ 1079.404394]  ? pcpu_alloc+0x3af/0x1050
[ 1079.408283]  ? btrfs_remount+0x11f0/0x11f0
[ 1079.412509]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1079.417515]  ? __lockdep_init_map+0x10c/0x570
[ 1079.421990]  ? __lockdep_init_map+0x10c/0x570
[ 1079.426470]  mount_fs+0x97/0x2a1
[ 1079.429820]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1079.434309]  do_mount+0x417/0x27d0
[ 1079.437838]  ? copy_mount_options+0x5c/0x2f0
[ 1079.442227]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1079.447227]  ? copy_mount_string+0x40/0x40
[ 1079.451480]  ? copy_mount_options+0x1fe/0x2f0
[ 1079.455959]  SyS_mount+0xab/0x120
[ 1079.459407]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1079.463277]  do_syscall_64+0x1e8/0x640
[ 1079.467145]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1079.471971]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1079.477138] RIP: 0033:0x45ddea
[ 1079.480312] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1079.488051] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
05:40:58 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = dup3(r1, r2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r3, 0xc1105518, &(0x7f0000000240)={{0x6, 0x0, 0x2, 0x5, '\x00', 0xfff}, 0x5, 0x20000303, 0x1, 0xffffffffffffffff, 0x8, 0x5, 'syz0\x00', &(0x7f0000000000)=['vboxnet1mime_typeppp1[mime_type\x00', '\x00', ',!system{posix_acl_access/\x00', 'trusted\x00', 'vmnet1\x00', '\x00', 'em0#+\x00', '\xa7vboxnet0$)-\x9e}eth1\x00'], 0x65, [], [0x2, 0x3, 0x5, 0x3]})
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 1079.495316] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1079.502584] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1079.509848] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1079.517104] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000048
05:40:58 executing program 3 (fault-call:0 fault-nth:73):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:40:58 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cachefiles\x00', 0x101480, 0x0)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0)
r3 = getpid()
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x8, 0x7, 0x5e, 0x0, 0x0, 0xfffffffffffffffa, 0x408, 0xa, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0xc30e, 0x0, @perf_bp={&(0x7f0000000000), 0xc}, 0x404, 0xeda, 0x2, 0x9, 0x3, 0x101, 0x3ff}, r3, 0x5, r2, 0x8)
ftruncate(0xffffffffffffffff, 0x0)
r4 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r4, r0, 0x0)

[ 1079.630909] audit: type=1400 audit(2844654058.096:131): avc:  denied  { map } for  pid=23562 comm="syz-executor.2" path="/root/syzkaller-testdir364320971/syzkaller.xvUWlp/786/bus" dev="sda1" ino=16781 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 1079.667163] FAULT_INJECTION: forcing a failure.
[ 1079.667163] name fail_page_alloc, interval 1, probability 0, space 0, times 0
05:40:58 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x80000)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f00000000c0)={<r3=>0x0, 0x8001}, &(0x7f0000000100)=0x8)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000140)={r3, 0x6}, 0x8)
r4 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r4, r5, 0x0)

05:40:58 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/enforce\x00', 0x0, 0x0)
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x20000, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x11, 0x2, 0x0)
ioctl$SOUND_PCM_READ_RATE(0xffffffffffffffff, 0x80045002, &(0x7f00000004c0))
bind(r4, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r4, &(0x7f0000000040)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
recvfrom$packet(r2, &(0x7f00000003c0)=""/201, 0xc9, 0x10062, &(0x7f0000000240)={0x11, 0xd, r5, 0x1, 0xda, 0x6, @random="255618b971e2"}, 0x14)
io_submit(0x0, 0x1, &(0x7f00000001c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x2, 0x7, r0, &(0x7f0000000080)="147653054997b308d0948f14300b47067332d629b68b5a88db9e955a8c877850a1af7941b557279a2fee36703ccea2edb06b26d9c633ff4d019f0c1e788b689d4d20b55c805c5e5fa7052010bf6a4aec75a1b7ba3465b25462b265f7413e59e39089b8147f45c4d7fd4550c8994800589a1796dfd9da2a890379e4f34b1e0bf0ebaac130a09f6e58284b173c5a84fc0106def37a8afe77dd9c45631f3d418760f48a720201baee86637b07df9d1b1ab1ac6986def91ebb927f2007057b27898bbcbb1a1b8e1c22c6c318a6ba9079e753571c7ebb55f31e311ca7f43ad1046706930e85", 0xe3, 0x1f, 0x0, 0x1, r1}])
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1079.678987] CPU: 1 PID: 23572 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1079.686873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1079.696231] Call Trace:
[ 1079.698832]  dump_stack+0x142/0x197
[ 1079.702473]  should_fail.cold+0x10f/0x159
[ 1079.706636]  __alloc_pages_nodemask+0x1d6/0x7a0
[ 1079.711315]  ? fs_reclaim_acquire+0x20/0x20
[ 1079.715644]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1079.720779]  cache_grow_begin+0x80/0x400
[ 1079.724845]  kmem_cache_alloc_trace+0x6b2/0x790
[ 1079.729527]  btrfs_mount+0x1001/0x2b28
[ 1079.733423]  ? lock_downgrade+0x740/0x740
[ 1079.737572]  ? find_held_lock+0x35/0x130
[ 1079.741635]  ? pcpu_alloc+0x3af/0x1050
[ 1079.745536]  ? btrfs_remount+0x11f0/0x11f0
[ 1079.749786]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1079.754820]  ? __lockdep_init_map+0x10c/0x570
[ 1079.759324]  mount_fs+0x97/0x2a1
[ 1079.762697]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1079.767194]  ? find_held_lock+0x35/0x130
[ 1079.771260]  vfs_kern_mount+0x40/0x60
[ 1079.775065]  btrfs_mount+0x3ce/0x2b28
[ 1079.778872]  ? lock_downgrade+0x740/0x740
[ 1079.783021]  ? find_held_lock+0x35/0x130
[ 1079.787088]  ? pcpu_alloc+0x3af/0x1050
[ 1079.790984]  ? btrfs_remount+0x11f0/0x11f0
[ 1079.795229]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1079.800258]  ? __lockdep_init_map+0x10c/0x570
[ 1079.804757]  ? __lockdep_init_map+0x10c/0x570
[ 1079.809362]  mount_fs+0x97/0x2a1
[ 1079.812735]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1079.817237]  do_mount+0x417/0x27d0
[ 1079.820781]  ? copy_mount_options+0x5c/0x2f0
[ 1079.825201]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1079.830222]  ? copy_mount_string+0x40/0x40
[ 1079.834473]  ? copy_mount_options+0x1fe/0x2f0
[ 1079.838971]  SyS_mount+0xab/0x120
[ 1079.842421]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1079.846317]  do_syscall_64+0x1e8/0x640
[ 1079.850285]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1079.855136]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1079.860320] RIP: 0033:0x45ddea
[ 1079.863509] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1079.871222] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1079.878490] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1079.885750] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1079.893116] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1079.900373] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000049
05:41:00 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f", 0x1}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:00 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r3, 0x0, 0x209)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00')
sendmsg$NBD_CMD_STATUS(r6, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x60, r7, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x5}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x1}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0xff}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xfffffffffffff545}]}, 0x60}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r8 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0)
r9 = getpid()
tee(r1, 0xffffffffffffffff, 0xffff, 0xb)
tkill(r9, 0x9)
r10 = syz_open_procfs(r9, &(0x7f0000000100)='comm\x00')
sendmsg$NBD_CMD_STATUS(r4, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x64, r7, 0x8, 0x70bd29, 0x25dfdbfc, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x2}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}, @NBD_ATTR_SOCKETS={0x14, 0x7, 0x0, 0x1, [{0x8, 0x1, r8}, {0x8, 0x1, r10}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x208}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x9}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000040}, 0x2)
dup3(r2, r0, 0x0)

05:41:00 executing program 1:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x406, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r2, 0x0)

05:41:00 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem\x00', 0x40, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:41:00 executing program 3 (fault-call:0 fault-nth:74):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[ 1082.271655] FAULT_INJECTION: forcing a failure.
[ 1082.271655] name failslab, interval 1, probability 0, space 0, times 0
[ 1082.283242] CPU: 0 PID: 23601 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1082.291124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1082.300460] Call Trace:
[ 1082.303037]  dump_stack+0x142/0x197
[ 1082.306663]  should_fail.cold+0x10f/0x159
[ 1082.310809]  should_failslab+0xdb/0x130
[ 1082.314766]  kmem_cache_alloc+0x47/0x780
[ 1082.318810]  radix_tree_node_alloc.constprop.0+0x1c7/0x310
[ 1082.324414]  __radix_tree_create+0x337/0x4d0
[ 1082.328809]  page_cache_tree_insert+0xa7/0x2d0
[ 1082.333378]  ? file_check_and_advance_wb_err+0x380/0x380
[ 1082.338808]  ? debug_smp_processor_id+0x1c/0x20
[ 1082.343477]  __add_to_page_cache_locked+0x2ab/0x8c0
[ 1082.348478]  ? find_lock_entry+0x4b0/0x4b0
[ 1082.352692]  add_to_page_cache_lru+0xf4/0x310
[ 1082.357165]  ? add_to_page_cache_locked+0x40/0x40
[ 1082.361983]  ? __page_cache_alloc+0xdd/0x3e0
[ 1082.366373]  do_read_cache_page+0x6fe/0x1320
[ 1082.370759]  ? blkdev_writepages+0xd0/0xd0
[ 1082.374980]  ? find_get_pages_contig+0xcf0/0xcf0
[ 1082.379745]  ? blkdev_get+0xb0/0x8e0
[ 1082.383437]  ? dput.part.0+0x170/0x750
[ 1082.387305]  ? bd_may_claim+0xd0/0xd0
[ 1082.391089]  ? path_put+0x50/0x70
[ 1082.394523]  ? lookup_bdev.part.0+0xe1/0x160
[ 1082.398912]  read_cache_page_gfp+0x6e/0x90
[ 1082.403127]  btrfs_read_disk_super+0xdd/0x530
[ 1082.407604]  btrfs_scan_one_device+0xc6/0x4e0
[ 1082.412083]  ? device_list_add+0x8d0/0x8d0
[ 1082.416298]  ? __free_pages+0x54/0x90
[ 1082.420076]  ? free_pages+0x46/0x50
[ 1082.423713]  btrfs_mount+0x2e3/0x2b28
[ 1082.427496]  ? lock_downgrade+0x740/0x740
[ 1082.431653]  ? find_held_lock+0x35/0x130
[ 1082.435693]  ? pcpu_alloc+0x3af/0x1050
[ 1082.439564]  ? btrfs_remount+0x11f0/0x11f0
[ 1082.443778]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1082.448775]  ? __lockdep_init_map+0x10c/0x570
[ 1082.453255]  mount_fs+0x97/0x2a1
[ 1082.456601]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1082.461073]  ? find_held_lock+0x35/0x130
[ 1082.465110]  vfs_kern_mount+0x40/0x60
[ 1082.468887]  btrfs_mount+0x3ce/0x2b28
[ 1082.472667]  ? lock_downgrade+0x740/0x740
[ 1082.476796]  ? find_held_lock+0x35/0x130
[ 1082.480835]  ? pcpu_alloc+0x3af/0x1050
[ 1082.484699]  ? btrfs_remount+0x11f0/0x11f0
[ 1082.488913]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1082.493908]  ? __lockdep_init_map+0x10c/0x570
[ 1082.498380]  ? __lockdep_init_map+0x10c/0x570
[ 1082.502869]  mount_fs+0x97/0x2a1
[ 1082.506217]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1082.510693]  do_mount+0x417/0x27d0
[ 1082.514210]  ? copy_mount_options+0x5c/0x2f0
[ 1082.518597]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1082.523589]  ? copy_mount_string+0x40/0x40
[ 1082.527803]  ? copy_mount_options+0x1fe/0x2f0
[ 1082.532279]  SyS_mount+0xab/0x120
[ 1082.535707]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1082.539575]  do_syscall_64+0x1e8/0x640
[ 1082.543436]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1082.548258]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1082.553419] RIP: 0033:0x45ddea
[ 1082.556585] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1082.564269] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
05:41:01 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000300)={0x5, &(0x7f0000000040)=[{}, {}, {}, {}, {<r3=>0x0}]})
ioctl$DRM_IOCTL_DMA(r2, 0xc0406429, &(0x7f0000000440)={r3, 0x1, &(0x7f0000000340)=[0x10000], &(0x7f0000000380)=[0x1cda, 0x2, 0x1, 0x3], 0x1, 0x7, 0x5, &(0x7f00000003c0)=[0xffff, 0x6, 0x6b3, 0xfeb, 0x8000, 0x3, 0x4], &(0x7f0000000400)=[0x9]})
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r5, r4, 0x0, 0x209)
sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r5, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="2c00944e648126e0da2d703f9b20d6bf360000020701040000000000000000050000020c00025069f566960e1843030c00034000000000000000001304a317b22dc91cd7bf1ad1a9de166cd4c6688d48ec"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x48800)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:01 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000000))
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1082.571516] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1082.578760] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1082.586095] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1082.593340] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000004a
05:41:01 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x1)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=<r4=>0x0)
r5 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r6=>0x0}, &(0x7f0000cab000)=0xa)
setreuid(0x0, r6)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f00000000c0)={0x20, 0x1f9, {r4}, {r6}, 0x3, 0x800})

05:41:01 executing program 0:
getresgid(&(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000100))
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:41:01 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:41:01 executing program 1:
ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f00000000c0)={0x7bf, 0x2, 0x4, 0x4, 0x7, {0x0, 0x2710}, {0x2, 0x2, 0x1, 0x1, 0x2, 0x84, "5c388126"}, 0x5, 0x2, @planes=&(0x7f0000000000)={0x1, 0x338, @fd, 0x9}, 0x9, 0x0, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x11, 0x2, 0x0)
bind(r2, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r2, &(0x7f0000000040)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r5, r4, 0x0, 0x209)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x11, 0x6, 0x1, 0x6, 0x0, r0, 0x9, [], r3, r5, 0x5, 0x1}, 0x3c)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
r8 = fcntl$dupfd(r6, 0x0, r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r8, r9, 0x0)

05:41:01 executing program 3 (fault-call:0 fault-nth:75):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[ 1082.838857] FAULT_INJECTION: forcing a failure.
[ 1082.838857] name failslab, interval 1, probability 0, space 0, times 0
[ 1082.850349] CPU: 1 PID: 23635 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1082.858240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1082.867581] Call Trace:
[ 1082.870157]  dump_stack+0x142/0x197
[ 1082.873783]  should_fail.cold+0x10f/0x159
[ 1082.877922]  should_failslab+0xdb/0x130
[ 1082.881880]  kmem_cache_alloc_trace+0x2e9/0x790
[ 1082.886551]  ? __kmalloc_node+0x51/0x80
[ 1082.890508]  btrfs_mount+0x1001/0x2b28
[ 1082.894377]  ? lock_downgrade+0x740/0x740
[ 1082.898509]  ? find_held_lock+0x35/0x130
[ 1082.902557]  ? pcpu_alloc+0x3af/0x1050
[ 1082.906438]  ? btrfs_remount+0x11f0/0x11f0
[ 1082.910655]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1082.915658]  ? __lockdep_init_map+0x10c/0x570
[ 1082.920143]  mount_fs+0x97/0x2a1
[ 1082.923491]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1082.927974]  ? find_held_lock+0x35/0x130
[ 1082.932022]  vfs_kern_mount+0x40/0x60
[ 1082.935827]  btrfs_mount+0x3ce/0x2b28
[ 1082.939612]  ? lock_downgrade+0x740/0x740
[ 1082.943733]  ? find_held_lock+0x35/0x130
[ 1082.947772]  ? pcpu_alloc+0x3af/0x1050
[ 1082.951652]  ? btrfs_remount+0x11f0/0x11f0
[ 1082.955870]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1082.960890]  ? __lockdep_init_map+0x10c/0x570
[ 1082.965362]  ? __lockdep_init_map+0x10c/0x570
[ 1082.969845]  mount_fs+0x97/0x2a1
[ 1082.973201]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1082.977673]  do_mount+0x417/0x27d0
[ 1082.981198]  ? copy_mount_options+0x5c/0x2f0
[ 1082.985587]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1082.990592]  ? copy_mount_string+0x40/0x40
[ 1082.994817]  ? copy_mount_options+0x1fe/0x2f0
[ 1082.999293]  SyS_mount+0xab/0x120
[ 1083.002770]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1083.006792]  do_syscall_64+0x1e8/0x640
[ 1083.010658]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1083.015485]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1083.020654] RIP: 0033:0x45ddea
[ 1083.023822] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1083.031523] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1083.038789] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1083.046055] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1083.053314] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1083.060567] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000004b
05:41:03 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x0, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:03 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6040a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, @perf_bp={&(0x7f00000000c0), 0x2}, 0x4000, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x4, 0xffffffffffffffff, 0x9)
ftruncate(0xffffffffffffffff, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='cpuacct.stat\x00', 0x0, 0x0)
getsockopt$inet6_tcp_buf(r1, 0x6, 0x1f, &(0x7f0000000140)=""/162, &(0x7f0000000200)=0xa2)
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, &(0x7f0000000000)={'ip6erspan0\x00', 0x4})
dup3(r2, r0, 0x0)

05:41:03 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, r0, 0x0, 0x209)
ioctl$RTC_PIE_OFF(r0, 0x7006)
r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x448203, 0x0)
ioctl$ASHMEM_SET_NAME(r3, 0x41007701, &(0x7f0000000080)='self*\x00')
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0)
ioctl$ASHMEM_SET_NAME(r2, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
openat$selinux_context(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/context\x00', 0x2, 0x0)

05:41:03 executing program 3 (fault-call:0 fault-nth:76):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:41:03 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x2)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x204200, 0x0)
dup3(r2, r3, 0x0)

[ 1085.311436] FAULT_INJECTION: forcing a failure.
[ 1085.311436] name failslab, interval 1, probability 0, space 0, times 0
[ 1085.335063] CPU: 0 PID: 23650 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1085.342985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1085.352339] Call Trace:
[ 1085.354936]  dump_stack+0x142/0x197
[ 1085.358572]  should_fail.cold+0x10f/0x159
[ 1085.362712]  should_failslab+0xdb/0x130
[ 1085.366678]  kmem_cache_alloc_node_trace+0x280/0x770
[ 1085.371771]  ? mutex_unlock+0xd/0x10
[ 1085.375468]  ? btrfs_scan_one_device+0xeb/0x4e0
[ 1085.380118]  __kmalloc_node+0x3d/0x80
[ 1085.383909]  kvmalloc_node+0x93/0xe0
[ 1085.387611]  btrfs_mount+0xf88/0x2b28
[ 1085.391399]  ? lock_downgrade+0x740/0x740
[ 1085.395521]  ? find_held_lock+0x35/0x130
[ 1085.399560]  ? pcpu_alloc+0x3af/0x1050
[ 1085.403441]  ? btrfs_remount+0x11f0/0x11f0
[ 1085.407674]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1085.412691]  ? __lockdep_init_map+0x10c/0x570
[ 1085.417183]  mount_fs+0x97/0x2a1
[ 1085.420549]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1085.425021]  ? find_held_lock+0x35/0x130
[ 1085.429065]  vfs_kern_mount+0x40/0x60
[ 1085.432853]  btrfs_mount+0x3ce/0x2b28
[ 1085.436643]  ? lock_downgrade+0x740/0x740
[ 1085.440792]  ? find_held_lock+0x35/0x130
[ 1085.444846]  ? pcpu_alloc+0x3af/0x1050
[ 1085.448717]  ? btrfs_remount+0x11f0/0x11f0
[ 1085.452934]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1085.457948]  ? __lockdep_init_map+0x10c/0x570
[ 1085.462429]  ? __lockdep_init_map+0x10c/0x570
[ 1085.466920]  mount_fs+0x97/0x2a1
[ 1085.470277]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1085.474753]  do_mount+0x417/0x27d0
[ 1085.478290]  ? copy_mount_options+0x5c/0x2f0
[ 1085.482698]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1085.487781]  ? copy_mount_string+0x40/0x40
[ 1085.492027]  ? copy_mount_options+0x1fe/0x2f0
[ 1085.496513]  SyS_mount+0xab/0x120
[ 1085.499953]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1085.503829]  do_syscall_64+0x1e8/0x640
[ 1085.507711]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1085.512622]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1085.517799] RIP: 0033:0x45ddea
[ 1085.520977] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1085.528664] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1085.535914] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1085.543161] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1085.550412] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1085.557665] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000004c
05:41:04 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
prctl$PR_CAP_AMBIENT(0x2f, 0x2, 0x5)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:04 executing program 1:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58)
dup3(r1, r2, 0x0)

05:41:04 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:41:04 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
r1 = dup(r0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r1, 0xc02c564a, &(0x7f0000000140)={0x5, 0x31364d4e, 0x2, @discrete={0x49b0}})
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
sendmsg$NFT_MSG_GETGEN(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x10, 0xa, 0x101, 0x0, 0x0, {0xc, 0x0, 0x5}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4004884)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:41:04 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x0, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:04 executing program 3 (fault-call:0 fault-nth:77):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:41:04 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x0, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:04 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:04 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0)

[ 1085.726645] FAULT_INJECTION: forcing a failure.
[ 1085.726645] name failslab, interval 1, probability 0, space 0, times 0
05:41:04 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/time\x00')
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r3, 0x0, 0x209)
getsockopt$inet6_opts(r4, 0x29, 0x3b, &(0x7f00000000c0)=""/56, &(0x7f0000000100)=0x38)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r5 = fcntl$dupfd(r0, 0x406, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r5, r6, 0x0)

05:41:04 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f00000000c0)={0x15b, 0xb, 0x4, 0x70000, 0x8, {0x0, 0x7530}, {0x2, 0x2, 0x9, 0x0, 0xf8, 0x4, "9dc14662"}, 0x5, 0x2, @userptr=0x1, 0x100, 0x0, r1})
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sysvipc/sem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_NAME(r2, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\xa7\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82<\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3#\x8dn\xce\x10\xfc\x97\x85).\x06\x00\x00\x00\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8\b\x00\x00\x00\xa7\xf7\xafDd\xd8\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0)
openat$cgroup_procs(r3, &(0x7f0000000080)='tasks\x00', 0x2, 0x0)

[ 1085.779294] CPU: 0 PID: 23674 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1085.787215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1085.796566] Call Trace:
[ 1085.799162]  dump_stack+0x142/0x197
[ 1085.802890]  should_fail.cold+0x10f/0x159
[ 1085.807043]  should_failslab+0xdb/0x130
[ 1085.811012]  kmem_cache_alloc+0x2d7/0x780
[ 1085.815149]  ? delete_node+0x1fb/0x690
[ 1085.819027]  ? save_trace+0x290/0x290
[ 1085.822820]  alloc_buffer_head+0x24/0xe0
[ 1085.826873]  alloc_page_buffers+0xb7/0x200
[ 1085.831097]  create_empty_buffers+0x39/0x480
[ 1085.835485]  ? __lock_is_held+0xb6/0x140
[ 1085.839528]  ? check_preemption_disabled+0x3c/0x250
[ 1085.844531]  create_page_buffers+0x153/0x1c0
[ 1085.848935]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 1085.854379]  block_read_full_page+0xcd/0x960
[ 1085.858785]  ? set_init_blocksize+0x210/0x210
[ 1085.863275]  ? __lru_cache_add+0x18a/0x250
[ 1085.867514]  ? __bread_gfp+0x290/0x290
[ 1085.871394]  ? add_to_page_cache_lru+0x159/0x310
[ 1085.876128]  ? add_to_page_cache_locked+0x40/0x40
[ 1085.880952]  blkdev_readpage+0x1d/0x30
[ 1085.884822]  do_read_cache_page+0x721/0x1320
[ 1085.889210]  ? blkdev_writepages+0xd0/0xd0
[ 1085.893427]  ? find_get_pages_contig+0xcf0/0xcf0
[ 1085.898169]  ? blkdev_get+0xb0/0x8e0
[ 1085.901874]  ? dput.part.0+0x170/0x750
[ 1085.905739]  ? bd_may_claim+0xd0/0xd0
[ 1085.909518]  ? path_put+0x50/0x70
[ 1085.912949]  ? lookup_bdev.part.0+0xe1/0x160
[ 1085.917348]  read_cache_page_gfp+0x6e/0x90
[ 1085.921571]  btrfs_read_disk_super+0xdd/0x530
[ 1085.926041]  btrfs_scan_one_device+0xc6/0x4e0
[ 1085.930515]  ? device_list_add+0x8d0/0x8d0
[ 1085.934726]  ? __free_pages+0x54/0x90
[ 1085.938514]  ? free_pages+0x46/0x50
[ 1085.942136]  btrfs_mount+0x2e3/0x2b28
[ 1085.945927]  ? lock_downgrade+0x740/0x740
[ 1085.950056]  ? find_held_lock+0x35/0x130
[ 1085.954108]  ? pcpu_alloc+0x3af/0x1050
[ 1085.957990]  ? btrfs_remount+0x11f0/0x11f0
[ 1085.962242]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1085.967297]  ? __lockdep_init_map+0x10c/0x570
[ 1085.971788]  mount_fs+0x97/0x2a1
[ 1085.975141]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1085.979617]  ? find_held_lock+0x35/0x130
[ 1085.983658]  vfs_kern_mount+0x40/0x60
[ 1085.987451]  btrfs_mount+0x3ce/0x2b28
[ 1085.991238]  ? lock_downgrade+0x740/0x740
[ 1085.995384]  ? find_held_lock+0x35/0x130
[ 1085.999432]  ? pcpu_alloc+0x3af/0x1050
[ 1086.003321]  ? btrfs_remount+0x11f0/0x11f0
[ 1086.007560]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1086.012568]  ? __lockdep_init_map+0x10c/0x570
[ 1086.017054]  ? __lockdep_init_map+0x10c/0x570
[ 1086.021540]  mount_fs+0x97/0x2a1
[ 1086.024890]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1086.029370]  do_mount+0x417/0x27d0
[ 1086.032886]  ? copy_mount_options+0x5c/0x2f0
[ 1086.037285]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1086.042318]  ? copy_mount_string+0x40/0x40
[ 1086.046568]  ? copy_mount_options+0x1fe/0x2f0
[ 1086.051046]  SyS_mount+0xab/0x120
[ 1086.054478]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1086.058353]  do_syscall_64+0x1e8/0x640
[ 1086.062229]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1086.067069]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1086.072341] RIP: 0033:0x45ddea
[ 1086.075520] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1086.083208] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1086.090465] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1086.097726] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1086.104985] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1086.112235] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000004d
05:41:04 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = getpid()
tkill(r1, 0x9)
r2 = syz_open_procfs(r1, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r2, 0x65, 0x4, &(0x7f0000000000), 0x4)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x2000, 0x0)
lsetxattr$security_evm(&(0x7f0000000240)='./bus\x00', &(0x7f0000000480)='security.evm\x00', &(0x7f00000004c0)=@v1={0x2, "d5ceb4890bb8c9d0133c90b6e06a26a6"}, 0x11, 0x0)
r5 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/hash_stats\x00', 0x0, 0x0)
ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f00000003c0)=ANY=[@ANYBLOB="04000000000000000a000000bd820000020000008100000001000000070000000300000000000000000000000000000000000060080000000100000000000000070000000800000016deffff00000000000000000000000004000000020000000200000017c70000346500004b0000000400000000000000000000000200000001040000ffffff7f6300"/152])
write$UHID_INPUT2(r4, &(0x7f0000000140)={0xc, {0xec, "2846a8c8bdd278a3acac0755eb3bf16a2b500b9fa0f6fef824544bcb50561c81a3efbb408aab79077482d4ed08106877ba005d4a1496d6117516dbb435601a659120a5c54c84acd9a153d6bd21b4e5299257590db8f164aed54896f090ae01f18cab15a54ee24cca9addb4b78fe9ba6025e39ffcbeca1470bfbcd32ab87ea7091067916ef0ddf38a784c50bd16ddf6606c33f2365ffa16f04e1ba8afc27c0fe2a9bd1e381dcd13e80146beee9bd08c5839877ba48c9eb270fe7db0dd64970db39e19e02bf3417d20528541e611a047e161eb89d6eac0a40157e75afd5ce6880c0fb4bb4eb0e48bbc40ab6ebb"}}, 0xf2)

05:41:07 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0xfffffffffffeffff, 0x72200)
vmsplice(r0, &(0x7f0000002400)=[{&(0x7f0000000240)="6fe51b6f9c41bcd18edd82a6e0c9c2e4b3dcfe9c9cb9a789e603e8cded1ec997228a50c2485a0652771a1107de3451435bc41b468fa8515663894d92f5ac76d55b462b992101918f1143e5723200bbd06fc8c24e423e81ee28e3d5ce485a38ddbbb4535351b2e5090974ccb637b21154ad96ab84fc9d905d5d6918277996a5ece7721b8b00d1cc2ccef4d3c0c51c1b8bbe797dcd2547ba8ec52358aeefa78be71aecc86abc25b0f6711ef903aa6299bc6ec76b1472965ab171ee56fb91bf07fd03fee404fe418d7d21926554643f470c96a2c89e6d79d5a450f2b4ac1ee643bbafd33aa4f6836ac11f1f88fddba0d2ab302b60ab4d510ebd47", 0xf9}, {&(0x7f0000000340)="de7904e5e62beed4071f288e2aae1bcda3d583555aa037014c74727d33574e07ba3af1e7329726f393a085", 0x2b}, {&(0x7f0000000380)="a3c78dd15ae163abd0a4ded8662e9354116458379a27099b9876811466152db2c3fd7f15e068a1b39dd6956ee43bc453130c1c014883bc2bb3676338f9808f463f7c7a14be3e423330f98a05cef477298f35ad11825cbbb4ea7d665fe089317ea7687d4abbd558f1ab8100828a0df822f1c7dec8eef4df2586e533a04a844c9ec53e3f556437b218a8a342d1b7c9593d1db84d1c640d75dc1cc5af9966fa00c70295fdfc83f56193038219500ffbe58d228c14b3e44aa324828f3b1ae70bcb1a040cfbe49e0fbed963f0995cad4399d991c7d974b1e8086713fcb12e0144b996e1b963a52237a461cd40b9447444f8447550b24b9f2819820f25b101a3b2b9ca1fe211c2b1bdf4d09b20cbf4ac036f8f438b376fedbcc1dacfbcdf09ed23983e6c2b4c237baad0d7e5abb64408c011dab5646e710f4f4ebc233918513f731846faf3d6dee6fc5fbbc74f200bc2e08377142c9b44ace1c892f579549058450f88316d69ff54de21d6fa7a26b8b543127f109c14f420161c848bcc8392129b51de9523c799985dbda173c924b48f7268226d0e98773320ec056cf95528dac03e25f4556b5e7011a32161186340f6c36418ee7b2ba3e86a687c1e0453e67dddf0b94ee8a82f3fa3c321f1a7d6f5a8ad2f24c9f3b387ccb8fc8743201649531e6192dc3b29723020b0747b86920be07333109173796ba325368965cb8147c195d75d99d98ff95736cae2207d9e87a5f4a46d763ec9547e60912f7492a435b5cb23f78c1e2b0a1b1ee721851c0dedc7353cb0694ba4500962d6beabedcbded3326e2da75939f2c76af086be6fae8acf72ca674eb42ec7c6189485ae5befa59c45a2273fa1fef6260f8c9937d451babfec9a20ec89a403265e7aba4d7c8e8ccee2f6d57d8fb2f45cc2cab95b203a68cdd6ef65ebb125101c54897009d7021e351eb9a89fe72257b675531dfff7ff231c51e9cd5ba267eebb2cc58e9fc87743c928420b816cc6e679415c13fe1f87ddf37600e1812db097241ec84a062548217af54bf562094918be7ed1a42a86f2cd12ac5c7f4b2a578e80a6fccc3a2b20f905e03a35a58f6ffd6004b9390b7f1c9142a723faeaad8d7443fb5b4c715c978692700fa879722367643d39f51f0dee51784ea5b4bf6692ddf22386fb1e364b0f3281cb1e69cdf0c788adc3a3fe65313f23cc77e37d59a4d91ae1ec00ab6f70523c883dea495f77e084bbe82fa6794f9ca90cd4e6b27711ecb2e7ea5b5616dd3fdd572a064b39ad20aef736606603c1974cdfbdab3aec01c244aa7eedf373727adbe61de959c1900b0c7c1050c029e2c5feb895cdd53a2cce387f084996548757692cda1a3ac4a1bbcddd02c009c5812d87dca852a89560e7fc95c5e8df81b199794554950549c649f5e2c03c132bd9d793e317b803fa817c38ab843e9e80aecc8d50d250d5b689c89f23c85ee49d6b16bd69f829b1d0335867c881d83e5e65996f336171e293ddcc17071d4cf448514033c295d99c2df9ef2061c57d163556426fdae182efe9d9c3fda2980182b1422b8265915d91e23893ecbe36296e80acf2d4fb2a10bc0c52fc0fe5c30d7d49f61646e1f6b32813b4f64016ea5dc14baf0568cc046104de812c0b9a096f786404a57419079451f08ab68284b5e14d31e295caba0c640473dec92c34313d5da1fd41eda64d6b9e87885623a002beacb0cf7f0aa1e0d56ed33152dec5183f1de80e4744044cc6a4dfc8c81a47984f3c97514f0f7db225e25a8abda9c74f21091aea7f6f69aa40472a5ae39d7e53c91415490ef54c8bb6a0255237f28cc884359ea4cb1e771d2df33ca444f465b267265ce1353fff747a9678b7ac99c4dc80f7c53c58107014e29e922a02ebe05124723c69cc357fb7f7e2e645b86df205f004080369eecc592cac4777596afa6ed22ca2aa470bbd9b37ec01e09998a5f842a88b12ef9af8f514be4a8196f76a32346a15cf8987568a70264b7b19337a0c0a6bb09c27540d80c4c797bb7450919528a6c37336264038716142b712644628b4477e700561419d8abda94cf8aa1934dcaccef33ac92a9097ca15670d110cd0a838fc4c788cdf87924c80bfe33ac8216e56fb28ec9e6e0b980051ff76c050a7fe53fe2e9d2fcc29ec11e31cce6828b442947b94c5658c520401d7366760aecf14f2f6da48c78b1960f1cdf48ab7fad55fd8bdf60ef8f89258f195f87122f725bb2ca7896911e7521c0ff660b4425fadbb02a95fb69e65061a2c65db1fe5ab1d644f4b13fdaf4c37baf263637e63f230a470b3d591bac01c2fe33510177d3258536f98b968b104e74d08205948621a7d37a00d248222fb69d7a79c16989d15b7267dbc55034b1c30279d1f3b9c7af9f82240c2f20c01359070ada05ab916e89218d9e9eef69bb89dc95499d6a4d19b6f9634f47144018b525a9710a55bdd6d26b225a3e43a1cc0deb9ab7f0ca823fc6a91f3e701b54591408c70ceacca7d433899d25aa09c06a6025c898a0882fb7532f52f3593f9573c312d60f0ad4902996511e492bc816cb3f8f08b892e5a08626c7cc4c276e5e9a7608834221fd34fcf39f348e6043a1244bf3637ba5e12b9bb4762527df799e7c40d347799b4097b9280b6d6ec29cf1f49a54d458649799e3874317a985a094a3b02d8e0449b550b2c766643157ff308d8ed106b887a057c2f997faf50cdf967267e7dc5bfccf20c3e9a75fcdd6635f237de086ad19e0179ee392962e6888a820313120de3d7a98e80e9fc2a432be0d85b623cb825f9c5b485bbbfba8431fab337ef8aca34336e49cadd182146e40b3df69f11a418a69dc60fa290c7f52d6b91a6300405269840222f06d641900f55c2c65507232c42fc5b136cdf5c4691c6dd3e17649f409d6cc923297973a03bf43af5c6eed7ace85762377512dfd7cd86acfc4bc306f3974067d80aa578113a02c4703aad09f4055a9b703e90ee70d2a3a91ddcbf8837301e6361b99a60811a266610b11e1894671c3130d514316bb28e5c724da6247beda9276e4c672855e02294649bf3a5d5ce524fe08c4f23392477eb9a30dfa564f99dfca2eac52639badfe0b9438e7426730f51bafa9c1f5c93049af8510b6e46f183ac965388d4a4e337d7babe057671623b9bbf245ab0ffd4e6a1f58a4572c93c76f70cd82b5874ece2ff9b84f8aa247c9588c7017e2546c80707a6ce46adbab143b27e36204c1cf87987c1cdce2440c212391a514698339d118b533602a77ee558e5ee2b45c84b3d2d7f7a076bfd75e46e0839b95e6ee5e53c808d4f5dff7c08c6c588e99bb6c412e9468ab6f642139cba3cd169fe8d79c6809304fcaa7bb5be839ed30a11eb8e0dd949ab7a654990ba2b939656e9cff47a7262973e110fc5dd6ab69642b9a7eeed1e425463d93053d6f50b94ea11299e3bcac9f5ecd015c5a81e2289d4d436287436bbaad068990376b35843043d431ed2a1a3edeeba27292fefa1d270d089482bb34e3f459691b7c090bc21c8ce21cf802e72da929f4911c76d681226686f2ff3ddbe8e05f6cdecceb8a5918c887c256d54087e194ab7771688d3233dfe5b8c7cbb3ee6af39184cbc2a32eba79906d5a77a7c9bd3dbb2fbe9519222177c8ac414766ced8fef28a04399dea0aee6caf946f1646f05d29f31e32e39e551dba552f122331f9ef376a51aced66819b191e32fa38f778fbc1cda53beea43a7ab8f9dce8946e80b20d7beb21a960ab366587c55ea17600f1aa6e6fd834ebd10ca890ae8b567298615bdf71d3fa22ca922917474991b8d176acdc7933dce163a622364a0ff3a04a3f5c41b1f448f601ac24409cb1d54986a599fc921da1411de65bf5e4439b1550c074f8f45601f76e6a23c3bd788259be66a127f60e8fe0988f02401f214920ecd38741863164ef46249a193a6de77ee6daa5ac789ca5a9056b3c136044e0e4c0c8d702b876842cdc05c5bef9116b390f11d7f0ad069c185741d0fea0c7e343ba14a4d14378510b77cc77c5faab56bf73302b864173aa6b7cb065ab7db468ce967b0f61bc66cf63a6377226e59f9c801664bae27e9cc4c0c8966cd895cb7645d46b3fcdfed8cd93c8a40df2cae5adc7debb39ebc179709c1507bb295aad4651fcb0d8f8b5505bc081b7eaf6e466942b7878591c5bee3c88bc75fe6a35dbb24d2835a7d6982cf0f3715c7dbe9e4340437ae1fab839ebd189972055052e214c9cffeb3e95af5b5716bfbad5939d0a7d0ef661bcc2cfafcf761308e90295a19dc887516bde8756b7ce91bb18e5fcbbb0a7fdfe3fd1d3786a022c8987215ca6289485606aed17be10e5fcd9ad194d7a83cfc0734b69f1b283ab39e49a587a2df55f92783d43f9a8c8a895495ed90197f59c7daeb5b14819f98361fecf66f3c684371ee00ee871cbdcb323f472cc80be4c4a5331f270da4998f3439be039e2998df783b7e976b511bb8f4a5903b7504d9523839f8aee63080aff0b91404f3a21b476c6d1353e256f537b8a81a74f9860e436af16b3e73ba8eea0ee4c0d0a1907a88e1aafd2aab94944ce23d58421647ed32b38ea035d0286c12b7e3a464aa732b1c0f5786dd5d9e35c8cb00cb82a53cf974d8e9a59ae7de4372813584b742ef38d157042413ea6c9c28a084c10204c375a7f4f242de50264382b74b3e162f5f06bfad75a3ff1d62c7e7bae40da13d331ffbf3a1f6d0cfac8ff3ecc58cf815cd88fe480356c4fc003b9f2155da847c0fc77b3b63390334279996127a7896dfa5ab8e26ff4f03bf2bd093fa80c1809d4eb357b11c49c87852774d22e5017d31161a30d033a34bae76e766509194ae95b5dc28d195ba8968d413a12c11b57a48f43914f382860ce66c41372cb83573afa90e137a6e25776b1cfdac03bf03d1503f12f7aa1ae88705e0b1c94e86072e2a9a597cef2c59241478e0a1d5480be29fcdab4b78668a7f225d02a99cf7c2d113044fa808c2f643f4f4a8f71846b3602c7aa11840e67930efec9b4c8effe5f3feab32ef58dc96ead2ce3428ef006a6560bfe7472b4e6fac6020357b977f2728fa63633e6ecc20279ddb7a6059c0355f8451fceef9a78b51c5851dfbee9a1ec6c8bd9e786564d083bef9f89dd0b0e504de96ec50f052212278a0a482b1c408d8629baf2a6d0afc6d3b45cbf25b93f2d64b00d8fcaeb8ca1b435a60d61bbcb69555da53173805ea4366d7b19b0499361b50740bd64f556afa23f45f9df5c1fe4594c84d00eedede9b8e8504775619aea4b018ed7f017b5cac9428e830ec4beccbdd3403b82bc942f62c9e6fe5030c8aa658c279d1b76ec4c4762f31d446658480e77820e484711571afa20df262b1fcb6732e4cbc151c16d899ea2c609f32bbace63bbd0c0aac25eceb7ed7a9314ed086837834139a5507427e671b1665484280ac4ef29ad5cb8340d4cd32ec5e3be4d29b26807296f5aa7dc5d2a346612542db9b7dc6d5d89f41722f09f79e31735161b6018ef57d8978bbef5b21992192b2eac7543ee04233307148bc225ccdefdb3837695b5d9f110a1acf022d86d76934300a6afbcc9ea4889ac7d34d4d9ba8b5cc63ded89b1b8ec9e744a177d3f0df1eb32a18f0473989589e21bc8a72176e58deea3f5674003ee29dc65f19fff818994cf3646f9e9b4b43d5fe0c760b15edc91de2f765d4eccf15f16c1305bf7697bb1f5b34eb4b6771f72c998ad15de6fce0cc74208d14660b7efbddf0da3aab9725ab5f8241c62a3b9482f597962f20a2040becf9336827f3332acc9c48252f387dfb21ddf42440f37a", 0x1000}, {&(0x7f0000001380)="08f15f702be24e58996b01604aa59ed776cfe4200cf7d7ebce88358c389e726dc9bb8d14856f553d9607bb51cf315fca55869e1766500de8f0e6d214744a8a248311998bf713aaaf9c692eb2df91917e37b9dbf518d59b9aa7c92abf39a8f5", 0x5f}, {&(0x7f0000001400)="460cc8b8820659f57329f54d1fe4cf3ce7ba6f7e8a01563d00ec1287e03c3e4883d6e3fd491768e1995aacd13fc63f3c372046bb799a69c47ffdab1ee391527592ebefe44ccb601d576666872f5fe392c8cc831ef7350e9dd9d6127bc91daf0959acb20b94660b3aa0d16b1b21f827c71fe5427494c2217cf345a60d81e2683153593cd5c34c01434287e828aadec7837b0c6ee140f0b25e3269e95fc93c814b32b9ded5bd9bafab9204b8f14bec344f57e3f1125b6e3d1edc16d1fa48accad980e1d6802623a7e4a54c65d2899ece69ed48c16caa1249a0b3e13dbbb0367387d56f9eeac942fc8a3cd956f2b1a53ae95adc0ca4619d497134b2f2b45ec46b95f5bfc7b4fc1c0d3dbfd43dff7a9890c4ab89e7643649db3194b59c2457178300af391c267f18f7d3c778a701e301d560da36c0aa5188f7aa14caccf58d61220d2c12597d24d4f809d689177b21101829dec71bf94f4797ffc2df002d5b7dad7e3b7d99e7fccfd1292ca2be561d41f09fe97760dd2384ae44c4f9708dd8ac6a3f3578c32cb4eb3621bad6e26d6c9be16049eca6303933eb9d8e855ce73521e9dd70442950d9a5c49e2d475b5573cefcf8e3edd93a0aa8e6161d8931527b1d4a1a4b37b06632e883a32a5b12afea22e67571a68d360268ead22039ce5b691fceee0bf153ae66de7b7093e70c0a57f95ca3bf526abfc8bd663c7eb7f51252b9969a5a85be5afcfa084bd27e58918bd5944fb602b79ea0cba543caf773b06d44531dd931f93da1cc50978364e7fbefad9e2117168a290e6fffc9e83bc2322566136febd1496b59edf1265cf45c5e73c51bfe0244e8f418cc9e22c90f310cc584975f36a6809dffa83c0b28b72d20122ab99539abfb23e9520cd1163e2a9f935c897376cc74aaf48c65479f70caaf5417e8a1607c333cc71db0b51f66f5c6ffbe10744c38d0f2fb9a504203f50d8c4718b4b1a9f4622086e8439e753fc2257322d855a596f96da115e387e788a4534aa3e46aff8dac4528546476e9d0689392535339ceae7b508304ab2c590962793930a349fb79d3939e193cadda7d47d546d9458e5d9e28285a7769f84037a841fe8609ee7d4b9719c93919e561a479a03d55af14318c82ddc247af4a8f30c9fd4f3bae41669b9ea450ea6d0478c11f973162347391b501536b0afa3ca33e2e74d860506d4bf775aa08a35f25d84fa9bb22de5a10becaf8e41125095df7060eaca5564943e91e0ab6e7dadad1c0c4dc8438952a69ce55d17a3ce026d34abd400da069bc63a93776c632ec377a126c655811772414b3b9fa5810bf27863f36e116d617e8ee3b67311f399399122204226809f497ef2f43dc5ef0571270413496df6664c2c1cd05741df14f5aa88057167dffb5e21ae2c3ba61305f761f4dcb3ed52e73b49d2574deb5846ea23ab2b5f1979b220d148e24caac3963b769f436d3baa343d2287c37d932d1408d86827289235e49a154252db1ca024cdd4340735363c323ca20bbbec28545ad19d0835e8b321d1d2ab933b9490482cb5b01eb84cb77918d06f3c5fc75c910d24678f39850802e6ffbaaf20a5272a511ee31a431e03591b62e1012756998afb668d4546bb77bf1f8742374e25bac8337715d35a7bfcb31d6b74280597fe0ea3caa0e0f0df06674b4d8a835f3a2d0b32312946e6ecad91d2c7527599cae1324aee1f0957043a69b6e761e95bb0530c8769ec2ca50253592c389d09b2a67c5b1fd2928af6bd32a3cf0d7398d41af69a95797fa184a076a94e857439715ff817fe114958542923d933fe800d5f667d950d4b1a52fc04238af4fd4b708f04550957d012da9b65b46dd7b9877bf75a47a48b5c7750e27c5d4c742b3a1e2d273d91f66c3c614a907e5b7175c99ce360f468af1d973d9e5d7c462c0672533074de81dbe78367e32591250d61c6492ee25cf407aca87af9bd94f06375d78f58a241bacbef650d51dd11e8b40cb5f9d95522be05e00f8041d6806b79f3adabe1387ab97f13cea1e553ff12e664a49f881acebebe5784d4d3d81c8c6c42124a0ab9eab731348ebe31829edb7783d33f15280bf382d0cd9f6a41ce8fde4b1603ca072ec0ba2485f87a6d45ecabd2d58266ca5a3a6d8d074e6ef797493f85381700407e155e0d1aa667ea318e1b9fd0bfc916d0f40a66754cc665868547b2e23680616a16deae7d4aa52284b2d463f03fae44f35a8a7ee42624096c1aaa03c657c339296caa25d48cd25a4c58aaa5c95649d33a43995861092527e36596bb4820eacec93b52c2b8c29cb7c73e770d4f54afdb3874bd5286c6c51edfd5522ff989b6b20f610cd004dfa39bf3798a88c83a6a75526678a0237c3298195415660871e601b98d8fa2f84568f508524e2586d9408170976f2f2276eeaccd07e35590f456d4bbdbd325d6be59ebdb037c16f142ff21d43bc6244ed1cc44dbaa4e68950a95aeb2f76a1016044ae200de171082642974cf6247d007e064672063582ffaeb1a64c90df50e7e081d655ee286ca0897412d4bb04687540183157c04557e056a7aba492be2296fdc40f0df4d7cb99c4df6d37df180bacb124d087bb0fb717da2e61aa0132d2cf9dae356ad3b182d9caa72c9c3ced619d7693d48f38ade1edf4ab631eb2854d2a0c53248f1175416c8a7876863c6767d25b4c6b032bc2bb27dde68f4e49054c03d223c798cb78ed9abe0d40e669acd8430f74c00d867a4c496e551a81748d2b5116e0cb0e38ad9eef2fbd2da6a689b26d09692e53b3458c078c74e1f035c8ee29705ac8fc1da69b9aecfd6a3d8b3788ba0d07bfeec4e7943a659e530dca02b2b21a0aeee2d8fb704626e6fc86cb8e769a067eadb4d8ad1b4bc739ca43e3e760671fd34538a16c7fcbf8305e923775589d351d039e1cb34990403413be48ce4d545858421e0f39828bd1a8276addbfcafb8da2e1f80ad8882cd664525a4281606a3358f92e52783d0f3e47d30550da0346b58d27a9fecb050449ceaf0ef11dbe0b03f536ec71f1abedea8519735f58eda1f772ac8de48da465d4908f17f3264f3b7dae75b7317202bf22c235c5f6f0f38e6512ba89426cb55317f1a0d6b00b0920103419859730d7e1ad0c89beba0a133ce3685f0168a46120fedcaac05bd3b53f96d4e6a13a231982528928693b0af15b95c248c55140a63335571e614d5937d5b446c7f6876c7317e10cf479755405ea76438c84242e5bf7648702945ec6bdfaf195ce32d8ba0688dfcf51d3b9d6d988d60aa016b6d6c68f11657b1b4f6ad3c382d4dbb3d6de225ebf3252567aab133a711da5fdc2f6c2d2352c9357e07fc12b403bc2efd97be1af6f6eb1487fbf82de717acbff64d578ebc1e49364e5a0c1e3c88be215d26a6c8f795ca36a135a92ff24344df731c9d20195952aab3181efea660680a064b027684442c86e2fffd3005f4d3530c6e889dded846c37f7c9bf903d9b7d8d3bc54680fb438eddc312a980b3e4c45133791ecb8d102a3c4308351f8f08f87077a910eb987462e628c2a6118b02d81264f64bf768e1d7716e880ec37f5c5a143e3fda6441763d870d259c474a74544e70d3b5e26dfb8e6906a0a51bcb4152c531c21e8bb4912da81e1134c7641fe9817864c292fdc1c0869ca8ff4ae39e06bdbd5171b28d7ca30652d824e0cb42c29f9b6a1987fc13401c592d5d2d4560007ef8323ce9b831b25fe55719c7a9edef9a9cf4c7a8e939b1942fe027a2b2b7b26c6ce4a0701b2076cbd93d3df701cc2affc81cfbadc38c1bec3960aeeb5767535c30b455a3aabd00086bfc7d7c8d47fe8b79eddcfdcc969c0af08f6a0759597c88a803f8c724c18abc11fb0f741d64457b5941c98f4faa5180fb821dac75ead13643df670850a6838a9530aa2c923b95dcfe1c0ee47c288b560d77fe23bf01b9098467b56eb99ea6ce61611773d639e59d81f493f256e24ced931746ac7b63faeb7f48b563eef7ba497319dc89842a43ba6993e21d675f52897bd350cb9b4bc123a592e6141b262afb918e03940d2c6458fe6385a60aacddf0608aaed82793384a0c0f82fb94f18cb5715e17d471d2e424ac5429a170bac61126a3520a5d7820c855a27da7773a0d6a6b0868fdac52cd69433373b2d6963bc635ac01c0cbdc8001ddeb7abbe016e395974d9b1f08fd641553f3868acf3e14e1872c27beb74f36d7065a9c4b6b7dde1cca726edb812459e15d21eebaacb8256f5dd3dfd800007a17e6c5d042ecf21565da8d8142e1c2e102ff16e0fc9e7b52b50b841b103212dbfa8d268453264496bb56e1785e71f5317ff10e44a3f225d59e9721f2540f54c72162c7748e36e5bf10003c97f99040b52e659d1342731934fd51a8386c927c9bbb64797e7b91ca467a4c21e4dccd735d261af1894ff5f39798849f5283f16741a298d9c8c61d4834ea16fcd1f94d7be1a91dc2f2f0f6235a9256177ae216c49716e6cbdfde329e63e4225a6ab72a46fa982d17347a6837c0a9136a534c9bb2108abbb4e6012e799d8e9f5a8dcc028e7b1b6cf67377ce20333cc2f57ae180097b5c4890dc3fbb829ef939a1f4d1aba7ead3ccce0286841d120dfcf21420923491c5c5fe910ada2383feac9bcae0a42bff4333e17294ce07de4ec58979d9a9341f12b655b98bb99e83bdb28901a858319d54e7692451eac34f864ac0e8d1b7ed7dda83ead668647ce2e69aa79610b954d020622b57c3388865ba931de90ce36276f90dcca664e9f7a3c92efbd5cba7275999d7735efba31d2153f24a45a3de867de28dcf5f42ed9cc1f9f99b1328bcd704c2962bcb1fa96936c7015da94d5c476761f1d325e1e7b06cceac32a1fe0d597e00a9c9e8473e8527dfb873250502ec6aa02a142b50a09333513817ff6079000b0eed405bf1ad0b6afd184d32b4603bd8882aeef208685ad6a49bdac9ecb3642d28b072314cfa8193c49d8bab5149cc70407549757ac091877d1665efc073609ed4f939b068a115eab9abad5b96bc242cdd2eae9d52aab29d769b61a982d60d4a72053ddf89c9ce800beada47b8f88f09a4af84b590cfc8e01af9b99c6af510cfdbfb72a483208aec40ba797f9610336cb6e6326e44b54eed40481460cacfc564760feec944df3cadaf4e490c08dd8322e6c05bc7853f3ad877356aa8b6990f066ef1d2725268c33b591aecf0227d84f867890ab901046979360499563a8d1275cdff051699fa1baebe76e49e337ba814e37a2845791184ff74019c50f3795f128491b4632143382bb8f18a9af0c7baa2a3e8b6077839e2f681faea467f3042e5f64a1ddee82bc3ed2cbc16bddfb04a7a14f3905164ea5d66b61e0742d69844649d57aac4deb2813b9ae86ab18b7383ea5989e03bdfe23ea48913387a5e24384098d4a2256b73deef5f6b1642298b526a9203e17d9b0c67c8b9acdfabf360e262d573b10b39ade1d6dc0c0dd92e9f86d694d98d7c7ea6a48998db845a24c21076a09859c63d4b949db2c9c1ee09ffefd71bcbc97983e363f960394ff165397bd80a50e4adb1498fc023371e3b5fa416ea8958c73ad7cf4ba9d600b0fca9764da45a92e0cef28969230c54eea53a9c030b8399a669ff919ee5dcb94cb0465bd442ec57d923e89733d7f1bf46402e79f642a053f0f751be0532255304b356c7cc7c39cfb3d5b1e26faaf7dea337a3c797a3d7c970fec6999891995f5d14ca392f4b23dddbd78fe9123d1e2a440d45c202e48fb283fa6471e6d373b1e7ca2a8b7f92d89ae5d1e9ea4d3cbcd746edda9afdc06b87c6aa8ec6", 0x1000}], 0x5, 0x0)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r1, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
tkill(r1, 0x3c)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
r2 = getpid()
tkill(r2, 0x9)
ptrace$setregs(0xd, r2, 0x6, &(0x7f0000000000)="45a37e7c70f2678fbe6c9343180c2c449a0aff")
ptrace$cont(0x9, r1, 0x0, 0x0)

05:41:07 executing program 3 (fault-call:0 fault-nth:78):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:41:07 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
dup(r3)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:41:07 executing program 0:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000380), 0x2)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$LOOP_CLR_FD(r2, 0x4c01)
r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r5, r4, 0x0, 0x209)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r4, 0x84, 0x78, &(0x7f00000004c0), 0x4)
ftruncate(0xffffffffffffffff, 0x0)
r6 = memfd_create(&(0x7f00000003c0)='\x00', 0x0)
r7 = dup3(r6, r3, 0x0)
write$UHID_DESTROY(r7, &(0x7f00000001c0), 0x4)
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r9, r8, 0x0, 0x209)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r8, 0x894b, &(0x7f0000000300))
r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0)
r11 = socket$alg(0x26, 0x5, 0x0)
r12 = open(&(0x7f0000000240)='./file0\x00', 0x10000, 0x85)
ioctl$EVIOCGABS2F(r12, 0x8018456f, &(0x7f0000000280)=""/97)
bind$alg(r11, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
r13 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r13, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r13, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
syncfs(r13)
setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
sendfile(r11, r7, &(0x7f0000000200)=0x7ff, 0x6eb0687d)
write$ppp(r10, &(0x7f00000000c0)="04036d555ca5ba66b94cf82822d924983ab69d48af4c726ef4ddccc0fb54f9f8d11a5a13010e4228c36badad15b408fd0f11aa3df843c870b463ad34de0d4dc9861aa8636852d6d38bddc298bcc6a69d7c970dbaed362d1fb1ea16bce8a386c587b03c20eb81fd032498b50b4e62cbc75465a3292b90ec2d29b4a152d202f9fea597114c3939bbe4deb8d541e501473c81b2b375e0bef898065ac5f3c785dff65536becb37b7d278203f2504915008961cb0637b63ab5d8708c6bef1afb1453fd542da288bcc65359825eea83f217e2ecc8a1bf87407dc3efcd46c91fb45afeaa8332c3d", 0xe4)

05:41:07 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x56e80, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
socket$bt_bnep(0x1f, 0x3, 0x4)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r9 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r10 = open(&(0x7f0000002000)='./bus\x00', 0x341842, 0x0)
sendfile(r10, r9, 0x0, 0x209)
ioctl$GIO_FONT(r9, 0x4b60, &(0x7f0000000240)=""/150)
ioctl$VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000000140)={0x7fff, 0xc, 0x4, 0x4000000, 0x20, {0x0, 0x7530}, {0x1, 0x8, 0xd, 0x8, 0xbd, 0x0, "bd92b6d8"}, 0x9, 0x4, @planes=&(0x7f0000000080)={0x7, 0x1, @fd, 0x2}, 0x5, 0x0, <r11=>r8})
r12 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r12, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r12, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
fcntl$getownex(r12, 0x10, &(0x7f0000000300)={0x0, <r13=>0x0})
r14 = syz_open_procfs(r13, &(0x7f0000000380)='net/route\x00')
r15 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r15, r14, 0x0, 0x209)
setsockopt$inet_mtu(r14, 0x0, 0xa, &(0x7f00000000c0)=0x3, 0x4)
sendfile(r1, r11, 0x0, 0x8)
ioctl$RNDGETENTCNT(r1, 0x80045200, &(0x7f0000000000))
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
ioctl$TUNGETDEVNETNS(r9, 0x54e3, 0x0)
r16 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r17 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r17, r16, 0x0, 0x209)
ioctl$VIDIOC_S_STD(r16, 0x40085618, &(0x7f00000001c0)=0x10000)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r18 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r19 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r19, r18, 0x0, 0x209)
ioctl$ASHMEM_SET_NAME(r19, 0x40087708, &(0x7f00000003c0)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x87\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea\x13\xba\x8f\xcf;2;<\x80\xa1\x16\xc8\xb6\xddu[\xbe\xe9\xad\xbf\xcd\xaa1$ti\xf5\x194\xce\x99\x06\xa9\x97\xdeA\x8b\xca\x92\tn\xfe\xea\xbf\x18\v\xaf\x02ySl@\xf4?%.\xab\xc4N\x1d\x0f,3\xde\x13]\r\xf0\xeau\x19\x8eP\x8d\xba9\xed\b\xe6\x96zhD\xf9\xf80CI\xc7\xd6\xe9\x82\xa5p\xda\x98<\x14\xa2\xf3\xce\xd8\x8d\xb3\x9fp\x1c3\x01\x83s\x12\xe7\xff\x18k\x85\xf0\xab.\xc1IU\xac\xde\xac\xbc\xde\x0f\x1d\xc8\x8fC\xe6\xce8\xf9g\x1f\xb5\xc0\xbe`\t\xbf\xd7+/u\xd5\xb4\x13\x8c\xa9\xd4\x0e\x9b\xfb\xe0}\xc2$\xa2\xcbX\xda\x1fP\x83\xe8eK\xf6\x00\x00\x00\x00\x00\x00\x00\x01\xb7U\x15\xa9\xc9\x94f\x92\xeb\xe3\x92a\xccL\xd9eQ\xc2\x04\xa2\nO]q\fC\xc5\xaa4\x1b\x1c\"\f\x18\xaceZ\fn27k\xba\x9c\xae\x00\x90\x82\xc5\xf6C\x8f\x8c\xcb\xdd\xf5\xcfG\xd1{`U\x06(\x88\x16\xbc\xfcs.\xcc\xd2b\x84\x96\xda\xbbk\x80@D(\x9d\x87\x89\x88\xf4s\x19\xbeCT\xa2\x82\x84\xea\xf0\xa6\x15\x9d6h\xf9^>\xc1\x15=d\\a\xcb\xd3\x1a\xa2\xba\x1c\x04\xdb\xe4\xd6\aE\x97\x15\xee\xb1\x9c\xd8\xad\x80(\xa4|\xf5\xad\xba\xc7\xb6dS\x01\xbc\x90:\xf2\xd5\x9c=\x81\x19\xb1\x9d\v\xe2R-\xd7\x82\x93\xad\xf0')

[ 1088.777271] FAULT_INJECTION: forcing a failure.
[ 1088.777271] name failslab, interval 1, probability 0, space 0, times 0
[ 1088.788489] CPU: 0 PID: 23720 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1088.796349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1088.805680] Call Trace:
[ 1088.808250]  dump_stack+0x142/0x197
[ 1088.811855]  should_fail.cold+0x10f/0x159
[ 1088.815980]  should_failslab+0xdb/0x130
[ 1088.819930]  kmem_cache_alloc+0x47/0x780
[ 1088.823973]  radix_tree_node_alloc.constprop.0+0x1c7/0x310
[ 1088.829571]  __radix_tree_create+0x337/0x4d0
[ 1088.833959]  page_cache_tree_insert+0xa7/0x2d0
[ 1088.838514]  ? file_check_and_advance_wb_err+0x380/0x380
[ 1088.843957]  ? debug_smp_processor_id+0x1c/0x20
[ 1088.848602]  __add_to_page_cache_locked+0x2ab/0x8c0
[ 1088.853641]  ? find_lock_entry+0x4b0/0x4b0
[ 1088.857853]  add_to_page_cache_lru+0xf4/0x310
[ 1088.862320]  ? add_to_page_cache_locked+0x40/0x40
[ 1088.867163]  ? __page_cache_alloc+0xdd/0x3e0
[ 1088.871548]  pagecache_get_page+0x1f5/0x9e0
[ 1088.875866]  __getblk_gfp+0x23d/0x7b0
[ 1088.879642]  ? lru_add_drain_all+0x18/0x20
[ 1088.883992]  __bread_gfp+0x2e/0x290
[ 1088.887671]  btrfs_read_dev_one_super+0x9f/0x270
[ 1088.892405]  btrfs_read_dev_super+0x5d/0xb0
[ 1088.896705]  ? btrfs_read_dev_one_super+0x270/0x270
[ 1088.901699]  btrfs_get_bdev_and_sb+0xdc/0x2e0
[ 1088.906172]  __btrfs_open_devices+0x194/0xab0
[ 1088.910661]  ? check_preemption_disabled+0x3c/0x250
[ 1088.915655]  ? find_device+0x100/0x100
[ 1088.919517]  ? btrfs_mount+0x1069/0x2b28
[ 1088.923549]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1088.928543]  btrfs_open_devices+0xa4/0xb0
[ 1088.932669]  btrfs_mount+0x11b4/0x2b28
[ 1088.936535]  ? lock_downgrade+0x740/0x740
[ 1088.940677]  ? find_held_lock+0x35/0x130
[ 1088.944716]  ? pcpu_alloc+0x3af/0x1050
[ 1088.948581]  ? btrfs_remount+0x11f0/0x11f0
[ 1088.952795]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1088.957803]  ? __lockdep_init_map+0x10c/0x570
[ 1088.962276]  mount_fs+0x97/0x2a1
[ 1088.965617]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1088.970085]  ? find_held_lock+0x35/0x130
[ 1088.974127]  vfs_kern_mount+0x40/0x60
[ 1088.977904]  btrfs_mount+0x3ce/0x2b28
[ 1088.981678]  ? lock_downgrade+0x740/0x740
[ 1088.985801]  ? find_held_lock+0x35/0x130
[ 1088.989836]  ? pcpu_alloc+0x3af/0x1050
[ 1088.993704]  ? btrfs_remount+0x11f0/0x11f0
[ 1088.997916]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1089.002914]  ? __lockdep_init_map+0x10c/0x570
[ 1089.007390]  ? __lockdep_init_map+0x10c/0x570
[ 1089.011864]  mount_fs+0x97/0x2a1
[ 1089.015207]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1089.019678]  do_mount+0x417/0x27d0
[ 1089.023192]  ? copy_mount_options+0x5c/0x2f0
[ 1089.027684]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1089.032683]  ? copy_mount_string+0x40/0x40
[ 1089.036895]  ? copy_mount_options+0x1fe/0x2f0
[ 1089.041365]  SyS_mount+0xab/0x120
[ 1089.044805]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1089.048669]  do_syscall_64+0x1e8/0x640
[ 1089.052529]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1089.057454]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1089.062618] RIP: 0033:0x45ddea
[ 1089.065785] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
05:41:07 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:07 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x80000)

[ 1089.073467] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1089.080713] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1089.087969] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1089.095301] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1089.102545] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000004e
05:41:07 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000000)={0x0, 'veth0_to_bridge\x00', {0x3}, 0x4})

05:41:07 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='mountinfo\x00')
preadv(r1, &(0x7f0000000940)=[{&(0x7f0000000040)=""/42, 0x2a}], 0x1, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:07 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r1, r0, 0x0, 0x209)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x2c, @local, 0x4e20, 0x3, 'dh\x00', 0x32, 0x1, 0x5a}, 0x2c)
r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
epoll_wait(r0, &(0x7f00000000c0)=[{}], 0x1, 0x7fffffff)
ftruncate(0xffffffffffffffff, 0x0)
memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r0, r2, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000001480)='/dev/zero\x00', 0x32d101, 0x0)

05:41:07 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r3, 0x0, 0x209)
ioctl$KVM_GET_MSR_INDEX_LIST(r4, 0xc004ae02, &(0x7f0000000000)={0x2, [0x0, 0x0]})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x11, 0x2, 0x0)
bind(r8, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r8, &(0x7f0000000040)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r9}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
setsockopt$inet_mreqn(r6, 0x0, 0x24, &(0x7f0000000140)={@remote, @rand_addr=0x50, r9}, 0xc)
dup3(r2, r5, 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_MRT6_DEL_MFC_PROXY(r10, 0x29, 0xd3, &(0x7f00000000c0)={{0xa, 0x4e22, 0x4, @local, 0xff}, {0xa, 0x4e21, 0x1, @mcast2, 0x3f}, 0x4, [0x7, 0x4, 0x0, 0xfffffffc, 0x40000000, 0x518, 0xfffffffe, 0x3]}, 0x5c)

05:41:07 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x110, r0, 0x26a3e000)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000080)={0x2})
mknod(&(0x7f0000000000)='./file0\x00', 0x8, 0x400)

05:41:07 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:41:07 executing program 3 (fault-call:0 fault-nth:79):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:41:07 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = getpid()
tkill(r2, 0x9)
r3 = getpgid(r2)
r4 = syz_open_procfs(r3, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r5, r4, 0x0, 0x209)
ioctl$DRM_IOCTL_CONTROL(r5, 0x40086414, &(0x7f0000000080)={0x0, 0x6})
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r6, r1, 0x0, 0x209)
r7 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r8 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r8, r7, 0x0, 0x209)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00')
sendmsg$NL80211_CMD_START_AP(r7, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000540)={0x148, r9, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [@NL80211_ATTR_SSID={0x15, 0x34, "081d3cb234c215c0945249a915ccb86a7c"}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_FTM_RESPONDER={0x104, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xef, 0x2, "555f488b444f8f27143478433d06c191bd1b1f98b333fd6647824e9ef12d10d566ed4562acbacb63ec4928ac5e826786a6f2cfcdb2484c0f6de61f8cd7c88f746b5e3dc6b7df36e174306bf54d4d03a3091be55b08ee226e3b5308d40c279cbacce5835117496b4d66a9fee1afda5dcc65b167a5954325a3e3648b032b67c4f9c860ee9c96ff5b4fc95fcc10e7dabda0043ec8546a06505782745dd3e5e7b6c63d722ec9d325f7ac226c92fd31bda2e85c60fd50fc9ce8161307b13770f8ae0fa2630d8dad9066d9da9ad29302cd68abb5008cede17bb22bbee7fdeb3db79c728f3b3e8d4b7a9a6689bb30"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_TWT_RESPONDER={0x4}, @NL80211_ATTR_TWT_RESPONDER={0x4}, @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0x6}]}, 0x148}, 0x1, 0x0, 0x0, 0x20004000}, 0x40000)
ioctl$VIDIOC_TRY_EXT_CTRLS(r6, 0xc0205649, &(0x7f0000000240)={0xa10000, 0x7, 0x5, <r10=>r0, 0x0, &(0x7f0000000200)={0x980905, 0x5, [], @p_u32=&(0x7f0000000000)=0x9}})
ioctl$ASHMEM_SET_NAME(r10, 0x40087708, &(0x7f00000003c0)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xfc=\xe3\x1e\n\xd52\xf0\x03VS\x03\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x80n\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\xe7\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\x1c\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xf7m\xa7\xd3\xfe\x8b\x9a\x05\xf3\xfd\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xf0-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea@\xde\xa1%\x9d\t\x19\x0eD=y\xce\x986G<\x1c\xf9\xd0F\xfa\xb5\x18\x00\x01\x00\x00r\x98\x95\xfe\xf0\x0em\xe5\xd0\x13\xe0\x93\x01\x99z\x86\x18\x1f\xfb\xb0}\x94z\x81I\xd8\x92')

[ 1089.379741] FAULT_INJECTION: forcing a failure.
[ 1089.379741] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1089.391599] CPU: 0 PID: 23764 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1089.399476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1089.408826] Call Trace:
[ 1089.411420]  dump_stack+0x142/0x197
[ 1089.415057]  should_fail.cold+0x10f/0x159
[ 1089.419213]  __alloc_pages_nodemask+0x1d6/0x7a0
[ 1089.423910]  ? fs_reclaim_acquire+0x20/0x20
[ 1089.428223]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1089.433242]  cache_grow_begin+0x80/0x400
[ 1089.437298]  kmem_cache_alloc_trace+0x6b2/0x790
[ 1089.441956]  btrfs_mount+0x1069/0x2b28
[ 1089.445825]  ? lock_downgrade+0x740/0x740
[ 1089.449962]  ? find_held_lock+0x35/0x130
[ 1089.454016]  ? pcpu_alloc+0x3af/0x1050
[ 1089.457890]  ? btrfs_remount+0x11f0/0x11f0
[ 1089.462122]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1089.467126]  ? __lockdep_init_map+0x10c/0x570
[ 1089.471645]  mount_fs+0x97/0x2a1
[ 1089.474994]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1089.479480]  ? find_held_lock+0x35/0x130
[ 1089.483532]  vfs_kern_mount+0x40/0x60
[ 1089.487314]  btrfs_mount+0x3ce/0x2b28
[ 1089.491142]  ? lock_downgrade+0x740/0x740
[ 1089.495267]  ? find_held_lock+0x35/0x130
[ 1089.499321]  ? pcpu_alloc+0x3af/0x1050
[ 1089.503251]  ? btrfs_remount+0x11f0/0x11f0
[ 1089.507484]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1089.512493]  ? __lockdep_init_map+0x10c/0x570
[ 1089.516976]  ? __lockdep_init_map+0x10c/0x570
[ 1089.521465]  mount_fs+0x97/0x2a1
[ 1089.524816]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1089.529308]  do_mount+0x417/0x27d0
[ 1089.532865]  ? copy_mount_string+0x40/0x40
[ 1089.537082]  ? copy_mount_options+0x18f/0x2f0
[ 1089.541572]  ? __sanitizer_cov_trace_pc+0x2a/0x60
[ 1089.546405]  ? copy_mount_options+0x1fe/0x2f0
[ 1089.550899]  SyS_mount+0xab/0x120
[ 1089.554350]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1089.558253]  do_syscall_64+0x1e8/0x640
[ 1089.562125]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1089.566953]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1089.572120] RIP: 0033:0x45ddea
05:41:08 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)
r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x202, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=@dellink={0x90, 0x11, 0x200, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x1000, 0x20}, [@IFLA_MAP={0x24, 0xe, {0x622, 0x40, 0xe5, 0x8, 0x8, 0x5}}, @IFLA_IFALIASn={0x4}, @IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @xfrm={{0x9, 0x1, 'xfrm\x00'}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8}, @IFLA_XFRM_LINK={0x8, 0x1, 0x4}, @IFLA_XFRM_LINK={0x8, 0x1, 0x2}, @IFLA_XFRM_IF_ID={0x8}, @IFLA_XFRM_IF_ID={0x8, 0x2, 0x4}]}}}, @IFLA_ADDRESS={0xa}]}, 0x90}, 0x1, 0x0, 0x0, 0x41}, 0x20000000)

05:41:08 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
modify_ldt$read(0x0, &(0x7f0000000000)=""/16, 0x10)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1089.575287] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1089.583065] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1089.590319] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1089.597575] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1089.604909] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1089.612258] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 000000000000004f
05:41:10 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:10 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
fsetxattr$trusted_overlay_opaque(r4, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x2)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:41:10 executing program 3 (fault-call:0 fault-nth:80):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:41:10 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x404000, 0x0)
r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x90480, 0x0)
recvfrom$inet(r1, &(0x7f00000003c0)=""/4096, 0x1000, 0x1, &(0x7f00000000c0)={0x2, 0x4e23, @rand_addr=0x3a32}, 0x10)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r3, 0x118, 0x1, &(0x7f0000000000)=0x56d4, 0x4)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r4, 0x400c6615, &(0x7f00000001c0)={0x0, @aes128})
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r6, r5, 0x0, 0x209)
ioctl$ASHMEM_GET_PIN_STATUS(r5, 0x7709, 0x0)

[ 1092.218577] FAULT_INJECTION: forcing a failure.
[ 1092.218577] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1092.230415] CPU: 0 PID: 23787 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1092.238298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1092.247653] Call Trace:
[ 1092.250249]  dump_stack+0x142/0x197
[ 1092.253909]  should_fail.cold+0x10f/0x159
[ 1092.258073]  __alloc_pages_nodemask+0x1d6/0x7a0
[ 1092.262751]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1092.267777]  cache_grow_begin+0x80/0x400
[ 1092.271844]  kmem_cache_alloc+0x6a6/0x780
[ 1092.275994]  ? save_stack_trace+0x16/0x20
[ 1092.280144]  ? save_stack+0x45/0xd0
[ 1092.283770]  ? kmem_cache_alloc_trace+0x152/0x790
[ 1092.288620]  getname_kernel+0x53/0x350
[ 1092.292513]  kern_path+0x20/0x40
[ 1092.295889]  lookup_bdev.part.0+0x63/0x160
[ 1092.300115]  ? blkdev_open+0x260/0x260
[ 1092.303998]  ? btrfs_open_devices+0x27/0xb0
[ 1092.308323]  blkdev_get_by_path+0x76/0xf0
[ 1092.312470]  btrfs_get_bdev_and_sb+0x38/0x2e0
[ 1092.316966]  __btrfs_open_devices+0x194/0xab0
[ 1092.321449]  ? check_preemption_disabled+0x3c/0x250
[ 1092.326454]  ? find_device+0x100/0x100
[ 1092.330332]  ? btrfs_mount+0x1069/0x2b28
[ 1092.334383]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1092.339452]  btrfs_open_devices+0xa4/0xb0
[ 1092.343594]  btrfs_mount+0x11b4/0x2b28
[ 1092.347466]  ? lock_downgrade+0x740/0x740
[ 1092.351604]  ? find_held_lock+0x35/0x130
[ 1092.355659]  ? pcpu_alloc+0x3af/0x1050
[ 1092.359531]  ? btrfs_remount+0x11f0/0x11f0
[ 1092.363784]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1092.368786]  ? __lockdep_init_map+0x10c/0x570
[ 1092.373277]  mount_fs+0x97/0x2a1
[ 1092.376634]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1092.381179]  ? find_held_lock+0x35/0x130
[ 1092.385232]  vfs_kern_mount+0x40/0x60
[ 1092.389012]  btrfs_mount+0x3ce/0x2b28
[ 1092.392801]  ? lock_downgrade+0x740/0x740
[ 1092.396935]  ? find_held_lock+0x35/0x130
[ 1092.400991]  ? pcpu_alloc+0x3af/0x1050
[ 1092.405047]  ? btrfs_remount+0x11f0/0x11f0
[ 1092.409269]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1092.414279]  ? __lockdep_init_map+0x10c/0x570
[ 1092.418754]  ? __lockdep_init_map+0x10c/0x570
[ 1092.423236]  mount_fs+0x97/0x2a1
[ 1092.426683]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1092.431183]  do_mount+0x417/0x27d0
[ 1092.434718]  ? copy_mount_options+0x5c/0x2f0
[ 1092.439118]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1092.444127]  ? copy_mount_string+0x40/0x40
[ 1092.448345]  ? copy_mount_options+0x1fe/0x2f0
[ 1092.452843]  SyS_mount+0xab/0x120
[ 1092.456286]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1092.460158]  do_syscall_64+0x1e8/0x640
[ 1092.464034]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1092.468872]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1092.474053] RIP: 0033:0x45ddea
[ 1092.477233] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1092.484928] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1092.492191] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1092.499458] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1092.506715] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
05:41:10 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$team(&(0x7f0000000140)='team\x00')
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000001900)={@rand_addr, @multicast1, <r2=>0x0}, &(0x7f0000001940)=0xc)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000001a40)={'wireguard0\x00', <r4=>0x0})
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000001a80)={@mcast1, <r5=>0x0}, &(0x7f0000001ac0)=0x14)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x11, 0x2, 0x0)
bind(r7, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r7, &(0x7f0000000040)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r8}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r10 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r10, r9, 0x0, 0x209)
getsockopt$inet_pktinfo(r9, 0x0, 0x8, &(0x7f0000001b00)={<r11=>0x0, @multicast2, @initdev}, &(0x7f0000001b40)=0xc)
accept4$packet(0xffffffffffffffff, &(0x7f0000001b80)={0x11, 0x0, <r12=>0x0}, &(0x7f0000001bc0)=0x14, 0x80800)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001d80)={<r13=>0x0, @broadcast, @local}, &(0x7f0000001dc0)=0xc)
r14 = socket$nl_route(0x10, 0x3, 0x0)
r15 = socket(0x11, 0x2, 0x0)
bind(r15, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r15, &(0x7f0000000040)={0x11, 0x0, <r16=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r14, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r16}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
r17 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r18 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r18, r17, 0x0, 0x209)
getsockopt$inet_mreqn(r18, 0x0, 0x20, &(0x7f0000001e40)={@loopback, @initdev, <r19=>0x0}, &(0x7f0000001e80)=0xc)
getpeername$packet(0xffffffffffffffff, &(0x7f0000001ec0)={0x11, 0x0, <r20=>0x0}, &(0x7f0000001f00)=0x14)
r21 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r22 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r22, r21, 0x0, 0x209)
getpeername$packet(r22, &(0x7f0000002040)={0x11, 0x0, <r23=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000002080)=0x14)
r24 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r25 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r25, r24, 0x0, 0x209)
getsockname$packet(r24, &(0x7f00000020c0)={0x11, 0x0, <r26=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000002100)=0x14)
r27 = socket$nl_route(0x10, 0x3, 0x0)
r28 = socket(0x11, 0x2, 0x0)
bind(r28, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r28, &(0x7f0000000040)={0x11, 0x0, <r29=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r27, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r29}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
r30 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r30, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r30, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r31 = socket$nl_route(0x10, 0x3, 0x0)
r32 = socket(0x11, 0x2, 0x0)
bind(r32, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r32, &(0x7f0000000040)={0x11, 0x0, <r33=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r31, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r33}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r30, 0x8933, &(0x7f0000002140)={'macvlan1\x00', <r34=>r33})
r35 = socket$nl_route(0x10, 0x3, 0x0)
r36 = socket(0x11, 0x2, 0x0)
bind(r36, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r36, &(0x7f0000000040)={0x11, 0x0, <r37=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r35, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r37}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
r38 = socket$nl_route(0x10, 0x3, 0x0)
r39 = socket(0x11, 0x2, 0x0)
bind(r39, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r39, &(0x7f0000000040)={0x11, 0x0, <r40=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r38, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r40}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
r41 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r42 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r42, r41, 0x0, 0x209)
getsockopt$PNPIPE_IFINDEX(r42, 0x113, 0x2, &(0x7f0000002180)=<r43=>0x0, &(0x7f00000021c0)=0x4)
r44 = socket$nl_route(0x10, 0x3, 0x0)
r45 = socket(0x11, 0x2, 0x0)
bind(r45, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r45, &(0x7f0000000040)={0x11, 0x0, <r46=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r44, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r46}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
r47 = socket$nl_route(0x10, 0x3, 0x0)
r48 = socket(0x11, 0x2, 0x0)
bind(r48, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r48, &(0x7f0000000040)={0x11, 0x0, <r49=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r47, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r49}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
r50 = socket$nl_route(0x10, 0x3, 0x0)
r51 = socket(0x11, 0x2, 0x0)
bind(r51, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r51, &(0x7f0000000040)={0x11, 0x0, <r52=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r50, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r52}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000002200)={'macvlan0\x00', <r53=>r52})
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000002280)={{{@in6, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r54=>0x0}}, {{@in=@loopback}, 0x0, @in=@multicast1}}, &(0x7f0000002380)=0xe8)
r55 = socket$nl_route(0x10, 0x3, 0x0)
r56 = socket(0x11, 0x2, 0x0)
bind(r56, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r56, &(0x7f0000000040)={0x11, 0x0, <r57=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r55, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r57}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
r58 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r59 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r59, r58, 0x0, 0x209)
getsockopt$inet_IP_XFRM_POLICY(r58, 0x0, 0x11, &(0x7f0000002400)={{{@in=@dev, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r60=>0x0}}, {{@in6=@ipv4={[], [], @multicast2}}, 0x0, @in=@remote}}, &(0x7f0000002500)=0xe8)
r61 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r61, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r61, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r61, 0x8933, &(0x7f0000002540)={'team0\x00', <r62=>0x0})
r63 = socket$nl_route(0x10, 0x3, 0x0)
r64 = socket(0x11, 0x2, 0x0)
bind(r64, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r64, &(0x7f0000000040)={0x11, 0x0, <r65=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r63, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r65}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
r66 = socket$nl_route(0x10, 0x3, 0x0)
r67 = socket(0x11, 0x2, 0x0)
bind(r67, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r67, &(0x7f0000000040)={0x11, 0x0, <r68=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r66, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r68}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
r69 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r70 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r70, r69, 0x0, 0x209)
getpeername$packet(r69, &(0x7f0000002580)={0x11, 0x0, <r71=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000025c0)=0x14)
sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f00000030c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000003080)={&(0x7f0000002600)={0xa50, r1, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [{{0x8, 0x1, r2}, {0x138, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x3c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x5}, {0xc, 0x4, [{0x5, 0x2e, 0x0, 0x6}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x5}, {0x8, 0x4, 0x81}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}]}}, {{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x5}, {0x8, 0x4, 0x76d}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x5}, {0x8, 0x4, 0x9f}}}, {0x3c, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x5}, {0xb, 0x4, 'random\x00'}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x5}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x5}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r11}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x1}}, {0x8, 0x6, r13}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x5}, {0x8, 0x4, 0x80000000}}}]}}, {{0x8, 0x1, r16}, {0x84, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x5}, {0x8, 0x4, r19}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x5}, {0x8, 0x4, 0xe1aa}}, {0x8, 0x6, r20}}}]}}, {{0x8, 0x1, r23}, {0x4}}, {{0x8, 0x1, r26}, {0x90, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x5}, {0x8, 0x4, 0x1000}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8, 0x1, r29}, {0x1a0, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x5}, {0x8, 0x4, r34}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x5}, {0x8, 0x4, 0x8000}}}, {0x3c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x5}, {0xc, 0x4, [{0x9, 0x40, 0x2}]}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x5}, {0x8, 0x4, r37}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r40}, {0x1ec, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x5}, {0x8, 0x4, r43}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x5}, {0x4}}, {0x8, 0x6, r46}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x5}, {0x8, 0x4, r49}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x5}, {0x8, 0x4, 0x655}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x5}, {0x4}}, {0x8, 0x6, r53}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x5}, {0x8, 0x4, r54}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x5}, {0x8, 0x4, 0x30}}, {0x8, 0x6, r57}}}]}}, {{0x8, 0x1, r60}, {0xc4, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x5}, {0xb, 0x4, 'random\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8, 0x1, r62}, {0xec, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x5}, {0x4}}, {0x8, 0x6, r65}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x5}, {0x8, 0x4, 0xa6c}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x5}, {0x4}}, {0x8, 0x6, r68}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x5}, {0x8, 0x4, r71}}}]}}]}, 0xa50}}, 0x4040)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r72 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r72, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
r73 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0xa000, 0x0)
ioctl$DRM_IOCTL_RM_MAP(r73, 0x4028641b, &(0x7f00000000c0)={&(0x7f0000ffd000/0x1000)=nil, 0x8, 0x5, 0x10, &(0x7f0000ffc000/0x4000)=nil, 0xdb})
setsockopt$ALG_SET_KEY(r72, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
fadvise64(r72, 0x8, 0x2, 0x3)
r74 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r74, r0, 0x0)

05:41:10 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
vmsplice(r0, &(0x7f0000000300)=[{&(0x7f0000000100)="27886405b6a6d48f2621946229132c1e29678780b5674b7453235a9eaba71415c96c4a48066d5613a01458d1e112ac6cf1a649c34a758b2a824448caeec5cc43d3597367364f6ea4f6fc4a824af8e2933a9ad7dfb46d0ba778a19ddc03184017164f738590c0670c4716332accffc1d4d3fe9c0294643f502d", 0x79}, {&(0x7f0000000340)="4040c7b72b2f32a2", 0x8}, {&(0x7f0000000280)="a399d15d73abd52eabb1c0ad83e114ba9f22b74462aed78b164526b765a343375e3932753be01b34497b7a75e39dd45559adf251d5b1", 0x36}, {&(0x7f00000002c0)="4a6bd8c8185085516e73724e8170dc110bd8c6920acc14fd62ca19d487ee5f83a3e9190678c2f142e31c7ce45d7795855319e9", 0x33}], 0x4, 0x0)
r1 = gettid()
ptrace$cont(0x9, r1, 0x200, 0x63a)
r2 = getpid()
prctl$PR_GET_NO_NEW_PRIVS(0x27)
tkill(r2, 0x9)
r3 = syz_open_procfs(r2, &(0x7f0000000000)='net/tcp6\x00')
write$binfmt_script(r3, &(0x7f0000000380)={'#! ', './file0', [{}, {0x20, 'GPL[em1'}], 0xa, "db83963bbc63f825fcc5123c134fdf5a8e6be4909902f138b4520fd00cb1bf1408341adf709c9bf4d2cda026609f19e953704de5e5ec7978b598e9db0b1704bda19618dbd96845b864691b06399bbc7e3f4a77ca5fa911858f45a891ce3fd4e58bbfec6fe858f6a1629d5f8eacbc51e9588580b12f1baf49feb7c9cdedd714999a026113c5213739b7f8980806ea05782dd06903730739d9155333410b9e6b0f9cb79fe378b00452cedfa452d339576977d13dfbe75efee2a7fdb77b14a1ad586d08311ad764204daea9a5d1"}, 0xe0)
ioctl$NBD_SET_FLAGS(r3, 0xab0a, 0x81)
wait4(0x0, 0x0, 0x8, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r1, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r1, 0x3c)
socket$phonet_pipe(0x23, 0x5, 0x2)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

[ 1092.513978] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000050
05:41:11 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r6=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000002680)={0x0, 0x0, 0x0, 0x0, r6}, &(0x7f00000026c0)=0x10)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r9=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r7, 0x84, 0x22, &(0x7f0000002680)={0x0, 0x0, 0x0, 0x0, r9}, &(0x7f00000026c0)=0x10)
r10 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r11 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r11, r10, 0x0, 0x209)
r12 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r13 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r13, r12, 0x0, 0x209)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r12, 0x84, 0x6e, &(0x7f0000000640)=[@in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e22, 0xac8a, @dev={0xfe, 0x80, [], 0x23}, 0x9}, @in6={0xa, 0x4e24, 0x1a4, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x7}], 0x48)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r10, 0x84, 0x1a, &(0x7f0000000380)={<r14=>0x0, 0xd5, "c5ed7d7e33230e94ec86a7c0a0eb520b3396fc207d41839774959cd002a3a747049749525675da73d75e74d110fec8f0f61295eb5d4edb9eaab47c1b17ad7a25b78d6ae836653c963fcce37c1e950ee6f57f0ccb0877a42588aa830f2e41c5966188dcaff93f219f0e38f14a9c127457deab0386f638cdc23b383966838f452012896d278a4a1c2620070019cfd4ad46beb29f2727cec349d884fff77bf1464ddab572f2cd5cfe40e8bddc2093f9b88b7fea988e5414d2306a87745335cf0d79b518f3cc3b071897e3f26c6088a38ce334b86904c4"}, &(0x7f0000000480)=0xdd)
r15 = socket$inet6_sctp(0xa, 0x1, 0x84)
r16 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r16, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r17=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r15, 0x84, 0x22, &(0x7f0000002680)={0x0, 0x0, 0x0, 0x0, r17}, &(0x7f00000026c0)=0x10)
r18 = socket$inet6_sctp(0xa, 0x1, 0x84)
r19 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r19, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r20=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r18, 0x84, 0x22, &(0x7f0000002680)={0x0, 0x0, 0x0, 0x0, r20}, &(0x7f00000026c0)=0x10)
sendmsg$inet_sctp(r2, &(0x7f0000000600)={&(0x7f0000000000)=@in={0x2, 0x4e23, @remote}, 0x10, &(0x7f0000000340)=[{&(0x7f00000000c0)="97bc3cf5928484628e54ee9b42239ba85c9f6ee9eb677225663454b9e239bc14bea2683c228298b01a2a2ea6fa4658e49644fca98921461edb63e6fb92a9d48959d664523dc69aa594e84a26070b08dc2a533d5cd16048ee1ef1edf0d7809c4a41b2c915175d677df5c41842284ad594e81d1ad6eb3ba2e2c51f2294e1cc0014394340b3f5f1ea72e1fdfbfe7c4e5b320bfc5d6f0fcf9e98e10c63cc35af03443dfb2662b0ffa488453f426cfa26f0ec28d2981849259b020c2ea6c5809aebc7ef5fc1d81acb6065786f7235fc574ddc4f99613cab7def41ee95ad3346277dec2e1c7d5e2bdae79d011ebee09169f98b713a5b90a3", 0xf5}, {&(0x7f00000001c0)="25dae6e86391ddd72a06b3514563c8372e58f9d89b735ea9f5a6f8cb1e32174907aaa8770908abf6156c8564d11842543dad437497878a612655e37137b6f55cc34fa70d9b2e1e34f93e3bdf4523402fa8ee1031b280da95dbf196789c5c3f91c062899d69086c566889e64b225c", 0x6e}, {&(0x7f0000000240)="4734569b2410c3f818b3f7be00d71c03fe2cb33ec9c09c986641e7113d0f44d75157dfe35f3e2dd8b488a8143a1970390465c7426eb3fcfdf8afcdfba7d883310eb1b8a496230edf0a2887451c2c77b7c6ab159536cfa70e5c5241717d4eb17f42fa87768ebb2d475ca06ef91c5fc626960075ce20084163df0233a0269b12c7120560bcf44484da3fe2dbf1e302a014b50bad4a604574968ffa72b4f9ae778a35ebafd3fa800bf107ae1f1eaab99d1862605bce8d9f31b5d0b73f9dc2186017a13de4e36ddcb09e1bed910490a86fdc8ff7879b63", 0xd5}], 0x3, &(0x7f00000004c0)=[@sndinfo={0x20, 0x84, 0x2, {0x81, 0x0, 0x1000, 0x0, r6}}, @sndrcv={0x30, 0x84, 0x1, {0x100, 0x7c, 0x5, 0x1, 0x2980, 0x1f0, 0x7fffffff, 0x8, r9}}, @sndrcv={0x30, 0x84, 0x1, {0xc1, 0x8000, 0x20b, 0x7, 0x4, 0x3, 0x80000000, 0xfffffffa, r14}}, @sndrcv={0x30, 0x84, 0x1, {0x1, 0x0, 0x8, 0x4ea4, 0x4, 0x2, 0x0, 0xeca8, r17}}, @sndrcv={0x30, 0x84, 0x1, {0x13fe, 0x5, 0x2, 0x7ff, 0x0, 0x4318805c, 0x8, 0x5, r20}}, @authinfo={0x18, 0x84, 0x6, {0x4}}, @prinfo={0x18, 0x84, 0x5, {0x10, 0x7fffffff}}], 0x110, 0x10}, 0x20000080)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:41:11 executing program 3 (fault-call:0 fault-nth:81):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:41:11 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 1092.729365] FAULT_INJECTION: forcing a failure.
[ 1092.729365] name failslab, interval 1, probability 0, space 0, times 0
[ 1092.740604] CPU: 0 PID: 23814 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1092.748599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1092.757954] Call Trace:
[ 1092.760552]  dump_stack+0x142/0x197
[ 1092.764208]  should_fail.cold+0x10f/0x159
[ 1092.768360]  should_failslab+0xdb/0x130
[ 1092.772315]  kmem_cache_alloc+0x47/0x780
[ 1092.776375]  radix_tree_node_alloc.constprop.0+0x1c7/0x310
[ 1092.781982]  __radix_tree_create+0x337/0x4d0
[ 1092.786512]  page_cache_tree_insert+0xa7/0x2d0
[ 1092.791074]  ? file_check_and_advance_wb_err+0x380/0x380
[ 1092.796503]  ? debug_smp_processor_id+0x1c/0x20
[ 1092.801184]  __add_to_page_cache_locked+0x2ab/0x8c0
[ 1092.806182]  ? find_lock_entry+0x4b0/0x4b0
[ 1092.810397]  add_to_page_cache_lru+0xf4/0x310
[ 1092.814873]  ? add_to_page_cache_locked+0x40/0x40
[ 1092.819713]  ? __page_cache_alloc+0xdd/0x3e0
[ 1092.824104]  pagecache_get_page+0x1f5/0x9e0
[ 1092.828405]  __getblk_gfp+0x23d/0x7b0
[ 1092.832183]  ? SOFTIRQ_verbose+0x10/0x10
[ 1092.836220]  ? lru_add_drain_all+0x18/0x20
[ 1092.840449]  __bread_gfp+0x2e/0x290
[ 1092.844056]  btrfs_read_dev_one_super+0x9f/0x270
[ 1092.848789]  btrfs_read_dev_super+0x5d/0xb0
[ 1092.853206]  ? btrfs_read_dev_one_super+0x270/0x270
[ 1092.858230]  btrfs_get_bdev_and_sb+0xdc/0x2e0
[ 1092.862708]  __btrfs_open_devices+0x194/0xab0
[ 1092.867179]  ? check_preemption_disabled+0x3c/0x250
[ 1092.872173]  ? find_device+0x100/0x100
[ 1092.876034]  ? btrfs_mount+0x1069/0x2b28
[ 1092.880103]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1092.885110]  btrfs_open_devices+0xa4/0xb0
[ 1092.889238]  btrfs_mount+0x11b4/0x2b28
[ 1092.893099]  ? lock_downgrade+0x740/0x740
[ 1092.897219]  ? find_held_lock+0x35/0x130
[ 1092.901255]  ? pcpu_alloc+0x3af/0x1050
[ 1092.905131]  ? btrfs_remount+0x11f0/0x11f0
[ 1092.909346]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1092.914429]  ? __lockdep_init_map+0x10c/0x570
[ 1092.918970]  mount_fs+0x97/0x2a1
[ 1092.922319]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1092.926793]  ? find_held_lock+0x35/0x130
[ 1092.930837]  vfs_kern_mount+0x40/0x60
[ 1092.934617]  btrfs_mount+0x3ce/0x2b28
[ 1092.938398]  ? lock_downgrade+0x740/0x740
[ 1092.942524]  ? find_held_lock+0x35/0x130
[ 1092.946563]  ? pcpu_alloc+0x3af/0x1050
[ 1092.950432]  ? btrfs_remount+0x11f0/0x11f0
[ 1092.954658]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1092.959679]  ? __lockdep_init_map+0x10c/0x570
[ 1092.964154]  ? __lockdep_init_map+0x10c/0x570
[ 1092.968634]  mount_fs+0x97/0x2a1
[ 1092.971981]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1092.976456]  do_mount+0x417/0x27d0
[ 1092.979971]  ? copy_mount_options+0x5c/0x2f0
[ 1092.984383]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1092.989377]  ? copy_mount_string+0x40/0x40
[ 1092.993588]  ? copy_mount_options+0x1fe/0x2f0
[ 1092.998059]  SyS_mount+0xab/0x120
[ 1093.001486]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1093.005382]  do_syscall_64+0x1e8/0x640
[ 1093.009247]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1093.014083]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1093.019247] RIP: 0033:0x45ddea
[ 1093.022414] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
05:41:11 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r5, r4, 0x0, 0x209)
ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000000)={0x9, 0x3f})
dup3(r2, r3, 0x0)

05:41:11 executing program 5:
rmdir(&(0x7f0000000000)='./bus\x00')
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4200, r0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
r3 = request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000000180)={'syz', 0x0}, &(0x7f0000000240)='\x00', 0x0)
keyctl$revoke(0x3, r3)
ioctl$KDSETLED(r2, 0x4b32, 0x1)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
prctl$PR_GET_SECCOMP(0x15)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[ 1093.030097] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1093.037346] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1093.044597] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1093.051843] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1093.059085] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000051
05:41:11 executing program 5:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, <r2=>0x0}, &(0x7f0000000040)=0xc)
setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@ipv4={[], [], @multicast2}, @in=@loopback, 0x4e20, 0x1, 0x4e22, 0xfffc, 0xa, 0x80, 0x80, 0x8, 0x0, r2}, {0x1, 0x8, 0x3, 0x1f, 0x8, 0xa6d2, 0x7, 0x9}, {0x7db3, 0x4, 0x7, 0x30000}, 0x7fffffff, 0x6e6bbf, 0x1, 0x0, 0x1, 0x1}, {{@in=@local, 0x4d5, 0x2b}, 0xa, @in6=@mcast1, 0x34ff, 0x0, 0x3, 0x7, 0x5, 0x101, 0xb1}}, 0xe8)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r3 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r3, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r3, 0x3c)
ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r3, 0x0, 0x0)

05:41:13 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:13 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x14002)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
r4 = socket$alg(0x26, 0x5, 0x0)
r5 = socket$inet6(0xa, 0x4, 0x5)
ioctl$sock_SIOCDELRT(r5, 0x890c, &(0x7f0000000240)={0x0, @ipx={0x4, 0x7, 0x3, "72f3ac26ddf3", 0x8}, @ethernet={0x306, @broadcast}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x400, 0x0, 0x0, 0x0, 0xfae1, &(0x7f0000000180)='batadv_slave_0\x00', 0x1, 0x85, 0x2})
r6 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/checkreqprot\x00', 0x440400, 0x0)
bind$alg(r6, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
dup3(r7, r4, 0x80000)

05:41:13 executing program 3 (fault-call:0 fault-nth:82):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:41:13 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000000), &(0x7f00000000c0)=0x4)
dup3(r1, r0, 0x0)

05:41:13 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
r1 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000000)=0x60, 0x80800)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x3000002, 0x12, r1, 0x1000)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x400000, 0x0)
getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14)
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r2, 0x0, 0x209)
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r6, r5, 0x0, 0x209)
r7 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000140)='NLBL_MGMT\x00')
sendmsg$NLBL_MGMT_C_LISTALL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7, 0x2, 0x70bd28}, 0x14}}, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r9, r8, 0x0, 0x209)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r8, 0x84, 0x66, &(0x7f0000000340)={<r10=>0x0, 0x200}, &(0x7f0000000380)=0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f0000000580)={0x7, 0x3, 0x204, 0x20, 0x0, 0x7f, 0xff, 0x2, r10}, &(0x7f00000005c0)=0x20)
sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x58, r7, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NLBL_MGMT_A_CLPDOI={0x8}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast2}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x28}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @dev={0xac, 0x14, 0x14, 0x43}}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x2}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @NLBL_MGMT_A_CV4DOI={0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x24008041}, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r6, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x64, r7, 0x300, 0x70bd28, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @ipv4={[], [], @empty}}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @empty}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @remote}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast1}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x4080)
ioctl$ASHMEM_SET_NAME(r4, 0x40087708, &(0x7f00000003c0)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x00\x00\x00\x00\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f\\\x85L\x89Y\xbf9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4\x8d\'\xebT\x80x3\nY\x90D\x88\xf2~\x91\xa7\x130ps\xa7\x05\x1b\xe9X\xa1\xa4M\xc3\xae\xbf|Y\xf5\"u\xf7|m\xfc\x16\xbe\x96\xa3\xb9\x16]\x05lI\xc8\xce 6\x06\x02zh\xb5\xba\x84\xd7\xe0HC\xd5\tv\x85\xfd\x8bL\xee\xe4.\x97\xb4\xa1S\x16\xe74\xe6\x16+\xdd\xdd\xfe\xba\xd5\xbeo\x94\x1d\\\xcf\x9b\x1f\xdd\x03$\x9eo\xec\x9c\xc5\xf9m\x95\xc5X\x1f\x84\xdb\x15\xf2K\xd6\n\xd32\xb1_')

[ 1095.299523] FAULT_INJECTION: forcing a failure.
[ 1095.299523] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1095.311357] CPU: 1 PID: 23851 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1095.319246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1095.328605] Call Trace:
[ 1095.331195]  dump_stack+0x142/0x197
[ 1095.334839]  should_fail.cold+0x10f/0x159
[ 1095.339011]  __alloc_pages_nodemask+0x1d6/0x7a0
[ 1095.343691]  ? fs_reclaim_acquire+0x20/0x20
[ 1095.348025]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1095.353058]  cache_grow_begin+0x80/0x400
[ 1095.357125]  kmem_cache_alloc_trace+0x6b2/0x790
[ 1095.361806]  btrfs_mount+0x1069/0x2b28
[ 1095.365692]  ? lock_downgrade+0x740/0x740
[ 1095.369836]  ? find_held_lock+0x35/0x130
[ 1095.373897]  ? pcpu_alloc+0x3af/0x1050
[ 1095.377777]  ? btrfs_remount+0x11f0/0x11f0
[ 1095.382010]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1095.387021]  ? __lockdep_init_map+0x10c/0x570
[ 1095.391512]  mount_fs+0x97/0x2a1
[ 1095.394867]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1095.399356]  ? find_held_lock+0x35/0x130
[ 1095.403398]  vfs_kern_mount+0x40/0x60
[ 1095.407178]  btrfs_mount+0x3ce/0x2b28
[ 1095.410958]  ? lock_downgrade+0x740/0x740
[ 1095.415086]  ? find_held_lock+0x35/0x130
[ 1095.419140]  ? pcpu_alloc+0x3af/0x1050
[ 1095.423009]  ? btrfs_remount+0x11f0/0x11f0
[ 1095.427229]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1095.432244]  ? __lockdep_init_map+0x10c/0x570
[ 1095.436744]  ? __lockdep_init_map+0x10c/0x570
[ 1095.441225]  mount_fs+0x97/0x2a1
[ 1095.444573]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1095.449086]  do_mount+0x417/0x27d0
[ 1095.452618]  ? copy_mount_options+0x5c/0x2f0
[ 1095.457013]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1095.462018]  ? copy_mount_string+0x40/0x40
[ 1095.466244]  ? copy_mount_options+0x1fe/0x2f0
[ 1095.470718]  SyS_mount+0xab/0x120
[ 1095.474151]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1095.478066]  do_syscall_64+0x1e8/0x640
[ 1095.481947]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1095.486791]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1095.491972] RIP: 0033:0x45ddea
05:41:14 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r1, r2, 0x0)

05:41:14 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvme-fabrics\x00', 0x141500, 0x0)
ioctl$DRM_IOCTL_INFO_BUFS(r1, 0xc0106418, &(0x7f0000000080)={0x0, 0x5, 0x8, 0x28, 0x8, 0xffffffffffff456e})

[ 1095.495154] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1095.502849] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1095.510105] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1095.517363] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1095.524616] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1095.531873] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000052
05:41:14 executing program 2:
ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r1 = fcntl$getown(r0, 0x9)
r2 = syz_open_procfs(r1, &(0x7f0000000080)='auxv\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
ioctl$SNDRV_PCM_IOCTL_STATUS32(r2, 0x806c4120, &(0x7f0000000000))

05:41:14 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
write$binfmt_misc(r0, &(0x7f00000000c0)={'syz1', "5b86c0674cc4b8af535934cc60807da07c5abfc91bf4ae92c8e3f2edd036f8ec726d113cb031d4565395a504d0e25af65ebfbf38bfcb3e08470818545b794de20a05304a10c4a87d33c3de0168e35e7bf733971e435fb07215c7145548d699b0309e9aefdff770474d"}, 0x6d)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0)
dup3(r2, r3, 0x0)

05:41:14 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
setsockopt$CAN_RAW_LOOPBACK(r1, 0x65, 0x3, &(0x7f0000000140), 0x4)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x4b2000, 0x20)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000100)={r2, 0x13, 0x0, 0x2d29a2c7, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xa}, 0x20)
r3 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r3, r0, 0x0)

05:41:14 executing program 3 (fault-call:0 fault-nth:83):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[ 1095.709223] FAULT_INJECTION: forcing a failure.
[ 1095.709223] name failslab, interval 1, probability 0, space 0, times 0
[ 1095.737913] CPU: 0 PID: 23883 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1095.745822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1095.755274] Call Trace:
[ 1095.757876]  dump_stack+0x142/0x197
[ 1095.761517]  should_fail.cold+0x10f/0x159
[ 1095.765671]  should_failslab+0xdb/0x130
[ 1095.769641]  kmem_cache_alloc_trace+0x2e9/0x790
[ 1095.774310]  btrfs_mount+0x1069/0x2b28
[ 1095.778187]  ? lock_downgrade+0x740/0x740
[ 1095.782336]  ? find_held_lock+0x35/0x130
[ 1095.786404]  ? pcpu_alloc+0x3af/0x1050
[ 1095.790287]  ? btrfs_remount+0x11f0/0x11f0
[ 1095.794512]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1095.799629]  ? __lockdep_init_map+0x10c/0x570
[ 1095.804117]  mount_fs+0x97/0x2a1
[ 1095.807474]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1095.811951]  ? find_held_lock+0x35/0x130
[ 1095.816001]  vfs_kern_mount+0x40/0x60
[ 1095.819790]  btrfs_mount+0x3ce/0x2b28
[ 1095.823578]  ? lock_downgrade+0x740/0x740
[ 1095.827706]  ? find_held_lock+0x35/0x130
[ 1095.831750]  ? pcpu_alloc+0x3af/0x1050
[ 1095.835623]  ? btrfs_remount+0x11f0/0x11f0
[ 1095.839846]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1095.844857]  ? __lockdep_init_map+0x10c/0x570
[ 1095.849336]  ? __lockdep_init_map+0x10c/0x570
[ 1095.853819]  mount_fs+0x97/0x2a1
[ 1095.857285]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1095.861770]  do_mount+0x417/0x27d0
[ 1095.865296]  ? copy_mount_options+0x5c/0x2f0
[ 1095.869689]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1095.874689]  ? copy_mount_string+0x40/0x40
[ 1095.878906]  ? copy_mount_options+0x1fe/0x2f0
[ 1095.883386]  SyS_mount+0xab/0x120
[ 1095.886821]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1095.890714]  do_syscall_64+0x1e8/0x640
[ 1095.894583]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1095.899437]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1095.904608] RIP: 0033:0x45ddea
[ 1095.907779] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1095.915471] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1095.922733] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1095.929984] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1095.937243] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1095.944495] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000053
05:41:14 executing program 2:
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x12200, 0x72)
pwritev(r0, &(0x7f0000000200)=[{&(0x7f0000000080)="a1bd51fe9210bffd8ce42ed8fda7e2fc9ade4d2ff62c80878af1898fee8239ada9a86d803eb403829c73f0f188e901e13b52074d55c6e7f609840c7e6eeff5bb6b01f7a07ae5064cdf2e74a871a9b45100eb630b4cdec9ff3cb62b80d508801392d630e91120e6f44e14992691c1db95a054612f85b18e61078783f33366ab9936fb551c85b49b3f9c70253ec2808dfbd3e0068a8319c23d3169a6de1ba698e07b1aa93a0e98c4eda820a3af2978cd51f763b78538f9919abf", 0xb9}, {&(0x7f0000000140)="f783a77142b52792c51468bffb6c0d84e168f1819c5bfed2a2f253dbf236c07bf159ac8b9dc3b75ee544f4b86beddbdcd7f48ce54bb73821811cd36c5fac7d58150949e47c30cacf19ab4d6d3ced809895f371e8b7415083f5cc6162d60cde261c9394383b82ffc4ea7596d8f8c40c33076674a5c3e38b621bb9ccba3bb473b6b12f16df841e40e0922ce8be6070e7292d2fe8de91ad0b77d3babfbe3407944b6be0a0b4743b", 0xa6}], 0x2, 0x7)
r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/dlm-control\x00', 0x141800, 0x0)
r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000480)='fou\x00')
sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x24, r2, 0x300, 0x70bd26, 0x25dfdbfe, {}, [@FOU_ATTR_IPPROTO={0x5, 0x3, 0x88}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x20008000}, 0x400)
r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x808001, 0x0)
ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r3, 0x0)
ioctl$ASHMEM_SET_NAME(r3, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
fsetxattr$security_evm(r4, &(0x7f0000000240)='security.evm\x00', &(0x7f00000003c0)=ANY=[@ANYBLOB="6e393670d54e4650adcf4f78a7ae02"], 0x101, 0x0)

05:41:16 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:16 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
r5 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz', 0x0}, &(0x7f00000002c0)="585cc9e4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff01007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53dc9f2653d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4", 0xc0, 0xfffffffffffffffe)
r6 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000100)='\x00', 0x1, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f00000001c0)={r6, r5, r6}, &(0x7f0000000240)=""/112, 0x208, &(0x7f0000000580)={&(0x7f0000000500)={'crc32\x00'}})
keyctl$get_keyring_id(0x0, r5, 0x5)
bind$alg(r4, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
openat$cgroup_subtree(r2, &(0x7f00000000c0)='cgroup.subtree_control\x00', 0x2, 0x0)
fcntl$F_GET_FILE_RW_HINT(r4, 0x40d, &(0x7f0000000000))
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:41:16 executing program 3 (fault-call:0 fault-nth:84):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:41:16 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)

05:41:16 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x11, 0x2, 0x0)
bind(r2, &(0x7f0000000080)=@generic={0x11, "000001000000000008fc9d71fc00000000000000f8ffff002e0b3836005404b0d6301a4ce875f2e3ff5f163ee340b76795008000f8000000000104003c5811039e15775027ecce66fd792bbf0e5bf5ff9b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ff42c65400"}, 0x80)
getsockname$packet(r2, &(0x7f0000000040)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14}]}]}]}, 0x3c}}, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$sock_SIOCDELRT(r4, 0x890c, &(0x7f0000000900)={0x0, @sco, @can={0x1d, <r5=>0x0}, @hci={0x1f, 0x3, 0x1}, 0x3f, 0x0, 0x0, 0x0, 0x20, &(0x7f00000008c0)='macvlan0\x00', 0x200000000000000, 0xffff, 0x1f})
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@empty, 0x4000008, r5})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r7, r6, 0x0, 0x209)
r8 = socket$inet6(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r9=>0x0})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580)='batadv\x00')
sendmsg$BATADV_CMD_GET_DAT_CACHE(r10, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="e5fd", @ANYRES16=r11, @ANYBLOB="b7230000000000000000090000f008000300", @ANYRES32=r9, @ANYBLOB], 0x1c}}, 0x0)
sendmsg$BATADV_CMD_SET_VLAN(r6, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x3c, r11, 0x20, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xfffff801}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x7}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x4010010)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:16 executing program 2:
r0 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x20, 0x20000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00')
sendmsg$TIPC_NL_NAME_TABLE_GET(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000400)={0x14, r2, 0xc46dfc707e1df77d}, 0x14}}, 0x0)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x94, r2, 0x800, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x80, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1800}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x382}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x200}]}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x40000}, 0x4000059)
r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, &(0x7f0000000000))
ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r3, 0x0)
ioctl$ASHMEM_SET_NAME(r3, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1098.323793] FAULT_INJECTION: forcing a failure.
[ 1098.323793] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1098.335628] CPU: 1 PID: 23905 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1098.343505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1098.352854] Call Trace:
[ 1098.355450]  dump_stack+0x142/0x197
[ 1098.359090]  should_fail.cold+0x10f/0x159
[ 1098.363241]  __alloc_pages_nodemask+0x1d6/0x7a0
[ 1098.367904]  ? fs_reclaim_acquire+0x20/0x20
[ 1098.372222]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1098.377249]  cache_grow_begin+0x80/0x400
[ 1098.381310]  kmem_cache_alloc_trace+0x6b2/0x790
[ 1098.386002]  btrfs_mount+0x1069/0x2b28
[ 1098.389890]  ? lock_downgrade+0x740/0x740
[ 1098.394032]  ? find_held_lock+0x35/0x130
[ 1098.398082]  ? pcpu_alloc+0x3af/0x1050
[ 1098.401976]  ? btrfs_remount+0x11f0/0x11f0
[ 1098.406208]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1098.414106]  ? __lockdep_init_map+0x10c/0x570
[ 1098.418675]  mount_fs+0x97/0x2a1
[ 1098.422057]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1098.426550]  ? find_held_lock+0x35/0x130
[ 1098.430603]  vfs_kern_mount+0x40/0x60
[ 1098.434398]  btrfs_mount+0x3ce/0x2b28
[ 1098.438187]  ? lock_downgrade+0x740/0x740
[ 1098.442322]  ? find_held_lock+0x35/0x130
[ 1098.446378]  ? pcpu_alloc+0x3af/0x1050
[ 1098.450265]  ? btrfs_remount+0x11f0/0x11f0
[ 1098.454495]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1098.459510]  ? __lockdep_init_map+0x10c/0x570
[ 1098.463994]  ? __lockdep_init_map+0x10c/0x570
[ 1098.468480]  mount_fs+0x97/0x2a1
[ 1098.471836]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1098.476322]  do_mount+0x417/0x27d0
[ 1098.479853]  ? copy_mount_string+0x40/0x40
[ 1098.484073]  ? copy_mount_options+0x18f/0x2f0
[ 1098.489145]  ? __sanitizer_cov_trace_pc+0x4e/0x60
[ 1098.493984]  ? copy_mount_options+0x1fe/0x2f0
[ 1098.498467]  SyS_mount+0xab/0x120
[ 1098.501906]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1098.505787]  do_syscall_64+0x1e8/0x640
[ 1098.509680]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1098.514532]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1098.519719] RIP: 0033:0x45ddea
[ 1098.522903] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1098.530607] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1098.537871] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1098.545133] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1098.552396] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1098.559659] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000054
05:41:17 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r2, r1, 0x0, 0x209)
ioctl$RTC_PIE_ON(r1, 0x7005)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:41:17 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x4001fc)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

05:41:17 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)
remap_file_pages(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x8, 0x2, 0x4000)

05:41:17 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:41:17 executing program 3 (fault-call:0 fault-nth:85):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:41:17 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbc, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
memfd_create(&(0x7f0000000040)='\x00', 0x0)
openat$userio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/userio\x00', 0x200000, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
dup3(r1, r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
write$USERIO_CMD_SET_PORT_TYPE(r3, &(0x7f00000000c0)={0x1, 0x7f}, 0x2)

[ 1098.807597] FAULT_INJECTION: forcing a failure.
[ 1098.807597] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1098.819435] CPU: 0 PID: 23939 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1098.827321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1098.836674] Call Trace:
[ 1098.839275]  dump_stack+0x142/0x197
[ 1098.842920]  should_fail.cold+0x10f/0x159
[ 1098.847096]  __alloc_pages_nodemask+0x1d6/0x7a0
[ 1098.851780]  ? __alloc_pages_slowpath+0x2930/0x2930
[ 1098.856818]  cache_grow_begin+0x80/0x400
[ 1098.860894]  kmem_cache_alloc+0x6a6/0x780
[ 1098.865059]  getname_kernel+0x53/0x350
[ 1098.868965]  kern_path+0x20/0x40
[ 1098.872340]  lookup_bdev.part.0+0x63/0x160
[ 1098.876573]  ? blkdev_open+0x260/0x260
[ 1098.880454]  ? btrfs_read_dev_super+0x77/0xb0
[ 1098.884950]  blkdev_get_by_path+0x76/0xf0
[ 1098.889105]  btrfs_get_bdev_and_sb+0x38/0x2e0
[ 1098.893601]  __btrfs_open_devices+0x194/0xab0
[ 1098.898112]  ? find_device+0x100/0x100
[ 1098.901993]  ? btrfs_mount+0x1069/0x2b28
[ 1098.906055]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1098.911073]  btrfs_open_devices+0xa4/0xb0
[ 1098.915247]  btrfs_mount+0x11b4/0x2b28
[ 1098.919137]  ? lock_downgrade+0x740/0x740
[ 1098.923284]  ? find_held_lock+0x35/0x130
[ 1098.927350]  ? pcpu_alloc+0x3af/0x1050
[ 1098.931247]  ? btrfs_remount+0x11f0/0x11f0
[ 1098.935473]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1098.940492]  ? __lockdep_init_map+0x10c/0x570
[ 1098.944996]  mount_fs+0x97/0x2a1
[ 1098.948370]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1098.952868]  ? find_held_lock+0x35/0x130
[ 1098.956927]  vfs_kern_mount+0x40/0x60
[ 1098.960718]  btrfs_mount+0x3ce/0x2b28
[ 1098.964517]  ? lock_downgrade+0x740/0x740
[ 1098.968667]  ? find_held_lock+0x35/0x130
[ 1098.972726]  ? pcpu_alloc+0x3af/0x1050
[ 1098.976607]  ? btrfs_remount+0x11f0/0x11f0
[ 1098.980836]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1098.985867]  ? __lockdep_init_map+0x10c/0x570
[ 1098.990359]  ? __lockdep_init_map+0x10c/0x570
[ 1098.994845]  mount_fs+0x97/0x2a1
[ 1098.998201]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1099.002688]  do_mount+0x417/0x27d0
[ 1099.006224]  ? copy_mount_options+0x5c/0x2f0
[ 1099.010629]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1099.015644]  ? copy_mount_string+0x40/0x40
[ 1099.019889]  ? copy_mount_options+0x1fe/0x2f0
[ 1099.024394]  SyS_mount+0xab/0x120
[ 1099.027864]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1099.031750]  do_syscall_64+0x1e8/0x640
[ 1099.035629]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1099.040476]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1099.045651] RIP: 0033:0x45ddea
[ 1099.048836] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1099.056533] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1099.063794] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1099.071066] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1099.078319] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1099.085602] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000055
05:41:20 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:20 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem\x00', 0x400000, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
setsockopt$PNPIPE_INITSTATE(r0, 0x113, 0x4, &(0x7f0000000140), 0x4)
r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x8, 0xe618933ce441d7f3)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x1000000, 0x10010, r1, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r3, 0x0, 0x209)
ioctl$SG_GET_PACK_ID(r4, 0x227c, &(0x7f00000000c0))
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0)
sendfile(r5, r2, 0x0, 0x209)
ioctl$ASHMEM_SET_NAME(r5, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:41:20 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000100)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r3 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r3, r4, 0x0)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_control\x00', 0x2, 0x0)

05:41:20 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
r2 = accept4(r1, &(0x7f0000000180)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, &(0x7f0000000200)=0x80, 0x80000)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000380)='/dev/bsg\x00', 0x20000, 0x0)
ioctl$BLKFRASET(r3, 0x1264, &(0x7f00000003c0)=0x8001)
sendmsg$NFNL_MSG_ACCT_GET(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x70, 0x1, 0x7, 0x201, 0x0, 0x0, {0xc}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x1a46}, @NFACCT_FILTER={0x14, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x9}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x1}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x80}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0xfff}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x209)
ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000000)=0x1)
r4 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r5, r4, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r7, r6, 0x0, 0x209)
getsockopt$inet_mreq(r7, 0x0, 0x68, &(0x7f00000000c0)={@broadcast, @empty}, &(0x7f0000000140)=0x8)

05:41:20 executing program 3 (fault-call:0 fault-nth:86):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

05:41:20 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r0 = syz_open_dev$vivid(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x2)
io_submit(0x0, 0x2, &(0x7f0000000180)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x1}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3, 0x5, r0, &(0x7f0000000240)="683821e7ffe2016ab7c633276240cf0af56861f7d96fdcd3ea26a4c4534ff9d1de63f9a1014419fc34f9a426d706db920043a70a1a0a447368f99dc9cc8a64bed059ee9859784801657c87b4a38cff71fe02cd14a74e02a254b6debf85a1d17cb1a4753b55d01751ab906ad505605d8745433830420a4388a4586a6f52fc55e8f235947deee40543a7c7e064f108a7006b690d9285f54376316c338730a8407133a26965a4179785e5936f288112f35b63a13449afbf629c48fea4d641092367839ac7de91dc41f7128716dcb066512a9f4dbc0592f778c5bda31a07f7cd766d788dbe824765fd5aa4c10952f60d4f38cdf29f2f1a", 0xf5, 0x0, 0x0, 0x2}])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r1, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000000480)='./bus\x00', 0x210401, 0x82)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f00000004c0)={0x1, [<r4=>0x0]}, &(0x7f0000000500)=0x8)
getsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000540)={r4, 0x8}, &(0x7f0000000580)=0x8)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0x2, 0x2)
r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/self/net/pfkey\x00', 0x200000, 0x0)
connect$rxrpc(r6, &(0x7f0000000600)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e20, 0x7, @mcast2, 0x7}}, 0x24)
sendfile(r5, r2, 0x0, 0x209)
r7 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r8 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r8, r7, 0x0, 0x209)
ioctl$TUNSETNOCSUM(r8, 0x400454c8, 0x1)
ioctl$TIOCSSERIAL(r2, 0x541e, &(0x7f0000000400)={0x7ff, 0x1000, 0xff, 0xffffffff, 0x9, 0x10000, 0x7a5, 0xf47, 0xffff, 0x5, 0x20, 0x0, 0x815d, 0x5, &(0x7f0000000340)=""/167, 0x3, 0x1, 0x1})
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r1, 0x9, &(0x7f0000000640)=""/114)
tkill(r1, 0x3c)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

05:41:20 executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4000, 0x0)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0xffffff81, 0x6, 0x5, 0x1, "69d57bba7fcec6e793c2eea93134bfa4ed18a45a0ab4b17e55657e4f221c7edaf1eca816557052eac198dbf158048750c34a2b5e694dd5505c7e2f9cd2e2cd25", "20e22728f2310a2d8176197bc5da0fe6c9f76e39ed509aedc1d39c01b842ea20", [0x1f]})
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0)
ioctl$ASHMEM_SET_NAME(r1, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

[ 1101.659013] FAULT_INJECTION: forcing a failure.
[ 1101.659013] name failslab, interval 1, probability 0, space 0, times 0
05:41:20 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

[ 1101.700452] CPU: 1 PID: 23961 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1101.708372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1101.717727] Call Trace:
[ 1101.720321]  dump_stack+0x142/0x197
[ 1101.723961]  should_fail.cold+0x10f/0x159
[ 1101.728115]  should_failslab+0xdb/0x130
[ 1101.732090]  kmem_cache_alloc+0x2d7/0x780
[ 1101.736239]  ? add_to_page_cache_lru+0x159/0x310
[ 1101.740996]  ? add_to_page_cache_locked+0x40/0x40
[ 1101.745843]  alloc_buffer_head+0x24/0xe0
[ 1101.749994]  alloc_page_buffers+0xb7/0x200
[ 1101.754236]  __getblk_gfp+0x334/0x7b0
[ 1101.758030]  ? lru_add_drain_all+0x18/0x20
[ 1101.762246]  __bread_gfp+0x2e/0x290
[ 1101.765856]  btrfs_read_dev_one_super+0x9f/0x270
[ 1101.770600]  btrfs_read_dev_super+0x5d/0xb0
[ 1101.774909]  ? btrfs_read_dev_one_super+0x270/0x270
[ 1101.779915]  btrfs_get_bdev_and_sb+0xdc/0x2e0
[ 1101.784388]  __btrfs_open_devices+0x194/0xab0
[ 1101.788865]  ? check_preemption_disabled+0x3c/0x250
[ 1101.793866]  ? find_device+0x100/0x100
[ 1101.797734]  ? btrfs_mount+0x1069/0x2b28
[ 1101.801785]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1101.806797]  btrfs_open_devices+0xa4/0xb0
[ 1101.810927]  btrfs_mount+0x11b4/0x2b28
[ 1101.814919]  ? lock_downgrade+0x740/0x740
[ 1101.819054]  ? find_held_lock+0x35/0x130
[ 1101.823223]  ? pcpu_alloc+0x3af/0x1050
[ 1101.827228]  ? btrfs_remount+0x11f0/0x11f0
[ 1101.831449]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1101.836452]  ? __lockdep_init_map+0x10c/0x570
[ 1101.840930]  mount_fs+0x97/0x2a1
[ 1101.844339]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1101.848830]  ? find_held_lock+0x35/0x130
[ 1101.852881]  vfs_kern_mount+0x40/0x60
[ 1101.856665]  btrfs_mount+0x3ce/0x2b28
[ 1101.860460]  ? lock_downgrade+0x740/0x740
[ 1101.864595]  ? find_held_lock+0x35/0x130
[ 1101.868656]  ? pcpu_alloc+0x3af/0x1050
[ 1101.872530]  ? btrfs_remount+0x11f0/0x11f0
[ 1101.876769]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1101.881777]  ? __lockdep_init_map+0x10c/0x570
[ 1101.886354]  ? __lockdep_init_map+0x10c/0x570
[ 1101.891424]  mount_fs+0x97/0x2a1
[ 1101.894792]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1101.899271]  do_mount+0x417/0x27d0
[ 1101.902788]  ? copy_mount_options+0x5c/0x2f0
[ 1101.907177]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1101.912177]  ? copy_mount_string+0x40/0x40
[ 1101.916411]  ? copy_mount_options+0x1fe/0x2f0
[ 1101.920937]  SyS_mount+0xab/0x120
[ 1101.924366]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1101.928229]  do_syscall_64+0x1e8/0x640
[ 1101.932094]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1101.936922]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1101.942094] RIP: 0033:0x45ddea
05:41:20 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x2cb)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r2, r3, 0x0)

[ 1101.945260] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1101.952945] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1101.960201] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1101.967460] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1101.974714] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1101.981961] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000056
05:41:20 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
accept$ax25(r1, &(0x7f0000000140)={{0x3, @null}, [@rose, @netrom, @netrom, @rose, @default, @rose, @null]}, &(0x7f00000001c0)=0x48)
r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r3, r2, 0x0, 0x209)
setsockopt$nfc_llcp_NFC_LLCP_RW(r3, 0x118, 0x0, &(0x7f0000000200)=0x8, 0x4)
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
sendfile(r4, r5, 0x0, 0x209)
r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm_plock\x00', 0x601, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r6, 0x0, 0x41, &(0x7f0000000080)={'security\x00', 0x2, [{}, {}]}, 0x48)
recvfrom$inet6(r2, &(0x7f0000000240), 0x0, 0x100, &(0x7f00000003c0)={0xa, 0x4e22, 0x100, @rand_addr="7eac361d9605f793e2e4a38385a86cc1", 0x8000}, 0x1c)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r4, 0x8983, &(0x7f0000000000)={0x8, 'team_slave_0\x00', {}, 0x7658})

05:41:20 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f00000000c0)])
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000040)={0x42, @time={0x8f3, 0x6}, 0x4, {0x5, 0x91}, 0x1f, 0x2})
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@loopback, 0x154})
ptrace$setopts(0x4206, r1, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r1, 0x3c)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
acct(&(0x7f0000000180)='./file0\x00')
r2 = syz_open_dev$vcsn(&(0x7f0000000240)='/dev/vcs#\x00', 0x81, 0x4500)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r4, r3, 0x0, 0x209)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r4, 0x84, 0x1b, &(0x7f0000000280)={<r5=>0x0, 0x1000, "7e8afbd1063a7238a4e0aff9ccde3d920fb94ddf7404ccee4ae23118ea85715fa71f8dfd1854b137cb60ec66aaf35a4b86ed236d2db357441938d9221b5283eab957a894a83e862521d6725c4d68148b77271479785022fc9b4ec1fda158dd902e4618ec5a2de4cd601635339d8627e53771b7e56c1d4efdb7aef7fe7d7153b6252f775667d5460213df51f05fe6338aedbda9f3e184db8c4f56ad839bba1cbe11ab5dc3aa30930e27b756a11dea1decd13b9cd3bec90b5d7837f2aa8b7da7b60b8385a3720786263ae73f785f2c1ff89f0575732ffbeb537bcb7674cc4950e6c5b4a74a2efceb820f307e825894fc5ce24a35c5f07879be208446f5fcef4dcb0228c26c81b710001c27fdb18c8a90bf3b08556f02f390516f4600811f2627fba8cc1584d1165b7ec59117c462ae5c5b4396b4f59fab20cc8044d7caba3a8eeaa46f77d971562f475ad2ec273a2bf80611e4a74dcf4d7835a9f1ad8b431dc8e40dbf3f2dc1607353b4eea7202c0ea79d0c17247af2fe5da48c60887ca21f0cfdc79ca6cb97a45fe16fd0bb5355ee1eea4b6394d8d69021e78be317277398e70cf05fe47c9e8dbcd23cbdd4d090f76573079ddb5c497b6bbc1e80adf3f8a5b464c43572afcf810148647f1b8877b73b6fd070e0fd19bbe6c86e0a08c221cdf2ef777fd51787e9b33e135b7ef3d093628e7f691cdee39ac30188d21c2821693c7177f4e442a8db1cfa0444e3fc07f6da5b67a8c04a81e697103f5a80e67e07d08d16c505058a2228c6bc3b32770c46a417c3b9763de1a998bae1b3602ede3a71be446040febce355f3d8483d9d48dd31c3d400f23c88f1ce7f6d24dde69cce6577910db6ad8741851c1658ea7a6980b0d89e5b9fb3328d4fbe36e50691a69e6d4fbc9a143dcfa436280479c73270fc6b93ebeb09d37eefe8781949f3d6a5d9d8d742f4f73c165cb543befd3f648f87245e3404d95ccdc1895820fdba75286d8794b91f89358a2e49cbd254b34a791f8bebd57b1bdfcc1d7fb9f65c7d99faca6d609f47c747d35fbef9a8c0fa68a85458e0ad2072b79b63750394c1df1aaeec51743adc2dc60e76a8eab8de7339123f550dac14c7a20cb4399431f6ee6e79aface6dfed4c3251070dd1f77ed3e0139dff70928c3934017576a39133afffc15d2d6acb6b03a43acc2ba8ea5f36b9c3da9653097926317736a176781f3d3a8d96a834ec976d73f399f1eaa76ad56a702d8ea07fe77cb8a11893f56316da0aa0917c58a5b4df70ca8e0b144f4daa693f03fab1e67090b3e9f071b66ddc44816dfee7100263c47a2aad37434a06702e029de0eabcea42c7898e925f346b898382586c311e74329abd40153d46c81ee784d00a94abde9a7c33e8d3d52c5ad1556a861d52887c47b2842cfeef8ab2b0d38718b5b9c4331f9ed7f54649ddbfe86e008f614840919d10445735b2c068916f11135f5912153977427933c76b65d26bdfc6a319421fc497240efc9e134d7f6526b51f7d57bfea65ee38d07cdcff40f5ae068c77ef68a3c11eb5b48aff10277f9223ecacd3e849e63ffdceb37a07885822ff4c0e47edbcce0c9430a6ba5b1b453067f20fdcade1ee5a8ba931442851537141baa46685ed07dbc9de4f30958de65145a93f111bf1c1196348edc7af7b88a3b0c13e11276f4d973fe349feaa798c5f9fc2bc11f59f4d6bf82da46728ec0dfc671472f87298c9090eaba8b81fe5f30432300b8dbd2864270cff4c234d59c586f220c62ec01b69216a11d74ef38d4152d61a083e914fc6a16da418387d8955ad60f0f8aebc6f35fb8d3805471c2477f625ee964d19ed6ad2ceb056b07bdebadc99a719799c4ac4a58b45051c1fb04c8b6ab279955dff90b4a3c8f3fb91e679309416bec41e07bec5ac32783cd767e94906e73998611f3e2494b8484bde2ad56ce498268900ae575de8e88692ed419b97770cf9220f90c9824628629ca9ca95f4dd4dd1fd28e033f6685da0af180864f171b14c30a0baee7d516d7083e0954e447eaf75aa14c02b8d450b334cfd693e633a03cab83758e78438b55c683ce5072207d3af537e6993e65de3d40e3d925d3a8a089459742b39e29c040ebe92298685808ad6bf6d2ef2f233214e9acdb799c880a30737bf74055992207eb39274fb3f3ae61d6b020c7a74d9b0ef1ea8ab8bf38d4aace2f084f8c48eed6d70d19fa6d062570d0b7fb3ababe70cf71ece63628be62d53f813187ead79617160ed751bd3a8bd3af5dc1083bcb39252a5ab656e92e64ddaf1e4bddeb40cf60f3724456878ab4f27ca36726396594678b1dc4d3ce8cc3eaa3bc377f1d190b054ec655921623b914f18e6a6b4d87fe43cb01c0ff14b135aa491e78ece6bc6e43aa0f00db66b7de8a0b4d361d8a331db6c80aa5f2772302b825df3fbff295bf9853bd5558b3eaf484bb87506657bb4de70b88481156e1517af5c356dc41f8f8e28fc6091039ef42e6f19467c0602c0ec34a44c797bcb2ebf9cf1b12e48563b20e9fe16555a4a89bfb42ea70c0b443ddc1f292d1fd49b02f6f7130a4f7872a17d18170ab5a7f307ff421f7aba8d077036a68c56c4a3d9016ee4ca33e4dbb8aa332f457894e954acad5c13147d3ae8be50b065ee2ec7f1edb0fbcc45a3b2f061cbcad02e0012ce82defc976019b96cec113e2b5b9c3b8d67429d41b8a1443146aff6f38f9729d590e5b74686871d7d1695cc739db2e48b14b426ac17775b57a173dfce97963f8561d11fc398a6537a9d3e211108d957bd52b78102d312866c5c79264bab7fcc0c0a57b4830c4b58e812e28b737c70ed034aa86b5a483f89aba4177b19821a76f2bce614d83c68632c7c303e4005c5827550405f0fd335f95870306f14399bbef97ba36ab1b2ddbb8d616e6ce76755b8954e5478ec868e9043f999445c0e3442db6eb14a767c9e36d555768c56aa68ef32fb9c59b74ab39d290c7ef538b6dd492464d72d51f926d70ed9f8cefcfc115c6af7b3e41b8719d6cc093d0443dae96e02d70b1bfed8bf178ba150e9737bbaf3a0192ec0ed1b59de475959820fcb026c9ee5744d1df5644c2c3d3dcec557f2221003e3ddca5f053496de88f6bae8b8858c494ea903bc9b340feaf3188b33052826d33cc30381775a5f71ac7646577152020d7982b87437a8e0b2d42a0398e868984ab59378fbfd1de99866cff1cc9dd2289499c15201fd180890e0c898287366894d6077fc660ad32a11b6d12e4dbc30005ef1f53371abd92a34dcb11a74610eee24fd015eacb1061786e7aa423df39368de990cedf3eb0945226951c9de24a357f31e0e7fe340bdc5647e73ece7ae06e4606ab59f3351b65d16412342b231a978e400c8df7f417c132fc2f7e452575ce52aace18c28925d14a929673262ae8471f8cf1e264e5032b808b967f42923aefba05c4e3ba8a8614e7effe6d8d36fdb6d0dc93f8001d01cf6606c8246594047cebd5ff7f24799edf3e78eeee4e9b0a9733c451aefa66e8b96dbb4c3478c46d4aa04cfd4231d3ae34770afd8d2e292ffb945aabb3b59b968ee90a9c8ba9ac2bef97e02fb19ff197a337f65da6ca3b029e6ddbb46d9ca5d54b97c70ae5f2e68f9c75b6c2410a3b985716832c8d908a57982b8dff3c945f71835a45a275d99406e1946d9810daa059a19f9125a27b22af7dd114af4552d7c97ad5d9e83d4e454175f3e08f64ae7466d3af6a2be78b26a235724c07a89d52da9268e85555ddd702b241b4eb17bbc3bcedd829ca95f390aecaa3aa299671ab9d656aded867667a58af32342459ac48426882f950f115c1855a998f91398ef45d26dcd73389cb61d933f453a1a38a6d9dff5ef2e697e58b5ab3f81a27a7f0b1e66f731ecd2c9ce57b2817e5743f3aebdfa2ce6c4283f027fe7edd9c5bdef7dfb813da0f2bea3d44f31e42e92c7b09fa5e5a62c5e6e1fadbdd2c1dc5bcc5b1e34b059bc751fc324283d733587be0374ff6c3fac95fbe265568ecc041e70a587fd18f61ddf781f4b5aa886fc3a976700edd7cb09ce5ec04502d8b9ced9517d0bc7ee3280c80327c584538c77d29df6524585278e2636ac484ade65c0b5055d55bb707ef1c7d10c34e26a81481af3eb35ae57dd03409fcabeeb5f50221dad5e2dc35355c52cdee652cc72cb4446908c5324fff8c0ffb7649a0afc7d1131c128db824a8a06a282f6c063fdb6144d9947e9a5a3e8aef1b5ebce5f9577400e1a9a7a23ec0eb8e712bbd5b49bd5ec632ea31168320f20981e357753c9ab509d7d9244e07602e64eb95162b07b874927016698df4aff3c87cb9213b0bd3ead6d13c981bb9c4513aea5c760f48b9020d44d14f40c2897e8ab5a0873ce9c7ab850766472009547f470dc87293a01939cd8428de06b4489a5f5b15bb24a14ed30b875f02069dc6874d289f88304fb56bbcaf3519686fa6e975a35a6d8ee6b3047bdac6753a6fe01973d856414411239d2e4c6a816da2cd9b1baa0d9b1ae6522613be339e34de3fb382b9e390b2c04a629a32a5763c7dc4c67205390114aaa8415399bbd08ead25c9644d49cb9b26a3b86087ba96f49bd402dc41b3461e3bb22778fd76e7493cc326e044e935cf984b1c6f189d6d548006eaa62464bc6c25fd57885cb495ce8bfe0fda70e85da0246eced953842166a68a598f560166ab85a13815dc0f0ab6a4d1773752382b0a6f00279c8a6baa261b18c747c2dfe7d0c330d329b5359335a035984ba742860264f1bd1fc4324226c2d7b0c1cb0df071127db5959c7c08861a8e57c649986abe42e4380f8681596061008c6e3f236b656c5d8b28825118546dfb7e3b61d59cf1561a0b706c02166bfe6ab969220ebbba30d1657428a4da62fd149b82ad9eb345935615df8a3e426bb19edca96ece43ce3e6d37f7b21361e52f95c156a47181464d62156b32fed028e116182cdf01ce697172af18b66d064e0c8ae07fed14f16cc64033c6a7a0c1dcb70cf720ecf0c7fbc49a6ce7350b699289ec59b88499918398ea31c08121e6d5be180e0b50ba990d780581dafbd14c460f56f481aec2079676f6f611ba5aa954f53fb082960f1e1451e3010936220dd8f706973863703b319e21f70613e65c1666a24f1a2efec7b29d19fb84f8e8805986f14c9c56d138f829871035abf609fd361e56c47f7ac366823dcb194c1ead0334b23b76cab522a41e6e6ac009c191eaedec7633dbf91286b901af12e6b3322fb07da1b73194a25bd37aaef9acf6ab9eab9773f69858c3648476619d3e9c44e02238dbf548f6fe8373aa19d72cdb7bc19c091b74a1020077f951ddf031a8294008fa89e0832055df8d1e90fb7337cab90b97969a8d783fe7beec53f20a35e5a00c7a9fb1048da398362734af9cab47d767505e5ee185ae3c2bda4dcb8c51b0940b878c4b451c55bfb12066099592c5d82a02234634e4e033489e6fe3989193e6281c20057bcbceb66f6e522996a3769defe1accbad2fdc612ef5aa53caa9a4d804767cc0028caeec115bf34f192a4f26e3e070a2adcd7cbea961acfc44b6bcaecebd45a90c9a753276b9ca4574f644c82bfc09fe46a285e5d4f19810059d07422076282d7661fb87786611635538d9f4f7713f6cc52215b4d989003b65a58cc61d035dbd9f03170658bc75e82e880ca5e0aea71b18a45c5ad10ed29c28453fe9cd0a448d4a4e03668204d23a02481427aab253bbff4eda86b0f292b9a05daac7cda72a343940bdc33dd4cbee205ca1a74ed923fe7f484bd1f56e1ef6b30e90677d38b702d072dbfb9e413570ca6"}, &(0x7f00000012c0)=0x1008)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r2, 0x84, 0x78, &(0x7f0000001300)=r5, 0x4)
ptrace$cont(0x9, 0x0, 0x0, 0x0)

05:41:20 executing program 3 (fault-call:0 fault-nth:87):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[ 1102.196915] FAULT_INJECTION: forcing a failure.
[ 1102.196915] name failslab, interval 1, probability 0, space 0, times 0
[ 1102.211652] CPU: 1 PID: 24005 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1102.219649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1102.229022] Call Trace:
[ 1102.231614]  dump_stack+0x142/0x197
[ 1102.235236]  should_fail.cold+0x10f/0x159
[ 1102.239375]  should_failslab+0xdb/0x130
[ 1102.243342]  kmem_cache_alloc+0x2d7/0x780
[ 1102.247473]  ? out_of_line_wait_on_bit+0xba/0xd0
[ 1102.252212]  ? __wait_on_bit+0x130/0x130
[ 1102.256256]  getname_kernel+0x53/0x350
[ 1102.260133]  kern_path+0x20/0x40
[ 1102.263482]  lookup_bdev.part.0+0x63/0x160
[ 1102.267699]  ? blkdev_open+0x260/0x260
[ 1102.271568]  ? btrfs_read_dev_super+0x77/0xb0
[ 1102.276100]  blkdev_get_by_path+0x76/0xf0
[ 1102.280234]  btrfs_get_bdev_and_sb+0x38/0x2e0
[ 1102.284761]  __btrfs_open_devices+0x194/0xab0
[ 1102.289248]  ? find_device+0x100/0x100
[ 1102.293122]  ? btrfs_mount+0x1069/0x2b28
[ 1102.297161]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1102.302160]  btrfs_open_devices+0xa4/0xb0
[ 1102.306286]  btrfs_mount+0x11b4/0x2b28
[ 1102.310155]  ? lock_downgrade+0x740/0x740
[ 1102.314285]  ? find_held_lock+0x35/0x130
[ 1102.318329]  ? pcpu_alloc+0x3af/0x1050
[ 1102.322202]  ? btrfs_remount+0x11f0/0x11f0
[ 1102.326419]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1102.331433]  ? __lockdep_init_map+0x10c/0x570
[ 1102.335915]  mount_fs+0x97/0x2a1
[ 1102.339264]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1102.343830]  ? find_held_lock+0x35/0x130
[ 1102.347880]  vfs_kern_mount+0x40/0x60
[ 1102.351677]  btrfs_mount+0x3ce/0x2b28
[ 1102.355470]  ? lock_downgrade+0x740/0x740
[ 1102.359599]  ? find_held_lock+0x35/0x130
[ 1102.363685]  ? pcpu_alloc+0x3af/0x1050
[ 1102.367558]  ? btrfs_remount+0x11f0/0x11f0
[ 1102.371832]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1102.376837]  ? __lockdep_init_map+0x10c/0x570
[ 1102.381354]  ? __lockdep_init_map+0x10c/0x570
[ 1102.385847]  mount_fs+0x97/0x2a1
[ 1102.389215]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1102.393734]  do_mount+0x417/0x27d0
[ 1102.397283]  ? copy_mount_options+0x5c/0x2f0
[ 1102.401671]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1102.406672]  ? copy_mount_string+0x40/0x40
[ 1102.410890]  ? copy_mount_options+0x1fe/0x2f0
[ 1102.415369]  SyS_mount+0xab/0x120
[ 1102.418803]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1102.422673]  do_syscall_64+0x1e8/0x640
[ 1102.426540]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1102.431366]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1102.436533] RIP: 0033:0x45ddea
[ 1102.439736] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1102.447470] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1102.454731] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1102.461996] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1102.469252] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1102.476543] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000057
05:41:23 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:23 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x200, 0x0)
ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f0000000140))
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = fcntl$dupfd(r0, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = socket$alg(0x26, 0x5, 0x0)
getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000000), &(0x7f00000000c0)=0x4)
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r7, r6, 0x0, 0x209)
ioctl$DRM_IOCTL_GET_MAP(r7, 0xc0286404, &(0x7f00000001c0)={&(0x7f0000ff9000/0x4000)=nil, 0x3, 0x3, 0x85, &(0x7f0000ff9000/0x4000)=nil, 0x20})
r8 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r8, r5, 0x0, 0x209)
write$selinux_load(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="8cff7cf9080000005345204c69697578ecda4997f344facaf30994e5d155c792e126a9858e3afcb9ee9a0646bc7f79ad7482ede558642c3943bfff6e5524dcdf6a92ddbeb01fcf063ec1b7643f3a298759475696455d336ea579b063aa4b3b2ec593a6c94f1353b0142428a95ac1e14e5c190426b87f706ab4c388ae139ea71765b5fbcde5523ff81604ea2e3dcbe9f4aa000a14c8a921d180f0dd256b89ed9caf68ca82d10050b9da2ec6bb12d075639cfcac4a4c5333f1c45ea1c2429bbbed5d5954023749dbba99e80c845deeba1bd9d8ceda24f8688f2535d6cb999c02e1c5396c30884896978cbaa8c352a4265d932149b999353335f70cdb5089184481aaec1c2c025299bfaa19c6dcc12bd46b860309cd43547d2a390f5f349deba981aea278982e73b1b6d94ff6e5c08d06fe9a69b3f95a69ce58173fbf55ae0a07e7e42b3cf2e0507d0307991cc2472f75c5772750809b62876d081ee8dc6ab3c76b94faf11380a83a3617000000000000"], 0x2d)
bind$alg(r4, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
dup3(r3, r4, 0x0)

05:41:23 executing program 0:
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000400)='/dev/qat_adf_ctl\x00', 0xa4000, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000440)={&(0x7f0000ffc000/0x2000)=nil, 0x2000}, &(0x7f0000000480)=0x10)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xd}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r2 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
fallocate(r1, 0x7, 0x7, 0x3)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000001c0), &(0x7f0000000240)=0x4)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000140)=""/120, 0x78}, {&(0x7f0000000600)=""/217, 0xd9}, {&(0x7f00000002c0)=""/109, 0x6d}], 0x3, 0x6)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(xtea-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="0a0775e5b3e4ddbfcb54dbb700000000", 0x10)
ioctl$sock_TIOCOUTQ(r5, 0x5411, &(0x7f00000004c0))
sendfile(r4, r3, 0x0, 0x209)
getsockname$l2tp(r3, &(0x7f0000000000)={0x2, 0x0, @initdev}, &(0x7f00000000c0)=0x10)
getsockname$netlink(r3, &(0x7f0000000380), &(0x7f00000003c0)=0xc)
r6 = shmget$private(0x0, 0x1000, 0x54001800, &(0x7f0000fff000/0x1000)=nil)
shmat(r6, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffffff)
open$dir(&(0x7f0000000280)='./bus\x00', 0x40400, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r8 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r8, r7, 0x0, 0x209)
ioctl$KVM_SET_GUEST_DEBUG(r7, 0x4048ae9b, &(0x7f0000000500)={0x90000, 0x0, [0x8, 0x4, 0x6, 0x6, 0x100000000, 0xf59, 0xff, 0x2]})
shmat(r6, &(0x7f0000ffe000/0x1000)=nil, 0x4000)
shmat(r6, &(0x7f0000ffc000/0x3000)=nil, 0x7000)
r9 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r3, 0x6612)
r10 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendfile(r10, r9, 0x0, 0x209)
ioctl$VFIO_CHECK_EXTENSION(r10, 0x3b65, 0x1)
dup3(r2, 0xffffffffffffffff, 0x0)

05:41:23 executing program 2:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="0300000092dcceae73e826356cb62f8f39248907f7f02c59a2ec85a8863a5d8fcc09000000e2828c1dac9bfb6c22a8ec390200020084db461e213e29f3232f06f88b18737d57cf8ed5bd78ba59506cfb943c46d2ddf2163b65f306399198a3d1802290fbb0ad48079043a39af10f8deff7fa1e97a648714d585b60df153aee273f0ce966c913392476f2072ece6c6af2805f0a7e7e6336ddbe04000000a1cdaa2beb3b28baa4e245e933544c4d60e08593861d0a0242759042e346da591e3713b184484a14029e1a32edceb0442c91c4c52bd233f36d7800d93bdb2624d5b1d4e3575c59ca4036914794f55520e1cad692fffd6b65ade7fa99744cf8", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000000080)=0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
sendmsg$nl_route(r1, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)=@getrule={0x14, 0x22, 0x300, 0x70bd27, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x35)
sendfile(r2, r1, 0x0, 0x209)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r5 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x800)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000540)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2, 0x4, 0x4, 0x0, 0xffffffff})
sendfile(r4, r3, 0x0, 0x209)
openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x10040, 0x0)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x400, 0x0)
openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/checkreqprot\x00', 0x400000, 0x0)
ioctl$RTC_AIE_OFF(r2, 0x7002)
r6 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r6, 0x40087703, 0x200)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r6, 0x0)
ioctl$ASHMEM_SET_NAME(r6, 0x40087708, &(0x7f0000000280)='\x00\x00\x00\x01\x00\x00\x00\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\xee\xba\x064\xb2\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\xda\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x1f\x00\x00\x00\x00\x00\x00\x00\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17yn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93\r\x99\xbe\x18\xe3c\x8dn\xce\x10\xfc\x97\x85).(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafDd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\x90\x9e}\x89\xff\x8c\xcf\xfd\xffMp\xdc\x9e\xad\x9aj\x99\xd5\xc1\x8f\xb5S\xcb\rA\xc5\xc2\x16\x95\x9f\xa8\xc8\x86\v-\xb4\xb5c\x94\xc6\xca\x9b\xee\x02I:\x98SF\x82\xac\x0e~~\x15\fn\xe2X\xe3%\xc7\x04q\x87\x8d\xe6\xee\xc0\x82w\xa9rX\v\x1f9\xcc-&8\x06W\x83\xa9\xca\xa5\xba\x7f\xae\xe4\xea')

05:41:23 executing program 3 (fault-call:0 fault-nth:88):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0)

[ 1104.670905] audit: type=1800 audit(2844654083.123:132): pid=24019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=131076 res=0
[ 1104.702357] FAULT_INJECTION: forcing a failure.
[ 1104.702357] name failslab, interval 1, probability 0, space 0, times 0
[ 1104.714323] CPU: 0 PID: 24021 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1104.722216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1104.731561] Call Trace:
[ 1104.734134]  dump_stack+0x142/0x197
[ 1104.737764]  should_fail.cold+0x10f/0x159
[ 1104.741919]  should_failslab+0xdb/0x130
[ 1104.745880]  kmem_cache_alloc_trace+0x2e9/0x790
[ 1104.750529]  ? mutex_trylock+0x1c0/0x1c0
[ 1104.754716]  ? btrfs_close_devices+0x21/0x140
[ 1104.759223]  btrfs_alloc_device+0xa4/0x6a0
[ 1104.763445]  ? btrfs_find_device_by_devspec+0xf0/0xf0
[ 1104.768630]  __btrfs_close_devices+0x2c6/0xa90
[ 1104.773310]  ? __mutex_unlock_slowpath+0x71/0x800
[ 1104.778147]  ? btrfs_alloc_device+0x6a0/0x6a0
[ 1104.782637]  btrfs_close_devices+0x29/0x140
[ 1104.786950]  btrfs_mount+0x1fd9/0x2b28
[ 1104.790826]  ? lock_downgrade+0x740/0x740
[ 1104.794958]  ? find_held_lock+0x35/0x130
[ 1104.799128]  ? pcpu_alloc+0x3af/0x1050
[ 1104.803003]  ? btrfs_remount+0x11f0/0x11f0
[ 1104.807232]  ? check_preemption_disabled+0x3c/0x250
[ 1104.812234]  ? retint_kernel+0x2d/0x2d
[ 1104.816118]  ? debug_check_no_locks_freed+0x36/0x290
[ 1104.821210]  ? __lockdep_init_map+0x10c/0x570
[ 1104.825691]  mount_fs+0x97/0x2a1
[ 1104.829038]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1104.833520]  ? find_held_lock+0x35/0x130
[ 1104.837585]  vfs_kern_mount+0x40/0x60
[ 1104.841410]  btrfs_mount+0x3ce/0x2b28
[ 1104.845194]  ? lock_downgrade+0x740/0x740
[ 1104.849322]  ? find_held_lock+0x35/0x130
[ 1104.853370]  ? pcpu_alloc+0x3af/0x1050
[ 1104.857262]  ? btrfs_remount+0x11f0/0x11f0
[ 1104.861489]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1104.866501]  ? __lockdep_init_map+0x10c/0x570
[ 1104.870984]  ? __lockdep_init_map+0x10c/0x570
[ 1104.875462]  mount_fs+0x97/0x2a1
[ 1104.878827]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1104.883328]  do_mount+0x417/0x27d0
[ 1104.886866]  ? copy_mount_options+0x5c/0x2f0
[ 1104.891262]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1104.896263]  ? copy_mount_string+0x40/0x40
[ 1104.900483]  ? copy_mount_options+0x1fe/0x2f0
[ 1104.904959]  SyS_mount+0xab/0x120
[ 1104.908391]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1104.912266]  do_syscall_64+0x1e8/0x640
[ 1104.916140]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1104.920975]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1104.926147] RIP: 0033:0x45ddea
[ 1104.929328] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1104.937020] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1104.944276] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1104.951523] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1104.958787] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
05:41:23 executing program 4:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000140)="0f34", 0x2}], 0x1, 0x0)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@local, 0x15})
ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x373}, {&(0x7f00000001c0)=""/57}], 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

05:41:23 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xd9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000040)='\x00', 0x0)
dup3(r1, r0, 0x0)
ioctl$sock_inet_SIOCGIFADDR(0xffffffffffffffff, 0x8915, &(0x7f0000000000)={'veth1_vlan\x00', {0x2, 0x4e23, @multicast1}})

[ 1104.966041] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000058
[ 1104.975297] ------------[ cut here ]------------
[ 1104.980067] kernel BUG at fs/btrfs/volumes.c:890!
[ 1104.985913] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 1104.991285] Modules linked in:
[ 1104.994476] CPU: 0 PID: 24021 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0
[ 1105.002343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1105.011706] task: ffff888053f3e0c0 task.stack: ffff8880595c8000
[ 1105.017751] RIP: 0010:__btrfs_close_devices+0x7d8/0xa90
[ 1105.023091] RSP: 0018:ffff8880595cf700 EFLAGS: 00010246
[ 1105.028434] RAX: 0000000000040000 RBX: ffff88809fadcd80 RCX: ffffc9000ca6e000
[ 1105.035682] RDX: 0000000000040000 RSI: ffffffff829a33a8 RDI: 0000000000000286
[ 1105.042934] RBP: ffff8880595cf7c8 R08: ffff888053f3e0c0 R09: ffff888053f3e988
[ 1105.050182] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880959dba80
[ 1105.057428] R13: ffff88809fadce48 R14: fffffffffffffff4 R15: dffffc0000000000
[ 1105.064679] FS:  00007fc1a18e7700(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000
[ 1105.072879] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1105.078765] CR2: 0000000020000044 CR3: 00000000960cf000 CR4: 00000000001426f0
[ 1105.086055] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1105.093301] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1105.100548] Call Trace:
[ 1105.103118]  ? __mutex_unlock_slowpath+0x71/0x800
[ 1105.107943]  ? btrfs_alloc_device+0x6a0/0x6a0
[ 1105.112425]  btrfs_close_devices+0x29/0x140
[ 1105.116751]  btrfs_mount+0x1fd9/0x2b28
[ 1105.120626]  ? lock_downgrade+0x740/0x740
[ 1105.124752]  ? find_held_lock+0x35/0x130
[ 1105.128792]  ? pcpu_alloc+0x3af/0x1050
[ 1105.132660]  ? btrfs_remount+0x11f0/0x11f0
[ 1105.136883]  ? check_preemption_disabled+0x3c/0x250
[ 1105.141883]  ? retint_kernel+0x2d/0x2d
[ 1105.145753]  ? debug_check_no_locks_freed+0x36/0x290
[ 1105.150867]  ? __lockdep_init_map+0x10c/0x570
[ 1105.155343]  mount_fs+0x97/0x2a1
[ 1105.158690]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1105.163163]  ? find_held_lock+0x35/0x130
[ 1105.167204]  vfs_kern_mount+0x40/0x60
[ 1105.170987]  btrfs_mount+0x3ce/0x2b28
[ 1105.174795]  ? lock_downgrade+0x740/0x740
[ 1105.178919]  ? find_held_lock+0x35/0x130
[ 1105.182958]  ? pcpu_alloc+0x3af/0x1050
[ 1105.186831]  ? btrfs_remount+0x11f0/0x11f0
[ 1105.191049]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1105.196043]  ? __lockdep_init_map+0x10c/0x570
[ 1105.200514]  ? __lockdep_init_map+0x10c/0x570
[ 1105.204987]  mount_fs+0x97/0x2a1
[ 1105.208332]  vfs_kern_mount.part.0+0x5e/0x3d0
[ 1105.212804]  do_mount+0x417/0x27d0
[ 1105.216328]  ? copy_mount_options+0x5c/0x2f0
[ 1105.220724]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1105.225717]  ? copy_mount_string+0x40/0x40
[ 1105.229937]  ? copy_mount_options+0x1fe/0x2f0
[ 1105.234421]  SyS_mount+0xab/0x120
[ 1105.237892]  ? copy_mnt_ns+0x8c0/0x8c0
[ 1105.241766]  do_syscall_64+0x1e8/0x640
[ 1105.245678]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1105.250509]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1105.255690] RIP: 0033:0x45ddea
[ 1105.258864] RSP: 002b:00007fc1a18e6a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 1105.266566] RAX: ffffffffffffffda RBX: 00007fc1a18e76d4 RCX: 000000000045ddea
[ 1105.273824] RDX: 00007fc1a18e6ae0 RSI: 00000000200001c0 RDI: 00007fc1a18e6b00
[ 1105.281075] RBP: 000000000075bf20 R08: 00007fc1a18e6b40 R09: 00007fc1a18e6ae0
[ 1105.288326] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 1105.295581] R13: 0000000000000ba0 R14: 00000000004cc763 R15: 0000000000000058
[ 1105.302871] Code: c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 59 02 00 00 48 8b 45 80 c7 80 10 01 00 00 00 00 00 00 e9 e2 f8 ff ff e8 08 e1 c2 fe <0f> 0b e8 01 e1 c2 fe 0f 0b 48 89 f7 e8 d7 70 ed fe e9 ad f8 ff 
[ 1105.321966] RIP: __btrfs_close_devices+0x7d8/0xa90 RSP: ffff8880595cf700
[ 1105.329938] ---[ end trace badf2562e827e7c2 ]---
[ 1105.335125] Kernel panic - not syncing: Fatal exception
[ 1105.341585] Kernel Offset: disabled
[ 1105.345200] Rebooting in 86400 seconds..